WO2012149794A1 - 网络拓扑自动发现方法、装置及系统 - Google Patents

网络拓扑自动发现方法、装置及系统 Download PDF

Info

Publication number
WO2012149794A1
WO2012149794A1 PCT/CN2011/080498 CN2011080498W WO2012149794A1 WO 2012149794 A1 WO2012149794 A1 WO 2012149794A1 CN 2011080498 W CN2011080498 W CN 2011080498W WO 2012149794 A1 WO2012149794 A1 WO 2012149794A1
Authority
WO
WIPO (PCT)
Prior art keywords
network topology
network
packet
address
automatic discovery
Prior art date
Application number
PCT/CN2011/080498
Other languages
English (en)
French (fr)
Inventor
李�浩
袁学文
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2011/080498 priority Critical patent/WO2012149794A1/zh
Priority to CN201180002342.1A priority patent/CN102439905B/zh
Publication of WO2012149794A1 publication Critical patent/WO2012149794A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/26Route discovery packet

Definitions

  • the embodiments of the present invention relate to the field of network management technologies, and in particular, to a network topology automatic discovery method, apparatus, and system. Background technique
  • the main purpose of network topology discovery is to obtain and maintain the existence information of network nodes and the connection relationship information between them, and draw the entire network topology on this basis.
  • the network administrator can quickly locate the faulty node based on the network topology map.
  • SNMP Simple Network Management Protocol
  • a default gateway router obtains a list of existing subnets, and then traverses all the specified subnets. Active device, and use the system community name library to find the community name of the device. If found, use the SNMP protocol to obtain the basic information of the device, and determine the type of the device (for example, the device type can be a router or a switch or a firewall or a host, etc.), and On this basis, obtain the details of the corresponding device. If the community name of the device is not found, this device is the default.
  • SNMP Simple Network Management Protocol
  • SNMP-based network topology auto-discovery method to find the default routing gateway Find the ipRouteTable in the SNMP MIBII of the computer where the topology discovery program is located. If the ipRouteDest value is 0.0.0.0, the topology discovery program is displayed. The default gateway is set on the computer where it is located, and the ipRouteNextHop value is the address of the default gateway. Then check the ipForwarding value of the default gateway. If it is 1, it indicates that the default gateway is indeed a routing device, otherwise it is not.
  • the SNMP topology-based automatic network discovery method obtains the existing subnet list in the following manner: traverses all the objects under the management object ipRouteDest in the IP management group of the router, and uses the network number of each route as the index to query the ipRouteType field. value. If the value is 3, it indicates a direct route. If the value is 4, it is an indirect route. The indirect route indicates that the destination network or destination host has to go through other routers, and the direct route indicates that it is directly connected to the destination network or the destination host, so that the network number directly connected to the router can be obtained. Then query its route mask ( ipRouteMask ) according to each record in the network number. According to the obtained routing mask, it is possible to determine each existing network sub- The IP address range of the network.
  • the SNMP-based network topology auto-discovery method finds other routing devices as follows: Find the routing table entry of the indirect route in the IP routing group routing table of the default routing gateway, and get the next hop address of the route ( ipRouteNextHop ) . By traversing the routing device given by the next hop address, a larger network topology can be obtained.
  • the SNMP topology-based automatic network discovery method discovers the connection relationship of network layer devices as follows: The connection relationship between the subnet and the router is traversed by the subnet included in each router to determine the relationship between the host and the subnet through the host IP. Determine with the subnet mask. Trap:
  • SNMP-based network topology automatic discovery method has special configuration requirements for routers.
  • the router needs to support the SNMP MIB library for querying routing entries, and requires the topology discovery program to know the structure of the MIB, and there is system incompatibility. Leading to the versatility of this program;
  • the SNMP-based network topology auto-discovery method needs to open the SNMP query interface. However, the routers in the actual network may not be opened. Because there are many routers, all of them may be difficult to implement, which makes the scheme less versatile.
  • SNMP-based network topology automatic discovery method uses SNMP to know the router's SNMP password. Therefore, opening these router passwords has a great impact on network security, and there is a large security risk. Summary of the invention
  • the embodiment of the invention provides a network topology automatic discovery method, device and system, which does not need to provide special configuration for network devices, can be applied to various network devices, automatically discovers the network topology of the IP system, and has strong versatility.
  • the network topology automatic discovery method provided by the embodiment of the present invention includes:
  • the network topology automatic discovery agent module obtains a network type of an internetwork interconnection protocol IP packet, where the network type includes a direct connection network or a route network, and the direct connection network is a source IP address and a destination IP address of the IP4 port.
  • the routing network is a network in which the source IP address and the destination IP address of the IP packet are not in the same network segment.
  • the network topology automatic discovery proxy module performs a request for immediate response detection on the destination IP address of the IP packet, and obtains a first detection result;
  • the network type of the text is a routing network, and the network topology automatic discovery proxy module performs route detection on the destination IP address of the IP document to obtain an IP address of a router between the local end and the opposite end;
  • the network topology auto-discovery agent module performs an immediate response detection on the IP address of the router and the destination IP address of the IP packet, to obtain a second detection result;
  • the network topology automatic discovery agent module reports the first detection result or the second detection result to the network topology discovery analysis server, so that the network topology discovery analysis server receives the first detection result or After the second detection result, a network topology map is drawn, where the network topology map includes interconnection information between the network element devices in the network.
  • the network topology automatic discovery method includes: the network topology discovery analysis server receives the first detection result or the second detection result respectively reported by each network topology automatic discovery agent module, where the The result of the detection is that the network type of the inter-network interconnection protocol IP packet obtained by the network topology automatic discovery proxy module is a direct connection network, and the network topology automatic discovery proxy module immediately responds to the destination IP address of the IP packet.
  • the second detection result is that the network type of the IP packet obtained by the network topology automatic discovery proxy module is the routing network, the network topology automatic discovery proxy module, the destination IP address of the IP packet, and the IP address of the router. The address is requested to be immediately acknowledged by the probe;
  • the network topology discovery analysis server analyzes the first detection result or the second detection result respectively reported by each network topology automatic discovery agent module, and draws a network topology diagram, where the network topology diagram includes each network in the network. Interconnection information between metadevices.
  • the network topology automatic discovery proxy module includes: an acquiring unit, configured to acquire a network type of an Internet Protocol IP packet, where the network type includes a direct connection network or a routing network.
  • the direct connection network is a network in which the source IP address and the destination IP address of the IP packet are in the same network segment
  • the routing network is a network in which the source IP address and the destination IP address of the IP packet are not in the same network segment.
  • the first detecting unit is configured to: if the network type of the IP packet is a direct connection network, requesting an immediate response detection of the destination IP address of the IP packet, to obtain a first detection result;
  • the second detecting unit is configured to: if the network type of the IP packet is a routing network, perform route detection on the destination IP address of the IP packet to obtain an IP address of a router between the local end and the opposite end; a third detecting unit, configured to perform an immediate response detection on the IP address of the router and the destination IP address of the IP packet, to obtain a second detection result;
  • the reporting unit is configured to report the first detection result or the second detection result to the network topology discovery analysis server, so that the network topology discovery analysis server receives the first detection result or the second After the detection result, a network topology map is drawn, where the network topology map includes interconnection information between the network element devices in the network.
