TWI581590B - Real - time traffic collection and analysis system and method - Google Patents

Real - time traffic collection and analysis system and method Download PDF

Info

Publication number
TWI581590B
TWI581590B TW104121596A TW104121596A TWI581590B TW I581590 B TWI581590 B TW I581590B TW 104121596 A TW104121596 A TW 104121596A TW 104121596 A TW104121596 A TW 104121596A TW I581590 B TWI581590 B TW I581590B
Authority
TW
Taiwan
Prior art keywords
traffic
module
network
collection
packet
Prior art date
Application number
TW104121596A
Other languages
Chinese (zh)
Other versions
TW201703461A (en
Inventor
Yu Chieh Chou
Yu Huang Chu
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW104121596A priority Critical patent/TWI581590B/en
Publication of TW201703461A publication Critical patent/TW201703461A/en
Application granted granted Critical
Publication of TWI581590B publication Critical patent/TWI581590B/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Description

即時訊務量蒐集與分析系統及方法 Instant traffic collection and analysis system and method

本發明有關於一種寬頻網路訊務蒐集及分析的系統及方法,特別是有關於一種由軟體定義網路技術透過網路控制器與可程式化的網路交換器達到即時的訊務蒐集與分析方法。 The invention relates to a system and a method for collecting and analyzing broadband network traffic, in particular to a software-defined network technology for real-time traffic collection through a network controller and a programmable network switch. Analytical method.

針對傳統網路管理的訊務蒐集監測以及分析方法,目前多為透過其他的網路設備(如網路封包探頭、網路訊務監測設備等)來達到訊務蒐集方式,並透過此網路設備進行預先的封包分類或者過濾後提供給訊務分析軟體(例如netflow等)。 For the traditional network management of traffic collection monitoring and analysis methods, currently through other network devices (such as network packet probes, network traffic monitoring devices, etc.) to achieve traffic collection methods, and through this network The device performs pre-packet classification or filtering and provides it to the traffic analysis software (such as netflow, etc.).

在一種透過其他網路設備進行訊務蒐集的情境中,網路設備蒐集訊務資訊可透過包括利用網路交換器進行訊務鏡射的方式獲得,或者是將訊務封包預先分類及過濾的方法植入網路交換器中,減少訊務蒐集設備接收到過多不必要的資料,通常在訊務鏡射模式下,網路交換器會損耗效能,不僅無法得到精確的訊務封包數據,也會影響正常封包派送的行為,而網路設備進行訊務蒐集時也將獲得許多不需要的資訊。另外一種是將訊務蒐集的方法植入網路交換器中的情境中,通常無法進行太複雜的預先訊務封包分類或過濾,適 用性因此而限制,網路交換器也因植入訊務封包分類及過濾功能導致硬體需求跟著提昇,增加網路交換器的成本,而一般此類訊務蒐集方法也因取樣間隔過長,導致取得之訊務資訊無法呈現精確的資料,導致分析結果無法反映出訊務的細節資訊,例如突波之影響。 In a scenario where traffic is collected through other network devices, the network device collects traffic information by using a network switch to perform traffic mirroring, or pre-classifying and filtering the traffic packets. The method is implanted into the network switch to reduce the excessive amount of unnecessary data received by the traffic collecting device. Generally, in the traffic mirroring mode, the network switch loses performance, and not only can not obtain accurate traffic packet data, but also It will affect the behavior of normal packet delivery, and the network device will get a lot of unwanted information when collecting traffic. The other is to embed the method of traffic collection into the network switch. It is usually impossible to classify or filter the pre-message packet. Due to the limitation of usability, the network switch also increases the hardware requirements due to the classification and filtering function of the traffic packet, and increases the cost of the network switch. Generally, the method for collecting such traffic is too long because the sampling interval is too long. As a result, the obtained traffic information cannot present accurate data, and the analysis results cannot reflect the details of the traffic, such as the impact of the glitch.

有鑒於傳統網路交換器無法有效取得即時的訊務資訊,經本案創作人進行思考研究與改良創新後,提出一種由軟體定義網路技術的透過網路控制器與可程式化的網路交換器達到即時的訊務蒐集與分析方法,提昇訊務蒐集的精確度,同時避免額外建制網路訊務偵測系統的成本。 In view of the fact that traditional network switches can not effectively obtain instant traffic information, after the creators of this case conducted research and improvement, they proposed a software-defined network technology exchanged with a programmable network through a network controller. The device achieves instant traffic collection and analysis methods to improve the accuracy of traffic collection while avoiding the cost of additional network traffic detection systems.

本發明提出一個透過軟體定義網路技術來達到網路訊務蒐集及分析的系統及方法,使網路的監控可達到即時監控訊務流量並提供精確的訊務資訊分析。 The present invention proposes a system and method for network traffic collection and analysis through software-defined network technology, so that network monitoring can achieve real-time monitoring of traffic traffic and provide accurate traffic information analysis.