  • the network topology discovery and analysis server includes: a receiving unit, configured to receive a first detection result or a second detection result respectively reported by each network topology automatic discovery proxy module, where the first The detection result is the network topology type obtained by the network topology automatic discovery agent module.
  • the network type of the IP address is a direct connection network, and the network topology automatic discovery agent module requests the immediate IP address of the IP packet to be immediately acknowledged.
  • the second detection result is that the network type of the IP packet obtained by the network topology automatic discovery proxy module is a routing network, and the network topology automatic discovery proxy module performs the destination IP address of the IP packet and the IP address of the router. Request an immediate response probe to get;
  • the drawing unit is configured to analyze the first detection result or the second detection result respectively reported by each network topology automatic discovery proxy module, and draw a network topology diagram, where the network topology diagram includes each network element device in the network Interconnection information.
  • the embodiments of the present invention have the following advantages:
  • the network topology automatic discovery proxy module uses the request immediate response detection and route detection to obtain the first detection result or the second detection result, and reports to the network topology discovery analysis server, and the network topology discovery analysis server Draw a network topology.
  • the automatic discovery of the network topology is realized by the technology of requesting immediate response detection and route detection. It does not require the special requirements of the network equipment, and automatically discovers the network topology of the IP system, which has strong versatility and can be effectively implemented.
  • FIG. 1 is a schematic diagram of an embodiment of a network topology automatic discovery method according to the present invention.
  • FIG. 2 is a schematic diagram of two nodes sending packets according to the automatic topology discovery method of the present invention
  • FIG. 3 is a schematic diagram of an application scenario of the network topology automatic discovery method according to the present invention
  • 4 is a schematic diagram of another embodiment of a network topology automatic discovery method according to the present invention
  • FIG. 5 is a network topology diagram of the network topology automatic discovery method according to the present invention.
  • FIG. 6 is another network topology diagram of the network topology automatic discovery method according to the present invention
  • FIG. 7 is another network topology diagram drawn by the network topology automatic discovery method of the present invention
  • FIG. 8 is a network topology diagram of the present invention. Schematic diagram of an embodiment of an automatic discovery agent module
  • FIG. 9 is a schematic diagram of an embodiment of a network topology discovery analysis server according to the present invention.
  • FIG. 10 is a schematic diagram of an embodiment of a network topology automatic discovery system according to the present invention.
  • the embodiment of the invention provides a network topology automatic discovery method, device and system, which does not need to provide special configuration for network devices, can be applied to various network devices, automatically discovers the network topology of the IP system, and has strong versatility.
  • the network topology automatic discovery agent module in the embodiment is deployed on the monitoring server, and a network topology discovery analysis server is deployed on the network management system (NMS, Element Management System) server.
  • NMS Network Management System
  • the network topology automatic discovery method of the present invention includes:
  • the network topology automatic discovery agent module obtains the network type of the network communication protocol IP packet.
  • the network type of the IP packet includes a direct connection network or a routing network.
  • the direct connection network is the source IP address of the IP packet and the destination IP address in the same network segment.
  • the routing network is the source IP address of the IP packet.
  • the destination IP address is not in the same network segment.
  • the network topology automatic discovery agent module is deployed on the monitoring server, and the interface filtering system of the operating system has an Internet Protocol (IP) packet entering and exiting, and the network topology is automatically
  • IP Internet Protocol
  • the discovery agent module can obtain the internetwork interconnection protocol IP text from the interface filtering system of the operating system.
  • the network topology automatic discovery agent module determines the interface filtering of the operating system.
  • the network type of the IP packet in the system is a direct connection network or a route network.
  • the network topology automatically discovers the destination IP address and source IP address of the IP packet.
  • the network topology automatic discovery proxy module obtains a mask corresponding to the IP address of the local end according to the IP address of the local end.
  • the network topology automatic discovery proxy module performs a bitwise operation on the mask with the destination IP address and the source IP address, and compares the bit and operation results of the two. If the bits of the two are the same as the operation result, the IP packet is The network type is directly connected to the network. Otherwise, the network type of the IP packet is the routing network.
  • the network topology automatic discovery proxy module determines, according to the destination IP address and the source IP address, that the network type of the IP packet is a direct network or a routing network, and determines that the IP packet is transmitted in a network segment. , or cross-segment transmission.
  • the same network segment is marked as a direct network, and the different network segments are routing networks.
  • the routing network is a network in which the source IP address and the destination IP address of the IP packet are not in the same network segment.
  • the destination IP address in the received IP address is 120.17.233.1
  • the source IP address is 120.17.233.2.
  • You can obtain the mask corresponding to the IP address by querying the IP address of the operating system, assuming the mask is 255.255.255.0.
  • the destination IP address of the destination IP address and the mask is 120.17.233.0.
  • the source IP address of the source IP address is 120.17.233.2 and the source network segment is 120.17.233.0.
  • the source network segment and the destination network are compared. The segment finds that the two are the same, but the network type of the IP packet is a direct network.
  • the destination IP address of the received IP packet is 120.17.233.1 and the source IP address is 240.12.56.71, the destination network segment is 120.17.233.0, but the source network segment is 240.12.56.0. The two are not equal.
  • the network type of the IP packet is considered to be a routing network.
  • the method further includes: the network topology automatic discovery proxy module according to the port number of the IP packet, Obtain the protocol type of the IP packet.
  • the network topology auto-discovery agent module sends the IP packet to the network topology discovery analysis server.
  • the network topology automatic discovery proxy module obtains the port number of the IP packet.
  • the protocol type of the IP packet may further include: the network topology automatic discovery proxy module classifies the packet data traffic under each protocol in a preset time period according to different protocol types, and then sends the network topology discovery analysis server to the network topology.
  • the network topology discovery analysis server will draw the packet data traffic information of each protocol in the preset time period on the network topology map.
  • the network topology auto-discovery agent module can perform traffic statistics on each IP packet that is sent and received from the interface filtering system of the operating system in a certain period of time. After obtaining the protocol types, the traffic statistics can be classified.
  • the packet data traffic under the HTTP protocol is 27 M
  • the packet data traffic under the DNS protocol is 6 M
  • the packet data traffic under the SSH protocol is 8 M.
  • the application layer protocol can be judged by the port number.
  • the port has a clear definition of the application layer protocol used.
  • the commonly used ports and protocol types in the network are:
  • HTTP (the full name of HTTP in Chinese is Hypertext Transfer Protocol, the full name is HyperText Transfer Protocol in English): The port is 80.
  • DHCP DHCP Chinese full name is the dynamic host setting protocol, the English full name is Dynamic Host
  • the port is 67 and is the DHCP server.
  • the port is 68 and is the DHCP client.
  • POP3 (Chinese version of POP3 is called Post Office Protocol version 3, English is called Post Office Protocol - Version 3): The port is 110.