一種即時訊務量蒐集與分析系統及方法,是可即時的從可程式化網路交換器上獲得訊務資訊。而可程式化的交換器屬於軟體定義網路的資料平面,其包括了基於流的訊務封包分類媒合方法及訊務量統計方法,基於流的訊務封包分類媒合方法除了媒合不同種類封包後進行傳送或修改封包外,也可作為要進行訊務蒐集的封包分類方法,分類方式包含媒體存取控制位址(Media Access Control,MAC)、虛擬區域網(Virtual Local Area Network,VLAN)、網際協議位址(Internet Protocol,IP)、網際協議位址封包中的欄位(Differentiated Services Code Point,DSCP)、傳輸控制協定(Transmission Control Protocol,TCP)等多種分類,而每一 種封包分類後都具備訊務量統計方法,訊務量統計方法可統計封包量、總流量、時間標籤等,如此可提昇訊務蒐集模組蒐集訊務資訊的效能。而軟體定義網路的控制平面包括有轉送訊務蒐集請求訊息及訊務資訊回傳訊息的控制器應用程式介面模組、訊務量蒐集模組及訊務分析模組,訊務蒐集模組定期的透過網路控制器的應用程式介面模組從訊務量統計模組獲得分類過的訊務資訊,並儲存於資料庫,而訊務分析模組藉由資料庫中的訊務資訊分析呈現出各種訊務種類的使用情形、異常行為等,以達到即時訊務量蒐集與分析。 An instant traffic collection and analysis system and method for instantly obtaining traffic information from a programmable network switch. The programmable switch belongs to the data plane of the software-defined network, and includes a flow-based traffic packet classification and mediation method and a traffic volume statistical method. The flow-based traffic packet classification and mediation method is different from the mediation method. After the packet is transmitted or modified, it can also be used as a packet classification method for collecting traffic. The classification includes Media Access Control (MAC) and Virtual Local Area Network (VLAN). ), the Internet Protocol (IP), the Differentiated Services Code Point (DSCP), and the Transmission Control Protocol (TCP), and each After the packet classification, the traffic statistics method is available. The traffic statistics method can count the packet amount, the total traffic, the time tag, etc., so as to improve the performance of the traffic collection module to collect the traffic information. The control plane of the software-defined network includes a controller application interface module for transmitting a traffic collection request message and a traffic information return message, a traffic collection module and a traffic analysis module, and a traffic collection module. Periodically obtain the classified traffic information from the traffic statistics module through the application interface module of the network controller and store it in the database, and the traffic analysis module analyzes the traffic information in the database. It shows the usage situation and abnormal behavior of various kinds of traffic types to achieve instant traffic collection and analysis.

本發明為一種即時訊務量蒐集與分析系統,包含有複數個可程式化網路交換器,係處理複數個封包,一網路控制器,該網路控制器透過管理網路與該可程式化網路交換器連接,並管理及監控該可程式化網路交換器,一即時訊務量蒐集與分析模組,該即時訊務量蒐集與分析模組連接至該網路控制器,並進行即時訊務蒐集和分析。 The present invention is an instant traffic collection and analysis system, comprising a plurality of programmable network switches, processing a plurality of packets, a network controller, the network controller and the programmable computer The network switch connects and manages and monitors the programmable network switch, an instant traffic collection and analysis module, and the instant traffic collection and analysis module is connected to the network controller, and Conduct real-time traffic collection and analysis.

其中該可程式化網路交換器包含一封包分類媒合模組,存有複數個分類媒合規則以媒合各該封包,一訊務統計模組,與該封包分類媒合模組連結並產生一訊務資訊,一資料平面網路介面模組,將各該封包轉發至資料平面網路,一控制平面網路介面模組,該封包分類媒合模組透過該控制平面網路介面模組向該網路控制器連接。 The programmable network switch includes a packet classification medium module, and a plurality of classification and matching rules are stored to match the respective packets, and a traffic statistics module is connected with the packet classification medium module. Generating a traffic information, a data plane network interface module, forwarding each packet to a data plane network, a control plane network interface module, and the packet classification media module is transmitted through the control plane network interface module The group is connected to the network controller.

其中該網路控制器包含有一應用程式介面模組,使應用程式可透過該應用程式介面模組對該網路控制器下達管理及監控該可程式化網路交換器的命令。 The network controller includes an application interface module, which enables the application to manage and monitor the command of the programmable network switch through the application interface module.

其中該即時訊務量蒐集與分析模組包含一訊務蒐集模組,透過該網路控制器即時蒐集該可程式化網路交換 器中的該訊務資訊,一資料庫模組,儲存蒐集來之該訊務資訊,以及一訊務分析模組,對資料庫模組儲存的該訊務資訊進行分析。 The instant messaging collection and analysis module includes a traffic collection module for instantly collecting the programmable network exchange through the network controller. The information in the device, a database module, storing the collected information, and a traffic analysis module, analyzing the information stored in the database module.

本發明之即時訊務量蒐集與分析系統更包含一即時訊務量蒐集與分析模組,對網路進行即時訊務蒐集以及分析,該即時訊務量蒐集與分析模組包含了一訊務蒐集模組可發出一訊務量資訊需求,透過該網路控制器即時蒐集該可程式化網路交換器的訊務資訊,一資料庫模組,儲存蒐集來之訊務資訊,以及一訊務分析模組,對資料庫模組儲存的訊務資訊進行分析。 The instant traffic collection and analysis system of the present invention further comprises an instant traffic collection and analysis module for real-time traffic collection and analysis of the network, the instant traffic collection and analysis module includes a traffic The collection module can issue a traffic information request, and the network controller can instantly collect the information of the programmable network switch, a database module, store the collected traffic information, and a message. The analysis module analyzes the information stored in the database module.

上述該網路控制器與該可程式化網路交換器可以是一對一或是一對多的連線關係,亦即一台該網路控制器連接一台或多台該可程式化交換器,而一台該可程式化交換器連接到一台該網路控制器。 The network controller and the programmable network switch may be in a one-to-one or one-to-many connection relationship, that is, one network controller is connected to one or more of the programmable exchanges. And one of the programmable switches is connected to one of the network controllers.