  • SMTP (Chinese full name of SMTP is a single mail transfer protocol, English full name is Simple Mail
  • the port is 25.
  • Telnet (the Chinese name for Telnet is called telecommunication network protocol, the full name is Telecommunication Network Protocol in English):
  • the port is 23.
  • FTP FTP is the full name of the file transfer protocol in English, the full name is File Transfer Protocol in English
  • the ports used by FTP are 20 and 21. 20 ports are used for data transmission and port 21 is used for control signaling transmission.
  • TFTP Choinese name for TFTP is the single file transfer protocol, the full name is Trivial File Transfer Protocol in English: The port is 69.
  • DNS (the full name of DNS in Chinese is the domain name system, the full name is Domain Name System in English): The port is 53.
  • NetBIOS (the full name of NetBIOS in Chinese is the basic network input and output system, the English name is Network Basic Input Output System):
  • the ports are 137, 138, 139.
  • NNTP (NNTP is the full name of the network news transmission protocol in English, the full name is Network News Transport Protocol in English): The port is 119.
  • SNMP (the Chinese name for SNMP is called the single network management protocol, and the English is called the Simple Network Management Protocol): The port is 161.
  • RPC Choinese version of RPC is called Remote Procedure Call Protocol, English is called Remote Procedure Call Protocol: The port is 135.
  • the ports used are 8000 and 4000, of which the server is 8000 and the client is 4000.
  • Bootstrap Protocol Served Bootstrap protocol protocol server and Bootstrap Protocol Client, port 67, 68.
  • the port is 79.
  • Metagram Relay service The port is 99.
  • POP2 (by Office 10, Post Office Protocol Version 2, ): The port is 109.
  • RPC Choinese full name remote procedure call, English full name Remote Procedure Call, ): The port is 111.
  • the port is 113.
  • IMAP Internet Message Access Protocol
  • English is called Internet Message Access Protocol
  • HTTPS Choinese full name is Hypertext Transfer Protocol, English full name Hypertext Transfer Protocol over Secure Socket Layer: The port is 443.
  • RTSP Choinese full name real-time streaming protocol, English full name Real Time Streaming Protocol: The port is 554.
  • the port is 1024.
  • Socks proxy service The port is 1080.
  • MMS Choinese full name is Microsoft Media Server, English full name is Microsoft Media Server: The port is 1755.
  • the port is port 3389.
  • Table 1 shows the relationship between the destination address, network type, and protocol type of IP packets by the network topology auto-discovery proxy module:
  • the network topology automatic discovery proxy module requests the immediate response detection of the destination IP address of the IP packet, and obtains the first detection result.
  • the network type of the obtained IP packet obtained in step 101 is as follows:
  • the network type of the IP packet is a direct connection network, and the IP of the network topology automatic discovery proxy module is on the same network as the destination IP address.
  • the network topology automatic discovery proxy module immediately responds to the destination IP address and obtains the first detection result. .
  • the network topology automatic discovery proxy module may perform an Internet Control Message Protocol Response Request (ICMP Ping) detection on the destination IP address to obtain a first detection result.
  • the first detection result may be specifically: if an Internet Control Message Protocol Response (ICMP Reply) message is received, the network connection between the local end and the opposite end is normal, indicating that there is a direct connection between the local end and the opposite end. If the ICMP Reply packet is not received, the network connection between the local end and the peer end changes, and topology refresh is required.
  • ICMP Ping Internet Control Message Protocol Response Request
  • the network topology auto-discovery agent module can perform ICMP ping on the destination IP address in a periodic manner, and the detection period can be set according to the QoS (Quality of Service) requirements of the link in the network topology.
  • QoS Quality of Service
  • the method further includes:
  • the network topology automatic discovery agent module counts the number of requests that are sent in the preset detection period and the number of response packets that are received by the peer.
  • the network topology automatic discovery proxy module obtains the packet loss rate between the local end and the opposite end according to the number of the immediately responding packets and the number of response packets fed back by the peer.
  • the network topology automatic discovery agent module reports the packet loss rate to the network topology discovery analysis server.
  • the method may further include:
  • the network topology automatic discovery proxy module collects the number of ICMP Ping messages and the number of received ICMP Reply messages in a preset detection period;
  • the network topology automatic discovery proxy module divides the number of ICMP Reply packets by the number of ICMP ping packets by 100%, and obtains the packet loss rate between the local end and the peer end.
  • the network topology automatic discovery agent module reports the packet loss rate to the network topology discovery analysis server. For example, if each peer is detected multiple times, such as 20 times, if all the response packets are received, the packet loss rate is 0%. If there are 2 discards, the packet loss rate is 10%.
  • the method further includes:
  • the network topology auto-discovery agent module obtains the time when the local end sends the request immediate response message and the time when the local end receives the response message fed back by the peer end.
  • the network topology automatic discovery proxy module subtracts the time when the local end receives the response message from the peer end and the time when the local end sends the request response message, and obtains the packet round-trip delay.
  • the network topology automatic discovery agent module reports the round-trip delay of the message to the network topology discovery analysis server.
  • the network topology automatic discovery proxy module may further include:
  • the network topology auto-discovery agent module obtains the time when the local end sends ICMP ping packets and the time when the local end receives the ICMP Reply message fed back by the peer.
  • the network topology auto-discovery agent module obtains the packet round-trip delay by the time when the local end receives the ICMP Reply message sent by the peer end minus the time when the local end sends the ICMP ping packet.
  • the network topology automatic discovery agent module reports the round-trip delay of the message to the network topology discovery analysis server.
  • the time when the node A sends the ICMP ping to the node B for the first time is T1
  • the time that the node A receives the ICMP reply message fed back by the node B is T3
  • the packet round trip delay (RTD) , Round-Trip Delay) RTD1 T3 - Tl.
  • RTD packet round trip delay
  • RTD1 T3 - Tl.
  • the network topology automatic discovery agent module obtains the packet round-trip delay, it also includes:
  • the network topology automatic discovery agent module calculates the message delay of the previous response request immediate response message and the message delay of the current response request immediate response message.
  • the network topology auto-discovery agent module reduces the packet delay of the immediately-sending response request message by the delay of sending the message requesting the immediate response message, and obtains the network jitter between the local end and the opposite end.
  • the network topology automatic discovery agent module reports network jitter to the network topology discovery analysis server. For example, after the network topology automatic discovery agent module obtains the packet round-trip delay, the network topology automatic discovery agent module separately calculates the packet delay of sending the ICMP ping packet and the report of the ICMP ping packet. Text delay.
  • the network topology auto-discovery agent module delays the packet delay of sending the ICMP ping packet to the packet delay of the previous ICMP ping packet, and obtains the network jitter between the local end and the peer end.