該封包分類媒合模組內存有分類媒合規則,而每個分類媒合規則可包含一個以上的封包分類設定以及至少一個封包處理動作,其中該封包分類設定係該封包分類媒合模組以網路第二層到第四層的標頭內容以及收到封包的實體連接埠編號對封包進行分類之依據,以及該封包處理動作係界定該封包分類媒合模組如何處理網路封包,這些處理動作包含轉發封包、丟棄封包、更改第二層到第四層的標頭內容等。 The packet classification media module has a classification and matching rule, and each classification and matching rule may include more than one packet classification setting and at least one packet processing action, wherein the packet classification setting is performed by the packet classification media module. The header content of the second layer to the fourth layer of the network and the entity connection number of the received packet, the basis for classifying the packet, and the packet processing action defines how the packet classification media module handles the network packet. The processing action includes forwarding the packet, discarding the packet, changing the header content of the second layer to the fourth layer, and the like.

其中該訊務統計模組具有一訊務統計設定以產生訊務資訊,該訊務統計設定統計的資料包含有媒合封包總量、媒合封包的訊務總流量以及分類媒合規則存在的總時間標籤;而該封包分類媒合模組每媒合一個封包則在該訊務統計模組中之該訊務統計設定對應之資料增加數量,而每一個 封包每次只媒合該封包分類媒合方法中的一筆分類媒合規則。 The traffic statistics module has a traffic statistics setting to generate traffic information, and the traffic statistics setting statistics include the total number of media packets, the total traffic of the media packets, and the classification rules. The total time label; and the packet classification media module adds a packet to the traffic statistics module in the traffic statistics module for each packet, and each of the data The packet only matches a classification and matching rule in the packet classification and matching method at a time.

上述該即時訊務蒐集模組進行包含下列之動作:把訊務量蒐集需求透過該網路控制器上的該應用程式介面模組定時傳遞到該可程式化網路交換器上獲取訊務資訊,向該可程式化網路交換器上的該訊務分類媒合模組與該訊務統計模組取回封包的分類資訊和訊務量的統計資訊,該可程式化網路交換器根據封包的分類資訊和訊務量的統計資訊產生一訊務資訊並傳送,以及該資料庫模組進行儲存該訊務資訊。 The instant messaging collection module performs the following actions: the traffic collection requirement is periodically transmitted to the programmable network switch through the application interface module on the network controller to obtain the traffic information. And retrieving the classification information and the traffic statistics of the packet from the traffic classification media module and the traffic statistics module on the programmable network switch, the programmable network switch according to the packet The classified information and the statistical information of the traffic generate a traffic information and transmit, and the database module stores the traffic information.

該資料庫模組儲存該訊務資訊包含訊務封包分類媒合設定、媒合封包的總量、媒合封包的訊務總流量以及分類媒合規則存在的總時間標籤,而該訊務分析模組將可從該資料庫模組取出已分類完成的訊務資訊,呈現即時且精確的訊務量統計資訊,並分析網路使用情形以及異常的網路行為。 The database module stores the traffic information including the traffic packet classification and media setting, the total amount of the mediation packet, the total traffic of the mediation packet, and the total time label of the classification and matching rule, and the traffic analysis The module will be able to retrieve the classified traffic information from the database module, presenting instant and accurate traffic statistics, and analyzing network usage and abnormal network behavior.

綜上所述,透過軟體定義網路的技術,訊務量蒐集模組可直接透過控制器應用程式介面模組從可程式化交換器上以基於流的訊務量統計方法取得詳細且精確的訊務資訊,減少額外建制網路訊務偵測系統的成本,另外可直接取得預先分類媒合的訊務資訊,省去建立封包讀取元件及避免損耗交換器的效能,有效減少訊務蒐集系統進行訊務資訊取樣的時間間隔,使訊務資訊能夠更即時的呈現。 In summary, through the software-defined network technology, the traffic collection module can obtain detailed and accurate flow-based traffic statistics from the programmable switch through the controller application interface module. Traffic information, reducing the cost of additional networked traffic detection systems, and directly obtaining pre-classified media information, eliminating the need to create packet read components and avoid loss converter performance, effectively reducing traffic collection The time interval for the system to sample traffic information enables the traffic information to be presented more instantly.

本發明之目的在於解決目前訊務量蒐集系統普遍不精確之問題,提出一種透過軟體定義網路技術蒐集精確訊務量的即時訊務量蒐集方法,並直接從交換器上以基於流的訊務量統計方法取得預先分類媒合的訊務資訊,達到避免 額外建制網路訊務偵測系統的成本。 The purpose of the present invention is to solve the problem that the current traffic collection system is generally inaccurate, and propose an instant traffic collection method for collecting precise traffic through software-defined network technology, and directly using the stream-based information from the switch. Traffic statistics method to obtain pre-classified media information to avoid The cost of additional network traffic detection systems.

101‧‧‧傳統網路交換器 101‧‧‧Traditional Network Switch

102‧‧‧網路介面 102‧‧‧Internet interface

103‧‧‧訊務鏡射元件 103‧‧‧Traffic mirror components

104‧‧‧終端設備 104‧‧‧ Terminal equipment

105‧‧‧資料網路 105‧‧‧Information Network

106‧‧‧監控網路 106‧‧‧Monitoring network

110‧‧‧訊務監控與分析模組 110‧‧‧ Traffic Monitoring and Analysis Module

111‧‧‧訊務蒐集與分類元件 111‧‧‧Traffic collection and classification components

112‧‧‧訊務分析元件 112‧‧‧ Traffic Analysis Components

201‧‧‧可程式化網路交換器 201‧‧‧Programmable Network Switch

202‧‧‧資料平面網路介面 202‧‧‧Data plane network interface

203‧‧‧控制平面網路介面 203‧‧‧Control plane network interface

204‧‧‧終端設備 204‧‧‧ Terminal equipment

205‧‧‧資料網路 205‧‧‧Information Network

206‧‧‧管理網路 206‧‧‧Management Network

207‧‧‧網路控制器 207‧‧‧Network Controller

208‧‧‧應用程式介面模組 208‧‧‧Application Interface Module

210‧‧‧即時訊務蒐集與分析系統 210‧‧‧ Instant Messaging Collection and Analysis System

211‧‧‧訊務分類媒合模組 211‧‧‧Service Classification Media Module

212‧‧‧訊務統計模組 212‧‧‧Traffic Statistics Module

213‧‧‧訊務蒐集模組 213‧‧‧Information Collection Module

214‧‧‧資料庫模組 214‧‧‧Database Module

215‧‧‧訊務分析模組 215‧‧‧ Traffic Analysis Module

S301~S304‧‧‧方法流程 S301~S304‧‧‧ Method flow

S404~S406‧‧‧方法流程 S404~S406‧‧‧ Method flow

圖1為傳統習知的訊務監控與分析模組架構圖。 FIG. 1 is a conventional architecture diagram of a traffic monitoring and analysis module.