  • the network topology automatic discovery agent module reports network jitter to the network topology discovery analysis server. For example, as shown in FIG. 2, the time when the node A sends the ICMP ping packet to the node B for the first time is T1, the time when the node A receives the ICMP Reply message fed back by the node B is T3, and the node A takes the second time to the node B. The time when the ICMP ping packet is sent is T4, and the time that the node A receives the ICMP Reply packet fed back by the node B is T6. The delay of the message sent for the first time is ⁇ 3 _ T1, and the delay of the second transmission of the message is ⁇ 6 - ⁇ 4.
  • the first time the ICMP request is sent is 10:22:32, and the response is 10:22:327, the first delay is 5 milliseconds.
  • the time to send an ICMP request for the second time is 10:22:330, and the response is 10:22:338, and the second delay is 8 milliseconds.
  • the network topology automatic discovery proxy module performs route detection on the destination IP address of the IP packet to obtain the IP address of the router between the local end and the opposite end.
  • the network type of the IP packet is obtained by the step 101, if the network type of the IP packet is a routing network, the IP and destination IP of the network topology automatic discovery proxy module are absent.
  • the network topology auto-discovery proxy module performs route detection on the destination IP address. Specifically, the network topology auto-discovery proxy module performs traceroute detection on the destination IP address to obtain the local end and the opposite end. The IP address of the router.
  • the execution process of applying TraceRoute is:
  • the network topology automatic discovery agent module first sends an IP data packet with a TTL (Time To Live) of 1 to the destination host, and the first hop routing device on the path receives the data packet.
  • the TTL is decremented by 1 and the TTL of the packet is checked to be 0. If it is 0, the packet is discarded and an ICMP error message is sent back to the network topology automatic discovery proxy module. If not, the continuation is continued. Forward this packet. Since the TTL of the data packet becomes 0 at this time, the first hop routing device discards the data packet and sends back an ICMP error message to indicate that the data packet cannot be sent because of the TTL timeout, where the ICMP error message is Sent by ICMP timeout error message.
  • the network topology automatic discovery proxy module resends an IP packet with a TTL of 2.
  • the second hop routing device returns an ICMP error message indicating that the TTL timeout cannot be sent after receiving the data packet. This process continues until the destination host is reached.
  • the purpose of performing these procedures is to record the source address of each ICMP timeout error message to provide a path through which an IP packet arrives at the destination host.
  • the ICMP response packet is received from the source host, the network from the source host to the destination host is connected. According to the source address of the ICMP timeout error packet recorded above, you can know which source and destination hosts are spanned.
  • the gateway device obtains the IP address of the router between the local end and the peer end.
  • the network topology automatic discovery proxy module requests the immediate response detection of the IP address of the router and the destination IP address of the IP packet to obtain a second detection result.
  • the network topology automatically discovers the IP address of each router and the pair of each router.
  • the IP address of the end makes a request to immediately respond to the probe, and the second probe result is obtained.
  • the network topology automatic discovery proxy module performs ICMP ping detection on the IP address of the router and the destination IP address of the IP packet.
  • the second detection result may be: If the ICMP Reply message fed back by the router is received, the local end and the local end The network connection between the routers is normal. If the ICMP Reply packet is not received by the router, the network connection between the local device and the router is changed. If the ICMP Reply packet is received, the local end is received. The network connection between the peer and the peer is positive If the ICMP Reply packet is not received, the network connection between the local end and the peer end changes.
  • the IP addresses of the routers are R1: 210.9.34.1, R2: 32.223.43.1, R3: 76.52.31.4, and the peer host Host: 100.4.1.43. Then, the network topology automatically discovers that the proxy module starts ICMP Ping detection for each router and the peer host, and obtains the second detection result.
  • step 102 to step 104 refer to the interaction flowchart shown in Figure 3.
  • the network topology auto-discovery agent module and the peer host are connected to two router devices (specifically router A and Router B) is explained as an example.
  • the network topology automatic discovery proxy module performs an ICMP ping detection on the local host, and receives an ICMP Reply message returned by the local host.
  • the network topology automatic discovery agent module performs TraceRoute detection on the peer host, and obtains two routers connected between the network topology automatic discovery agent module and the peer host, respectively, router A and Router ⁇
  • the network topology automatic discovery proxy module performs ICMP Ping detection on the router A, and receives the ICMP Reply message returned by the router A.
  • the network topology automatic discovery proxy module performs ICMP Ping detection on the router B, and receives the ICMP Reply message returned by the router B.
  • the network topology automatic discovery proxy module performs ICMP Ping detection on the peer host, and receives an ICMP Reply packet returned by the peer host.
  • the network topology automatic discovery agent module and the peer host are connected with two router devices as an example. In practical applications, the number of specifically connected router devices is described. It can be detected by TraceRoute. It is only explained here and is not limited.
  • the first detection result described in step 102 of the embodiment of the present invention is actually a detection result
  • the second detection result described in the subsequent step 104 is also a detection result, which is the result in step 102.
  • the first detection result is named only to be distinguished from the second detection result appearing in the subsequent step 104, and the "first" and "second" do not have any relationship in time series or logic, when the first detection result occurs. It is not necessary to have a second detection result.
  • the first detection result does not necessarily appear when the second detection result occurs, only to indicate that it is two different probes. The result is only measured.
  • step 102 and step 104 other naming manners may be adopted, as long as it can indicate that the detection result is different from the two detection results, for example, it can be named as the detection result a and the detection result respectively. b and so on.
  • the network topology automatic discovery agent module reports the first detection result or the second detection result to the network topology discovery analysis server, so that the network topology discovery analysis server receives the first detection result or the second detection result and then draws the network extension. Park map.
  • the network topology includes interconnection information between the network element devices in the network.
  • the network topology automatic discovery proxy module after the network topology automatic discovery proxy module obtains the first detection result or the second detection result, it reports to the network topology discovery analysis server, so that the network topology discovery analysis server receives the first detection result. Or a network topology map is drawn after the second detection result.
  • the network topology automatic discovery proxy module uses the request immediate response detection and route detection to obtain the first detection result or the second detection result, and reports to the network topology discovery analysis server, and the network topology discovery analysis server Draw a network topology.
  • the automatic discovery of the network topology is realized by the technology of requesting immediate response detection and route detection. It does not require the special requirements of the network equipment, and automatically discovers the network topology of the IP system, which has strong versatility and can be effectively implemented.
  • the network topology automatic discovery method provided by the embodiment of the present invention includes:
  • the network topology discovery analysis server receives the first detection result or the second detection result respectively reported by each network topology automatic discovery proxy module.
  • the first detection result is that the network type of the inter-network interconnection protocol IP packet obtained by the network topology automatic discovery proxy module is a direct connection network, and the network topology automatic discovery proxy module requests the destination IP address of the IP packet immediately. The response is detected.
  • the second detection result is that the network type of the IP packet obtained by the network topology automatic discovery proxy module is the routing network, and the network topology automatic discovery proxy module requests the IP address of the IP packet and the IP address of the router to immediately respond to the probe. .
  • the network topology discovery analysis server receives the first detection result or the second detection result respectively reported by each network topology automatic discovery agent module, wherein the network topology automatic discovery agent module obtains the first detection result.
  • the network topology automatic discovery agent module obtains the first detection result.