圖2為本發明之即時訊務量蒐集與分析系統架構圖。 2 is a structural diagram of an instant traffic collection and analysis system of the present invention.

圖3為本發明之訊務分類媒合規則建立流程圖。 FIG. 3 is a flowchart of establishing a traffic classification and matching rule according to the present invention.

圖4為本發明之即時訊務量蒐集與分析方法流程圖。 4 is a flow chart of a method for collecting and analyzing instant traffic according to the present invention.

圖1為傳統的訊務監控與分析系統架構,傳統訊務監控與分析系統架構通常應用傳統網路交換器101上的訊務鏡射元件103將訊務鏡射到訊務監控與分析系統110,其方式主要將網路介面102上的訊務從訊務鏡射元件103鏡射一份複本出來,而其主要以終端設備104與資料網路105間的資料封包交換全部鏡射出來,訊務監控與分析模組110透過監控網路106獲得鏡射的訊務資訊,透過訊務蒐集與分類元件111對鏡射訊務進行剖析,剔除不必要的訊務資訊並將剩餘的訊務資料進行分類。訊務分析元件112則從訊務蒐集與分類元件111獲得已簡化過的訊務資訊並進行訊務資訊的分析,目的為提供網路管理人員網路的使用情形及異常行為等分析資料。在圖1的系統架構下,訊務鏡射元件103會耗損傳統網路交換器101的功效,而訊務蒐集與分類元件111則須對所有的封包進行剖析。 1 is a conventional traffic monitoring and analysis system architecture. The traditional traffic monitoring and analysis system architecture typically uses the traffic mirroring component 103 on the conventional network switch 101 to direct the traffic mirror to the traffic monitoring and analysis system 110. The method mainly mirrors the traffic on the network interface 102 from the traffic mirror component 103, and mainly uses the data packet between the terminal device 104 and the data network 105 to exchange all the mirrors. The monitoring and analysis module 110 obtains the mirrored traffic information through the monitoring network 106, analyzes the mirrored traffic through the traffic collecting and sorting component 111, and eliminates unnecessary traffic information and the remaining traffic information. sort. The traffic analysis component 112 obtains the simplified traffic information from the traffic collection and classification component 111 and analyzes the traffic information for the purpose of providing analysis data such as usage and abnormal behavior of the network administrator network. In the system architecture of Figure 1, the traffic mirroring component 103 consumes the power of the conventional network switch 101, while the traffic collection and classification component 111 must parse all of the packets.

圖2為即時訊務量蒐集與分析系統的架構,網路控制器207透過控制平面網路介面模組203經由管理網路206 與可程式化網路交換器201建立控制連線。透過網路控制器207在可程式化網路交換器201上的訊務分類媒合模組211寫入訊務分類媒合規則,將終端設備204與資料網路205間的所有資料封包交換進行分類媒合,封包媒合規則後將進一步進行封包的處理,例如修改封包,並由資料平面網路介面模組202轉發出去,而訊務統計模組212對於所有的分類媒合規則統計每一個規則媒合的封包數、訊務量等資訊,即時訊務量蒐集與分析模組210首先從即時訊務蒐集模組213藉由網路控制器207上的應用程式介面模組208定時的發送訊務量蒐集需求,網路控制器207接收需求後即時從訊務統計模組212獲得訊務資訊,並且再透過應用程式介面模組208回傳訊務資訊給即時訊務蒐集模組213,接著將蒐集到已分類的訊務量資訊儲存至資料庫模組214,最後訊務分析模組215即可從資料庫模組214中取得精確且即時的網路訊務資料,並呈現精確網路的使用情形以及即時分析出異常的網路行為。 2 is an architecture of an instant traffic collection and analysis system. The network controller 207 is connected to the management network via the control plane network interface module 203. A control connection is established with the programmable network switch 201. The traffic classification and matching module 211 on the programmable network switch 201 is written by the network controller 207 to write the traffic classification and matching rules, and all the data packets between the terminal device 204 and the data network 205 are exchanged. After the packet matching rule, the packet matching rule is further processed, for example, the packet is modified and forwarded by the data plane network interface module 202, and the traffic statistics module 212 counts each of the classification rules. The information collection and analysis module 210 firstly sends the information from the instant message collection module 213 through the application interface module 208 on the network controller 207. The traffic controller collects the demand, and the network controller 207 immediately obtains the traffic information from the traffic statistics module 212 after receiving the demand, and then returns the traffic information to the instant traffic collection module 213 through the application interface module 208, and then The collected traffic information is stored in the database module 214, and finally the traffic analysis module 215 can obtain accurate and instant network traffic data from the database module 214, and present the fine Usage of the Internet and instant analysis of the network behavior anomaly.