  • the second detection result please refer to the embodiment shown in FIG. 1 , and details are not described herein again. 402.
  • the network topology discovery analysis server analyzes the first detection result or the second detection result respectively reported by each network topology automatic discovery agent module, and draws a network topology diagram.
  • the network topology discovery analysis server deployed on the NMS server automatically receives each network topology after receiving the first detection result or the second detection result reported by each network topology automatic discovery agent module.
  • the first detection result or the second detection result reported by the proxy module is analyzed, and a network topology map is drawn. If the first detection result or the second detection result reported by each network topology automatic discovery proxy module is redundant, the network topology discovery analysis server deletes the redundant detection result and draws a network topology map.
  • the network topology discovery analysis server collects the local host Hostl to the destination host Host2 path: Hostl: 102.11.21.33, Routel: 102.11.21.1, Route2: 12.3.41.76, destination host Host2: 32.4.34.56.
  • the path from the local host Hostl to the destination host 2 is: Hostl: 102.11.21.33, Routel: 102.11.21.1, Route3: 56.53.2.1, Host3: 78.6.42.5.
  • Comprehensive analysis of the data between the two points delete redundant node data, such as: the local host Hostl to the router Routel: 102.11.21.1 repeated path, draw a complete network topology, as shown in Figure 5.
  • step 402 it may further include:
  • the network topology discovery analysis server receives the protocol type of the IP packet reported by each network topology automatic discovery proxy module.
  • the network topology discovery analysis server After the network topology discovery analysis server receives the protocol type of the IP packet reported by the network topology automatic discovery proxy module, the network topology discovery analysis server respectively draws the network topology map according to different protocol types.
  • the network topology discovery analysis server may separately draw a network topology according to the protocol type that the user needs to present. If the user needs to present the network topology with the protocol of HTTP, the network topology discovery analysis server only needs to draw the HTTP network topology diagram when drawing the network topology map.
  • the network topology discovery analysis server may further include: The network topology automatically discovers that the agent module reports Packet data traffic under each protocol type in a preset time period.
  • the network topology discovery analysis server After the network topology discovery analysis server receives the protocol type of the IP packet reported by the network topology automatic discovery proxy module, the network topology discovery analysis server sets the protocol type under the preset time period according to different protocol types. The packet data traffic is plotted on the network topology.
  • the topology map corresponding to the protocol can be presented on the above protocol topology map, which can more finely manage and monitor the network.
  • step 402 at least one of the following steps S1, S2, and S3 may be further included:
  • the network topology discovery analysis server receives the packet loss rate reported by each network topology automatic discovery agent module.
  • the network topology discovery analysis server receives the round-trip delay reported by each network topology automatic discovery agent module.
  • the network topology discovery analysis server receives the network jitter reported by each network topology automatic discovery proxy module.
  • the network topology discovery analysis server draws the network topology diagram specifically: the network topology discovery analysis server receives the packet loss rate, the packet round trip delay, and the network through at least one step of step S1, step S2, and step S3. At least one of the jitters is plotted on the network topology.
  • the meaning is: If the network topology discovery analysis server performs step S1, the network topology discovery analysis server draws the packet loss rate received in step S1 on the network map. If the network topology discovery analysis server performs step S2, the network topology discovery analysis server draws the round-trip delay of the message received in step S2 on the network map. If the network topology discovery analysis server performs step S3, the network topology discovery analysis server draws the network jitter received in step S3 on the network map.
  • the network topology discovery analysis server draws the received packet loss rate and the packet round-trip delay on the network map. If the network topology discovery analysis server performs steps S1 and S3, the network topology discovery analysis server draws the received packet loss rate and network jitter on the network map. If the network topology discovery analysis server performs steps S2 and S3, the network topology discovery analysis server draws the received message round trip and network jitter on the network map. If the network topology discovery analysis server performs the steps S1, S2, and S3, the network topology discovery analysis server will receive The packet loss rate, packet round trip, and network jitter are plotted on the network map.
  • the network topology discovery analysis server receives the detection results reported by Hostl, Host2, Host3, Host4, Host5, and Route
  • the network topology map can be drawn, and According to different protocols, the network topology map is drawn separately.
  • the total data packet data generated by the HTTP protocol is 6M, and the time is 5 minutes.
  • the packet delay between Hostl and Host2 is 10ms, and the packet loss rate is 1%.
  • the packet delay between Host2 and Host3 is 5ms, and the packet loss rate is 1%.
  • the packet delay between Host2 and Route is 2ms, and the packet loss rate is 0%.
  • the packet delay between Host4 and Route is 1ms, and the packet loss rate is 1%.
  • the packet delay between Host5 and Route is lms, and the packet loss rate is 1%.
  • the application layer protocol is used as an example for HTTP.
  • the network topology using the HTTP protocol can be drawn separately. In the figure, information such as the packet loss rate, delay, and bandwidth mean reported by the proxy module through the network topology on each node can be embodied in the network topology to achieve more refined management and Network monitoring.
  • the network topology map can be drawn, and can be different according to different The protocol maps the network topology separately.
  • the total amount of packet data generated by the FTP protocol is 25M, and the FTP protocol is in the 10-minute period.
  • the packet delay between Hostl and Host2 is 30ms, and the packet loss rate is 3%.
  • the packet delay between Host2 and Route is 10ms, and the packet loss rate is 1%.
  • the packet delay between Host3 and Route is lms, and the packet loss rate is 1%.
  • the application layer protocol is used as an example for FTP.
  • the network topology map using the FTP protocol can be drawn separately. In this figure, the information such as the packet loss rate, delay, and bandwidth mean of the proxy module can be automatically reflected in the network topology through the network topology on each node to achieve more refined management. And monitoring of the network.
  • the network topology automatic discovery proxy module uses the request immediate response detection and route detection to obtain the first detection result or the second detection result, and reports to the network topology discovery analysis server, and the network topology discovery analysis server Draw a network topology.
  • Automatic discovery of network topology is achieved by a technique that requests immediate response detection and route detection, which does not require the provision of special equipment for network equipment. It is required to automatically discover the network topology of the IP system, which is highly versatile and can be effectively implemented.
  • the above embodiment describes the network topology automatic discovery method provided by the embodiment of the present invention.
  • the network topology automatic discovery proxy module 800 provided by the embodiment of the present invention includes: an obtaining unit 801, configured to: Obtain the network type of the IP packet.
  • the network type includes the direct connection network or the routing network.
  • the direct connection network is the source IP address of the IP packet and the destination IP address in the same network segment.
  • the routing network is the source IP address of the IP packet. The network whose address and destination IP address are not in the same network segment.
  • the first detecting unit 802 is configured to: if the network type of the IP packet is a direct connection network, request the immediate response detection of the destination IP address of the IP packet, and obtain the first detection result.
  • the second detecting unit 803 is configured to: if the network type of the IP packet is a routing network, perform route detection on the destination IP address of the IP packet to obtain the IP address of the router between the local end and the opposite end.