而訊務分類媒合規則的建立流程圖以及即時訊務量蒐集與分析方法流程圖如圖3與圖4所示。首先請參閱圖3,訊務分類媒合規則建立流程圖的步驟S301網路控制器與可程式化網路交換器建立新連線,在此步驟中網路控制器207透過控制平面網路介面模組203經由管理網路206與一個以上的可程式化網路交換器201建立控制連線,再進入步驟S302檢查可程式化網路交換器是否已建立封包分類媒合規則。 The flow chart of the establishment of the traffic classification and the flow chart of the instant traffic collection and analysis method are shown in FIG. 3 and FIG. 4 . Referring first to FIG. 3, step S301 of the traffic classification rule building flow chart establishes a new connection between the network controller and the programmable network switch. In this step, the network controller 207 passes through the control plane network interface. The module 203 establishes a control connection with more than one programmable network switch 201 via the management network 206, and proceeds to step S302 to check whether the programmable network switch has established a packet classification match rule.

步驟S302檢查可程式化網路交換器是否已建立封包分類媒合規則中,網路控制器207會先進行檢查是否可 程式化網路交換器201已經建立訊務分類媒合規則,如已經建立訊務分類媒合規則,封包進入可程式化網路交換器201後會進行分類媒合,如媒合成功,將會進入步驟S304媒合封包後進行封包轉送並統計封包數及訊務流量;反之未媒合的封包則會從可程式化網路交換器201通知網路控制器207,告知分類媒合規則並未建立,並進入步驟S303透過網路控制器在可程式化網路交換器上進行建立分類媒合規則。 In step S302, it is checked whether the programmable network switch has established a packet classification and matching rule, and the network controller 207 checks whether it can be checked first. The programmatic network switch 201 has established a traffic classification and mediation rule. If the traffic classification and mediation rules have been established, the packet will enter the programmable network switch 201 and then perform classification and mediation. If the mediation is successful, the After proceeding to step S304, the packet is forwarded and packet forwarding is performed, and the number of packets and traffic is counted; otherwise, the unmatched packet is notified from the programmable network switch 201 to the network controller 207 to inform that the classification rule is not Established, and proceeds to step S303 to establish a classification and matching rule on the programmable network switch through the network controller.

步驟S303透過網路控制器在可程式化進行建立分類媒合規則中,網路控制器207針對未媒合的封包進行分類媒合規則決策,決定要寫入可程式化網路交換器201中的訊務分類媒合規則,決策後則將該訊務分類媒合規則寫入可程式化網路交換器201並且重新回到步驟S302檢查可程式化網路交換器是否已建立封包分類媒合規則,檢查是否已經成功寫入分類媒合規則。 In step S303, the network controller 207 performs a classification and mediation rule decision on the unmatched packet through the network controller, and determines to write to the programmable network switch 201. After the decision is made, the traffic classification rule is written into the programmable network switch 201 and the process returns to step S302 to check whether the programmable network switch has established the packet classification medium. Rules to check if the classification rules have been successfully written.

步驟S304媒合封包後進行封包轉送並統計封包數及訊務流量中,封包進入訊務分類媒合模組211媒合規則後,封包將會針對分類媒合規則上定義之封包處理方法進行處理,處理方法包含封包表頭修改、封包轉發、封包丟棄動作,而每一個媒合成功的封包,將會在與該分類媒合模組連結的訊務統計模組212加以統計,包含媒合的封包量、訊務總流量等,接著則進入即時訊務量蒐集與分析方法流程。 Step S304: After the packet is matched, the packet is forwarded and the number of packets and the traffic are counted. After the packet enters the mediation rule of the traffic classification module 211, the packet is processed according to the packet processing method defined on the classification and matching rule. The processing method includes a packet header modification, a packet forwarding, and a packet discarding action, and each successfully combined packet is counted in the traffic statistics module 212 connected to the classification media module, including the mediation. The amount of packets, the total traffic of the traffic, etc., then enter the process of instant traffic collection and analysis methods.

請參閱圖4,在即時訊務量蒐集與分析方法流程圖的步驟S401訊務蒐集模組透過網路控制器應用程式介面模組發送訊務量資訊需求,此步驟裡即時訊務量蒐集與分析模組210的即時訊務蒐集模組213透過網路控制器207上的應用程式介面模組208定時發送特定的訊務量資訊需求,定時 的時間間隔可依照應用程式對於訊務資訊的需求進行調整,最短可制定的時間間隔為每五秒的需求發送。網路控制器207接收到訊務量需求後,將需求轉送至可程式化網路交換器以取得訊務資訊。 Referring to FIG. 4, in the step S401 of the instant message collection and analysis method flow chart, the traffic collection module sends the traffic information request through the network controller application interface module, and the instant traffic collection and collection in this step The instant messaging collection module 213 of the analysis module 210 periodically sends a specific traffic information request through the application interface module 208 on the network controller 207. The time interval can be adjusted according to the application's requirements for traffic information, and the minimum time interval can be set every five seconds. After receiving the traffic demand, the network controller 207 forwards the demand to the programmable network switch to obtain the traffic information.

在步驟S402檢查可程式化網路交換器是否有需求的分類方法中,可程式化網路交換器201依照網路控制器207發送的需求檢視是否有需求的分類媒合規則,如已有此分類媒合規則,則進入步驟S404透過網路控制器將即時訊務量統計資訊回傳給訊務蒐集模組;反之則回傳告知分類媒合規則不存在,並進入步驟S403透過網路控制器在可程式化網路交換器上建立封包分類媒合規則。 In the classification method of checking whether the programmable network switch has a demand in step S402, the programmable network switch 201 checks whether there is a required classification rule according to the requirement sent by the network controller 207, if there is already The classification matching rule proceeds to step S404 to transmit the instant traffic statistics information to the traffic collection module through the network controller; otherwise, the return notification informs that the classification matching rule does not exist, and proceeds to step S403 to control through the network. The device establishes a packet classification rule on the programmable network switch.

在步驟S403透過網路控制器在可程式化網路交換器上建立封包分類媒合規則中,透過網路控制器207重新決策適合即時訊務蒐集需求的訊務分類媒合規則,並將決策後的分類媒合規則寫入可程式化網路交換器201上的訊務分類媒合模組211中,並回到步驟S401訊務蒐集模組透過網路控制器應用程式介面模組發送訊務量資訊需求。 In step S403, the packet classification protocol is established on the programmable network switch by the network controller, and the network controller 207 is used to re-determine the traffic classification and matching rules suitable for the instant message collection requirement, and the decision is made. The following classification and matching rules are written into the traffic classification media module 211 on the programmable network switch 201, and the process returns to step S401. The traffic collection module transmits the message through the network controller application interface module. Traffic information needs.

步驟S404透過網路控制器將即時訊務量統計資訊回傳給訊務蒐集模組中,可程式化網路交換器201從訊務分類媒合模組211及訊務統計模組212取得訊務資訊後,將訊務分類媒合規則、媒合封包量及訊務流量等訊務資訊透過網路控制器207回傳給即時訊務蒐集與分析模組210,並由其中的即時訊務蒐集模組213接收訊務資訊並進入步驟S405將訊務資訊存入資料庫模組。 In step S404, the instantaneous traffic statistics information is transmitted back to the traffic collection module through the network controller, and the programmable network switch 201 obtains the information from the traffic classification media module 211 and the traffic statistics module 212. After the information, the traffic information such as the traffic classification rule, the mediation packet volume and the traffic flow are transmitted back to the instant message collection and analysis module 210 through the network controller 207, and the instant message is received by the instant message. The collecting module 213 receives the traffic information and proceeds to step S405 to store the traffic information in the database module.

在步驟S405將訊務資訊存入資料庫模組214中,即時訊務蒐集模組213將訊務資訊依照不同的訊務分類方式 儲存到資料庫模組214中,儲存包含封包量、訊務流量、時間標籤等資料,接著進入下一個時間間隔,回到步驟S401訊務蒐集模組透過網路控制器應用程式介面模組發送訊務量資訊需求,也就是繼續進行下一次訊務蒐集動作;而如有訊務分析需求,則進入步驟S406訊務分析模組從資料庫模組取得訊務資訊進行分析。 In step S405, the traffic information is stored in the database module 214, and the instant message collecting module 213 classifies the traffic information according to different traffic classification methods. The data is stored in the database module 214, and the data includes the packet quantity, the traffic flow, the time label, and the like, and then proceeds to the next time interval, and returns to the S401 service collection module to send through the network controller application interface module. The traffic information requirement is to continue the next traffic collection operation; if there is a traffic analysis request, the process proceeds to step S406. The traffic analysis module obtains the traffic information from the database module for analysis.

在步驟S406訊務分析模組從資料庫模組取得訊務資訊進行分析中,訊務分析模組215從資料庫模組214獲得各種分類後的回傳訊務資訊,因蒐集的訊務資訊間隔短,可由訊務分析模組215中呈現即時且精確的訊務量統計資訊,並且正確的分析出網路使用情形以及異常的網路行為,以供網管人員參考。 In step S406, the traffic analysis module obtains the traffic information from the database module for analysis, and the traffic analysis module 215 obtains various classified backhaul information from the database module 214, because of the collected traffic information interval. Short, the traffic analysis module 215 can present real-time and accurate traffic statistics, and correctly analyze the network usage and abnormal network behavior for network administrators to refer to.

本發明所提供即時訊務量蒐集與分析系統及方法,與其他先前技術相互比較時,更具備下列優點: The instant traffic collection and analysis system and method provided by the present invention have the following advantages when compared with other prior art technologies:

1.本發明提出多種蒐集訊務分類媒合的方式,例如MAC、VLAN、IP、DSCP、TCP等分類媒合方式,提供分析訊務的系統呈現更多元的訊務資訊。 1. The present invention proposes a plurality of methods for collecting and sorting traffic, such as MAC, VLAN, IP, DSCP, TCP, and the like, and the system for providing analysis services presents more information about the traffic.

2.本發明可省去封包讀取元件,直接從可程式化交換器上基於流的訊務量統計方法取得預先分類媒合的訊務資訊,提供精確且即時的訊務蒐集方式,可從訊務量統計發現異常突波,即時反應出訊務的異常狀況。 2. The invention can save the packet reading component, obtain the pre-classified media information directly from the flow-based traffic statistics method on the programmable exchanger, and provide an accurate and instant traffic collection mode. The traffic statistics found abnormal surges and immediately reflected the abnormal situation of the traffic.

3.本發明資料平面亦屬分散式的平面,即時訊務量蒐集與分析模組透過集中式的控制平面即可獲得大範圍的網路訊務資訊。 3. The data plane of the present invention is also a decentralized plane, and the instant traffic collection and analysis module can obtain a wide range of network traffic information through a centralized control plane.

上列詳細說明乃針對本發明之最佳實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡 未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。 The detailed description of the preferred embodiments of the present invention is specifically described, but the embodiment is not intended to limit the scope of the invention. Equivalent implementations or modifications that do not depart from the spirit of the invention are intended to be included in the scope of the invention.

綜上所述,本發明於技術思想上實屬創新,也具備先前技術不及的多種功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出專利申請,懇請 貴局核准本件發明專利申請案以勵發明,至感德便。 In summary, the present invention is innovative in terms of technical ideas, and also has various functions that are not in the prior art, and has fully complied with the statutory invention patent requirements of novelty and progressiveness, and has filed a patent application according to law, and invites you to approve the invention. The patent application was inspired to invent, and it was a matter of feeling.