  • the third detecting unit 804 is configured to perform an immediate response detection on the IP address of the router and the destination IP address of the IP document to obtain a second detection result.
  • the reporting unit 805 is configured to report the first detection result or the second detection result to the network topology discovery analysis server, so that the network topology discovery analysis server draws the network topology after receiving the first detection result or the second detection result,
  • the network topology map includes interconnection information between various network element devices in the network.
  • the obtaining unit 801 is specifically configured to obtain a destination IP address and a source IP address of the IP packet; according to the IP address of the local end, Obtain a mask corresponding to the IP address of the local end; perform a bitwise operation on the mask with the destination IP address and the source IP address, and compare the bit and operation results of the two. If the bits of the two are the same as the operation result, the IP report The network type of the packet is a direct network. Otherwise, the network type of the IP packet is the routing network.
  • the obtaining unit 801 and the reporting unit 805 an implementation manner is that the obtaining unit 801 is further configured to obtain the protocol type of the IP packet according to the port number of the IP packet. .
  • the reporting unit 805 is also used to report the protocol type of the IP packet to the network topology discovery and analysis server.
  • the obtaining unit 801 and the reporting unit 805 another achievable manner is that the obtaining unit 801 is further configured to use the classification according to different protocol types. The packet data traffic under each protocol is counted in the preset time period.
  • the reporting unit 805 is further configured to report, to the network topology discovery and analysis server, packet data traffic under each protocol within a preset time period.
  • the obtaining unit 801 is further configured to collect the request immediate response report sent in the preset detection period.
  • the number of packets and the number of response packets received by the peer end; the number of immediately responding packets and the number of response packets fed back by the peer are obtained, and the packet loss rate between the local end and the peer end is obtained.
  • the reporting unit 805 is further configured to report the packet loss rate to the network topology discovery and analysis server.
  • the obtaining unit 801 is further configured to obtain the time and the local end of the local end to send the request immediate response message. The time when the response message received by the peer end is received. The time when the local end receives the response message fed back by the peer end minus the time when the local end sends the request response message immediately, and the packet round-trip delay is obtained. It should be noted that, in an actual application, for the obtaining unit 801 and the reporting unit 805, another achievable manner is that the obtaining unit 801 is further configured to separately calculate the message of the previous sending request immediate response message.
  • the delay and the delay of the message of the immediate response message sent by the current request; the delay of the message of the immediate response message sent by the current transmission request minus the delay of the message of the immediately-received request immediate response message, and the local end is obtained.
  • Network jitter between the peer and the peer It should be noted that the information interaction, the execution process, and the like between the modules/units of the foregoing device are the same as the embodiment of the method of the present invention. Referring to the description of the method embodiment shown in FIG. 1 of the present invention, details are not described herein again.
  • the network topology automatic discovery proxy module uses the request immediate response detection and route detection to obtain the first detection result or the second detection result, and reports to the network topology discovery analysis server, and the network topology discovery analysis server Draw a network topology.
  • the automatic discovery of the network topology is realized by the technology of requesting immediate response detection and route detection. It does not require the special requirements of the network equipment, and automatically discovers the network topology of the IP system, which has strong versatility and can be effectively implemented.
  • the network topology discovery analysis server 900 includes:
  • the receiving unit 901 is configured to receive a first detection result or a second detection result respectively reported by each network topology automatic discovery proxy module.
  • the first detection result is that the network topology type obtained by the network topology automatic discovery proxy module is a direct connection network, and the network topology automatic discovery proxy module performs an Internet control message protocol on the destination IP address of the IP packet. An immediate response probe is obtained in response to a request request.
  • the second detection result is that the network type of the IP packet obtained by the network topology automatic discovery proxy module is the routing network, and the network topology automatic discovery proxy module requests the IP address of the IP packet and the IP address of the router to immediately respond to the probe.
  • the network topology includes interconnection information between each network element device in the network.
  • the drawing unit 902 is configured to analyze the first detection result or the second detection result respectively reported by each network topology automatic discovery proxy module, and draw a network topology diagram, where the network topology diagram includes each network element device in the network. Interconnection information.
  • the receiving unit 901 is further configured to receive the IP packet reported by each network topology automatic discovery proxy module. agreement type.
  • the drawing unit 902 is specifically configured to respectively draw a network topology according to different protocol types.
  • the receiving unit 901 is further configured to receive the report of each network topology automatic discovery agent module. Packet data traffic under each protocol type in the set time period.
  • the drawing unit 902 is specifically configured to map the packet data traffic of each protocol type in the preset time period to the network topology according to different protocol types.
  • the receiving unit 901 and the drawing unit 902 another implementation manner is that the receiving unit is further configured to receive a packet loss rate reported by each network topology automatic discovery proxy module, At least one of a message round trip delay and network jitter.
  • the drawing unit 902 is specifically configured to draw at least one of a packet loss rate, a packet round trip delay, and a network jitter received by the receiving unit 901 on a network topology.
  • the execution process of the network topology automatic discovery proxy module 1001 is as shown in FIG. 8, and details are not described herein again.
  • the network topology discovery analysis server 1002 implementation process is shown in Figure 9, and will not be described here.
  • the network topology discovery analysis server 1002 is generally connected to multiple network topology automatic discovery agent modules 1001, and each network topology automatic discovery agent module network topology automatic discovery agent module 1001,
  • the number of network topology auto-discovery proxy modules that are specifically connected is determined by a specific application scenario, and is merely an example and is not limited.
  • the network topology automatic discovery proxy module uses the request immediate response detection and route detection to obtain the first detection result or the second detection result, and reports to the network topology discovery analysis server.
  • the network topology map is drawn by the network topology discovery analysis server.
  • the automatic discovery of the network topology is realized by the technology of requesting immediate response detection and route detection. It does not require the special requirements of the network equipment, and automatically discovers the network topology of the IP system, which is highly versatile and can be effectively implemented.
  • the above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the method, device and system for automatically discovering the network topology provided by the present invention are described in detail above.
  • the specific implementation manner and the application range may be changed. In the above, the contents of this specification are not to be construed as limiting the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了网络拓扑自动发现方法、装置及系统。其中一个方法包括:网络拓扑自动发现代理模块获取IP报文的网络类型;若所述IP报文的网络类型为直连网络,对所述IP报文的目的IP地址进行请求立即应答探测,得到第一探测结果;若所述IP报文的网络类型为路由网络,对所述IP报文的目的IP地址进行路由探测,以获取到本端和对端之间的路由器的IP地址;分别对所述路由器的IP地址、所述IP报文的目的IP地址进行请求立即应答探测,得到第二探测结果;向网络拓扑发现分析服务器上报所述第一探测结果或所述第二探测结果,以使所述网络拓扑发现分析服务器接收到所述第一探测结果或所述第二探测结果之后绘制网络拓扑图。

Description

网络拓朴自动发现方法、 装置及系统
技术领域
本发明实施例涉及网络管理技术领域, 尤其涉及网络拓朴自动发现方法、 装置及系统。 背景技术
网络拓朴发现的主要目的是获取和维护网络节点的存在信息和它们之间 的连接关系信息, 并在此基础上绘制出整个网络拓朴图。 网络管理人员在网络 拓朴图的基础上能够对故障节点进行快速定位。
现有技术中存在一种基于筒单网络管理协议 (SNMP , Simple Network Management Protocol )的网络拓朴自动发现的方法, 首先通过默认网关路由器 获取存在的子网列表, 然后遍历指定子网中所有的活动设备, 并用系统团体名 库去找到设备的团体名, 如果找到则用 SNMP协议获取设备的基本信息, 并 判断出设备的类型(例如设备类型可以为路由器或交换机或防火墙或主机等 ), 并在此基础上获取相应设备的详细信息。如果没有找到设备的团体名, 则默认 此设备为主机。
基于 SNMP 的网络拓朴自动发现的方法找到默认的路由网关的方式为: 查找拓朴发现程序所在计算机的 SNMP MIBII 中的 ipRouteTable, 如果发现 ipRouteDest值为 0.0.0.0的记录, 则说明拓朴发现程序所在的计算机设置了默 认网关, ipRouteNextHop 值即为默认网关的地址。 然后检查默认网关的 ipForwarding值, 如果为 1 , 则表明该默认网关确实是路由设备, 否则不是。
基于 SNMP 的网络拓朴自动发现的方法获取存在的子网列表的方式为: 遍历路由器 ΜΙΒΠ的 IP管理组中管理对象 ipRouteDest下的所有对象,以每个 路由目的网络号为索引, 查询 ipRouteType字段的值。 若该值为 3表明为直接 路由, 若该值为 4则为间接路由。 间接路由表明要通往目的网络或目的主机还 要经过其它路由器, 而直接路由表明与目的网络或目的主机直接相连, 这样就 可以得到与路由器直接相连的网络号。再根据网络号中的每条记录查询其路由 掩码( ipRouteMask )。 根据取得的路由掩码, 就可以确定每一个存在的网络子 网的 IP地址范围。
基于 SNMP 的网络拓朴自动发现的方法发现其它的路由设备的方式为: 查找默认路由网关 ΜΙΒΠ的 IP管理组路由表中类型为间接路由的路由表项, 得到路由的下一跳地址( ipRouteNextHop )。 遍历下一跳地址给出的路由设备, 就可以得到更大的网络拓朴。
基于 SNMP 的网络拓朴自动发现的方法发现网络层设备的连接关系的方 式为: 子网与路由器的连接关系遍历每个路由器下包含的子网来确定, 主机与 子网的关系可以通过主机 IP与子网掩码来确定。 陷:
1、 基于 SNMP的网络拓朴自动发现的方法对路由器有特殊配置要求, 路 由器需要支持查询路由表项的 SNMP MIB库, 且要求拓朴发现程序知道这个 MIB的结构, 存在着系统不兼容性, 导致这种方案通用性不强;
2、基于 SNMP的网络拓朴自动发现的方法需要打开 SNMP查询接口, 但 现实的网络中的路由器可能没有打开, 因为路由器很多,全部打开可能难以实 现, 导致这种方案通用性不强;
3、基于 SNMP的网络拓朴自动发现的方法使用 SNMP需要知道路由器的 SNMP密码, 这样开放这些路由器密码对网络安全性的影响很大,存在较大的 安全风险。 发明内容
本发明实施例提供了网络拓朴自动发现方法、装置及系统, 不需要对网络 设备提供特殊配置, 能够适用于各种网络设备, 自动发现 IP系统的网络拓朴 结构, 通用性强。
一方面, 本发明实施例提供的网络拓朴自动发现方法, 包括:
网络拓朴自动发现代理模块获取网间互连协议 IP报文的网络类型, 所述 网络类型包括直连网络或路由网络, 所述直连网络为 IP 4艮文的源 IP地址和目 的 IP地址在同一网段内的网络, 所述路由网络为 IP报文的源 IP地址和目的 IP地址不在同一网段内的网络; 若所述 IP报文的网络类型为直连网络, 所述网络拓朴自动发现代理模块 对所述 IP报文的目的 IP地址进行请求立即应答探测, 得到第一探测结果; 若所述 IP报文的网络类型为路由网络, 所述网络拓朴自动发现代理模块 对所述 IP 文的目的 IP地址进行路由探测, 以获取到本端和对端之间的路由 器的 IP地址;
所述网络拓朴自动发现代理模块分别对所述路由器的 IP地址、 所述 IP报 文的目的 IP地址进行请求立即应答探测, 得到第二探测结果;
所述网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述第 一探测结果或所述第二探测结果,以使所述网络拓朴发现分析服务器接收到所 述第一探测结果或所述第二探测结果之后绘制网络拓朴图,所述网络拓朴图包 括网络中各个网元设备之间的互连信息。
另一方面, 本发明实施例提供的网络拓朴自动发现方法, 包括: 网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块分别上报 的第一探测结果或第二探测结果,所述第一探测结果为网络拓朴自动发现代理 模块获取的网间互连协议 IP报文的网络类型为直连网络、 网络拓朴自动发现 代理模块对所述 IP报文的目的 IP地址进行请求立即应答探测得到, 所述第二 探测结果为网络拓朴自动发现代理模块获取的 IP报文的网络类型为路由网 络、 网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址和路由器的 IP 地址进行请求立即应答探测得到;
所述网络拓朴发现分析服务器对各个网络拓朴自动发现代理模块分别上 报的第一探测结果或第二探测结果进行分析,绘制出网络拓朴图, 所述网络拓 朴图包括网络中各个网元设备之间的互连信息。
一方面, 本发明实施例提供的网络拓朴自动发现代理模块, 包括: 获取单元, 用于获取网间互连协议 IP报文的网络类型, 所述网络类型包 括直连网络或路由网络, 所述直连网络为 IP报文的源 IP地址和目的 IP地址 在同一网段内的网络, 所述路由网络为 IP报文的源 IP地址和目的 IP地址不 在同一网段内的网络;