201‧‧‧可程式化網路交換器 201‧‧‧Programmable Network Switch

202‧‧‧資料平面網路介面 202‧‧‧Data plane network interface

203‧‧‧控制平面網路介面 203‧‧‧Control plane network interface

204‧‧‧終端設備 204‧‧‧ Terminal equipment

205‧‧‧資料網路 205‧‧‧Information Network

206‧‧‧管理網路 206‧‧‧Management Network

207‧‧‧網路控制器 207‧‧‧Network Controller

208‧‧‧應用程式介面 208‧‧‧Application interface

210‧‧‧即時訊務蒐集與分析系統 210‧‧‧ Instant Messaging Collection and Analysis System

211‧‧‧訊務分類媒合方法 211‧‧‧Service classification method

212‧‧‧訊務統計方法 212‧‧‧ Traffic Statistics Method

213‧‧‧即時訊務蒐集模組 213‧‧‧ Instant Messaging Collection Module

214‧‧‧資料庫模組 214‧‧‧Database Module

215‧‧‧訊務分析模組 215‧‧‧ Traffic Analysis Module

Claims (5)

一種即時訊務量蒐集與分析系統,包含:複數個可程式化網路交換器,係處理複數個封包;一網路控制器,該網路控制器透過管理網路與該可程式化網路交換器連接,並管理及監控該可程式化網路交換器;一即時訊務量蒐集與分析模組,該即時訊務量蒐集與分析模組連接至該網路控制器,並進行即時訊務蒐集和分析;其中該可程式化網路交換器包含:一封包分類媒合模組,存有複數個分類媒合規則以媒合各該封包;一訊務統計模組,與該封包分類媒合模組連結並產生一訊務資訊;一資料平面網路介面模組,將各該封包轉發至資料平面網路;一控制平面網路介面模組,該封包分類媒合模組透過該控制平面網路介面模組向該網路控制器連接;其中該網路控制器包含有一應用程式介面模組,使應用程式可透過該應用程式介面模組對該網路控制器下達管理及監控該可程式化網路交換器的命令;其中該即時訊務量蒐集與分析模組包含:一訊務蒐集模組,透過該網路控制器即時蒐集該可程式化網路交換器中的該訊務資訊;一資料庫模組,儲存蒐集來之該訊務資訊;以及一訊務分析模組,對資料庫模組儲存的該訊務資訊進行分析。 An instant traffic collection and analysis system includes: a plurality of programmable network switches that process a plurality of packets; and a network controller that manages the network and the programmable network The switch connects and manages and monitors the programmable network switch; an instant traffic collection and analysis module, the instant traffic collection and analysis module is connected to the network controller, and performs instant messaging Collecting and analyzing; wherein the programmable network switch comprises: a packet classification medium module, storing a plurality of classification and matching rules to match each of the packets; a traffic statistics module, and the packet classification The media module connects and generates a message information; a data plane network interface module forwards each packet to the data plane network; and a control plane network interface module, the packet classification media module transmits the The control plane network interface module is connected to the network controller; wherein the network controller includes an application interface module, so that the application can manage the network controller through the application interface module Monitoring the command of the programmable network switch; wherein the instant traffic collection and analysis module comprises: a traffic collection module, through which the network controller immediately collects the programmable network switch The information module, a database module for storing the collected information, and a traffic analysis module for analyzing the information stored in the database module. 如申請專利範圍第1項所述之即時訊務量蒐集與分析系統,其中各該分類媒合規則係包含至少一個封包分類設定以及至少一個封包處理動作,其中:該封包分類媒合模組依據該封包分類設定中網路第二層到第四層的標頭內容以及收到封包的實體連接埠編號對各該封包進行分類;以及該封包分類媒合模組依據該封包處理動作以轉發封包、丟棄封包、更改網路第二層到第四層的標頭內容。 The instant traffic collection and analysis system of claim 1, wherein each of the classification rules comprises at least one packet classification setting and at least one packet processing action, wherein: the packet classification media module is based on The packet classification setting sets the header content of the second layer to the fourth layer of the network and the physical connection number of the received packet to classify each packet; and the packet classification mediation module forwards the packet according to the packet processing action. , discard the packet, change the header content of the second layer to the fourth layer of the network. 如申請專利範圍第1項所述之即時訊務量蒐集與分析系統,其中該訊務資訊包含媒合封包總量、媒合封包的訊務總流量、各該分類媒合規則以及各該分類媒合規則存在的總時間標籤。 For example, the instant traffic collection and analysis system described in claim 1 wherein the traffic information includes a total amount of the media packet, a total traffic of the media packet, each of the classification rules, and each of the categories. The total time stamp in which the match rule exists. 一種即時訊務量蒐集與分析方法,包含以下步驟:一即時訊務量蒐集與分析模組中的一訊務蒐集模組透過一網路控制器上的一應用程式介面模組發送一訊務量資訊需求,該網路控制器將該訊務量資訊需求轉送至一可程式化網路交換器以取得一訊務資訊;該可程式化網路交換器依照該網路控制器發送的該訊務量資訊需求檢視是否有對應的分類媒合規則,若有,則透過該網路控制器將該訊務資訊回傳給該訊務蒐集模組,若無,則透過該網路控制器在該可程式化網路交換上建立該分類媒合規則;該網路控制器將該封包分類媒合規則寫入該可程式化網路交換器上的一訊務分類媒合模組中,而該訊務蒐集模組再次透過該網路控制器的該應用程式介面模組發送該訊務量資訊需求; 該可程式化網路交換器從該訊務分類媒合模組及一訊務統計模組取得該訊務資訊後,將該訊務資訊透過該網路控制器回傳給該即時訊務蒐集與分析模組,並由該即時訊務蒐集模組接收該訊務資訊並存入一資料庫模組;該即時訊務蒐集模組透過該應用程式介面模組再發送該訊務量資訊需求;以及該即時訊務蒐集與分析模組中一訊務分析模組從該資料庫模組取得該訊務資訊進行即時分析。 An instant traffic collection and analysis method includes the following steps: a traffic collection module in an instant traffic collection and analysis module sends a message through an application interface module on a network controller Information request, the network controller forwards the traffic information request to a programmable network switch to obtain a traffic information; the programmable network switch sends the message according to the network controller The traffic information needs to check whether there is a corresponding classification and matching rule. If yes, the traffic information is transmitted back to the traffic collection module through the network controller, and if not, the network controller is passed through the network controller. Establishing the classification matching rule on the programmable network exchange; the network controller writes the packet classification and matching rule into a traffic classification medium module on the programmable network switch, The traffic collection module transmits the traffic information request again through the application interface module of the network controller; The programmable network switch obtains the traffic information from the traffic classification media module and a traffic statistics module, and then transmits the traffic information to the instant message collection through the network controller. And the analysis module, and the information collection module is received by the instant messaging collection module and stored in a database module; the instant messaging collection module transmits the traffic information request through the application interface module And a traffic analysis module of the instant messaging collection and analysis module obtains the traffic information from the database module for real-time analysis. 如申請專利範圍第4項所述之即時訊務量蒐集與分析方法,其中該即時訊務蒐集模組進行包含下列之步驟:把訊務量蒐集需求透過該網路控制器上的該應用程式介面模組傳遞到該可程式化網路交換器上以獲取該訊務資訊;自該可程式化網路交換器上的該訊務分類媒合模組與該訊務統計模組取回該訊務資訊;以及該資料庫模組儲存該訊務資訊。 The instant messaging collection and analysis method described in claim 4, wherein the instant messaging collection module comprises the steps of: transmitting the traffic collection requirement to the application on the network controller The interface module is passed to the programmable network switch to obtain the traffic information; the traffic classification media module on the programmable network switch and the traffic statistics module retrieve the Traffic information; and the database module stores the traffic information.
TW104121596A 2015-07-03 2015-07-03 Real - time traffic collection and analysis system and method TWI581590B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104121596A TWI581590B (en) 2015-07-03 2015-07-03 Real - time traffic collection and analysis system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104121596A TWI581590B (en) 2015-07-03 2015-07-03 Real - time traffic collection and analysis system and method

Publications (2)

Publication Number Publication Date
TW201703461A TW201703461A (en) 2017-01-16
TWI581590B true TWI581590B (en) 2017-05-01

Family

ID=58400958

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104121596A TWI581590B (en) 2015-07-03 2015-07-03 Real - time traffic collection and analysis system and method

Country Status (1)

Country Link
TW (1) TWI581590B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI786435B (en) * 2020-09-01 2022-12-11 中華電信股份有限公司 A method used in an instantiated vnf and an electronic device using the same

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607348A (en) * 2013-11-27 2014-02-26 北京邮电大学 Virtual network flow classifying method based on OpenFlow protocol
US20140112187A1 (en) * 2012-10-23 2014-04-24 Electronics And Telecommunications Research Institute Apparatus for flow-based network monitoring and network monitoring system
TW201500770A (en) * 2013-06-03 2015-01-01 Koninkl Philips Nv Multi-view display device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140112187A1 (en) * 2012-10-23 2014-04-24 Electronics And Telecommunications Research Institute Apparatus for flow-based network monitoring and network monitoring system
TW201500770A (en) * 2013-06-03 2015-01-01 Koninkl Philips Nv Multi-view display device
CN103607348A (en) * 2013-11-27 2014-02-26 北京邮电大学 Virtual network flow classifying method based on OpenFlow protocol

Also Published As

Publication number Publication date
TW201703461A (en) 2017-01-16

Similar Documents

Publication Publication Date Title
CN109787833B (en) Network abnormal event sensing method and system
US8848528B1 (en) Network data flow collection and processing
US7509408B2 (en) System analysis apparatus and method
US20090238088A1 (en) Network traffic analyzing device, network traffic analyzing method and network traffic analyzing system
US10601639B2 (en) Multi cause correlation in wireless protocols
CN101933290A (en) Method for configuring acls on network device based on flow information
US10764209B2 (en) Providing a snapshot of buffer content in a network element using egress mirroring
EP1997273B1 (en) A method and system of using counters to monitor a system port buffer
CN101626323A (en) Method and device for monitoring network data flow
CN114095457A (en) Shared buffer resource management based on flow
CN111314179A (en) Network quality detection method, device, equipment and storage medium
CN112260899B (en) Network monitoring method and device based on MMU (memory management unit)
WO2017147808A1 (en) Method and device for managing network apparatus
CN111726410B (en) Programmable real-time computing and network load sensing method for decentralized computing network
JP6764313B2 (en) Immediate traffic collection / analysis system and method
CN107820270B (en) GPRS interface monitoring system based on GSM-R network
TWI581590B (en) Real - time traffic collection and analysis system and method
Gómez et al. Traffic classification in IP networks through Machine Learning techniques in final systems
CN115766471B (en) Network service quality analysis method based on multicast flow
KR20220029142A (en) Sdn controller server and method for analysing sdn based network traffic usage thereof
JP5684748B2 (en) Network quality monitoring apparatus and network quality monitoring method
CN114095383B (en) Network flow sampling method and system and electronic equipment
US20140086091A1 (en) Method, apparatus, and system for analyzing network transmission characteristic
CN107809344B (en) Real-time traffic collection and analysis system and method
WO2021240634A1 (en) Traffic monitoring device, traffic monitoring method, and traffic monitoring program