第一探测单元, 用于若所述 IP报文的网络类型为直连网络, 对所述 IP报 文的目的 IP地址进行请求立即应答探测, 得到第一探测结果; 第二探测单元, 用于若所述 IP报文的网络类型为路由网络, 对所述 IP报 文的目的 IP地址进行路由探测,以获取到本端和对端之间的路由器的 IP地址; 第三探测单元, 用于分别对所述路由器的 IP地址、 所述 IP报文的目的 IP 地址进行请求立即应答探测, 得到第二探测结果;
上报单元,用于向网络拓朴发现分析服务器上报所述第一探测结果或所述 第二探测结果,以使所述网络拓朴发现分析服务器接收到所述第一探测结果或 所述第二探测结果之后绘制网络拓朴图,所述网络拓朴图包括网络中各个网元 设备之间的互连信息。
另一方面, 本发明实施例提供的网络拓朴发现分析服务器, 包括: 接收单元,用于接收各个网络拓朴自动发现代理模块分别上报的第一探测 结果或第二探测结果,所述第一探测结果为网络拓朴自动发现代理模块获取的 网间互连协议 IP 文的网络类型为直连网络、 网络拓朴自动发现代理模块对 所述 IP报文的目的 IP地址进行请求立即应答探测得到, 所述第二探测结果为 网络拓朴自动发现代理模块获取的 IP报文的网络类型为路由网络、 网络拓朴 自动发现代理模块对所述 IP报文的目的 IP地址和路由器的 IP地址进行请求 立即应答探测得到;
绘图单元,用于对各个网络拓朴自动发现代理模块分别上报的第一探测结 果或第二探测结果进行分析,绘制出网络拓朴图, 所述网络拓朴图包括网络中 各个网元设备之间的互连信息。
从以上技术方案可以看出, 本发明实施例具有以下优点:
本发明实施例中,网络拓朴自动发现代理模块利用请求立即应答探测和路 由探测,得到第一探测结果或第二探测结果, 并向网络拓朴发现分析服务器上 报, 由网络拓朴发现分析服务器绘制出网络拓朴图。通过请求立即应答探测和 路由探测的技术实现了网络拓朴的自动发现,它不需要网络设备的提供特殊的 要求, 自动发现 IP系统的网络拓朴结构, 其通用性强, 可以有效实施。
附图说明
图 1为本发明网络拓朴自动发现方法一个实施例示意图;
图 2为本发明网络拓朴自动发现方法两个节点发送报文的示意图; 图 3为本发明网络拓朴自动发现方法一个应用场景示意图; 图 4为本发明网络拓朴自动发现方法另一实施例示意图;
图 5为本发明网络拓朴自动发现方法绘制出的一个网络拓朴图;
图 6为本发明网络拓朴自动发现方法绘制出的另一个网络拓朴图; 图 7为本发明网络拓朴自动发现方法绘制出的另一个网络拓朴图; 图 8为本发明网络拓朴自动发现代理模块一个实施例示意图;
图 9为本发明网络拓朴发现分析服务器一个实施例示意图;
图 10为本发明网络拓朴自动发现系统一个实施例示意图。
具体实施方式
本发明实施例提供了网络拓朴自动发现方法、装置及系统, 不需要对网络 设备提供特殊配置, 能够适用于各种网络设备, 自动发现 IP系统的网络拓朴 结构, 通用性强。
为使得本发明的发明目的、 特征、 优点能够更加的明显和易懂, 下面将结 合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、 完整地描 述,显然,下面所描述的实施例仅仅是本发明一部分实施例,而非全部实施例。 基于本发明中的实施例, 本领域的技术人员所获得的所有其他实施例,都属于 本发明保护的范围。
本发明网络拓朴自动发现方法一个实施例,该实施例中的网络拓朴自动发 现代理模块部署于监控服务器上, 网络管理系统(NMS, Element Management System )服务器上部署一个网络拓朴发现分析服务器。 请参阅图 1 , 本发明网 络拓朴自动发现方法, 包括:
101、 网络拓朴自动发现代理模块获取网间互连协议 IP报文的网络类型。 其中, IP报文的网络类型包括直连网络或路由网络, 直连网络为 IP报文 的源 IP地址和目的 IP地址在同一网段内的网络, 路由网络为 IP报文的源 IP 地址和目的 IP地址不在同一网段内的网络。
在本发明实施例中, 网络拓朴自动发现代理模块部署于监控服务器上,在 操作系统的接口过滤系统上有网间互连协议(IP, Internet Protocol )报文进入 和流出,网络拓朴自动发现代理模块可以从操作系统的接口过滤系统中获取网 间互连协议 IP 文。
在本发明实施例中,网络拓朴自动发现代理模块判断操作系统的接口过滤 系统中的 IP报文的网络类型是直连网络或路由网络, 具体可以包括:
A1、网络拓朴自动发现代理模块获取 IP报文的目的 IP地址和源 IP地址。 A2、 网络拓朴自动发现代理模块根据本端的 IP地址, 获取到本端的 IP地 址对应的掩码。
A3、 网络拓朴自动发现代理模块将掩码分别与目的 IP地址、 源 IP地址进 行位与运算, 比较两者的位与运算结果, 若两者的位与运算结果相同, 则 IP 报文的网络类型为直连网络, 否则 IP报文的网络类型为路由网络。
在本发明实施例中, 网络拓朴自动发现代理模块根据目的 IP地址和源 IP 地址, 判断 IP报文的网络类型是直连网络或路由网络, 判断该 IP报文是在一 个网段内传输, 还是跨网段传输。 在本发明实施例中, 同一网段的标记为直连 网络, 不同网段为路由网络, 路由网络为 IP报文的源 IP地址和目的 IP地址 不在同一网段内的网络。
例如, 接收到的 IP 文中的目的 IP地址为 120.17.233.1 , 源 IP地址为 120.17.233.2, 查询操作系统的 IP地址可以得到该 IP地址对应的掩码,假定掩 码为 255.255.255.0 , 这样将目的 IP 和掩码进行位与运算得到目的网段为 120.17.233.0, 同样, 将源 IP地址 120.17.233.2和掩码进行位与运算得到源网 段为 120.17.233.0, 比较源网段和目的网段, 发现两者相同, 则然为该 IP报文 的网络类型是直连网路。 又如接收到的 IP报文的目的 IP地址为 120.17.233.1 , 源 IP 地址为 240.12.56.71 , 同理得到目的网段为 120.17.233.0, 但源网段为 240.12.56.0, 两者不相等, 则认为该 IP报文的网络类型为路由网络。
需要说明的是,在本发明实施例中, 网络拓朴自动发现代理模块从操作系 统的接口过滤系统中获取 IP报文之后还包括: 网络拓朴自动发现代理模块根 据 IP报文的端口号, 获取 IP报文的协议类型; 网络拓朴自动发现代理模块向 网络拓朴发现分析服务器上报 IP报文的协议类型。
需要说明的是, 网络拓朴自动发现代理模块根据 IP报文的端口号, 获取
IP报文的协议类型之后还可以包括: 网络拓朴自动发现代理模块根据协议类 型的不同, 分类统计在预置的时间段内各个协议下的报文数据流量, 然后向网 络拓朴发现分析服务器上报,由网络拓朴发现分析服务器将在预置的时间段内 各个协议的报文数据流量信息绘制在网络拓朴图上。 例如, 网络拓朴自动发现代理模块可以统计一定的时间段内,对操作系统 的接口过滤系统进出的每一个 IP报文都进行流量统计, 在获取到各个协议类 型之后可以进行流量的分类统计, 如一个设定的时间段内, HTTP协议下的报 文数据流量为 27M, DNS协议下的报文数据流量为 6M, SSH协议下的报文数 据流量为 8M等, 统计完成之后, 向网络拓朴发现分析服务器上报。
在实际应用中, 应用层协议是可以通过端口号判断的, 一般地, 端口都有 明确规定了所使用的应用层协议, 例如, 网络中常用端口与协议类型为:
HTTP ( HTTP 的中文全称为超文本传输协议, 英文全称为 HyperText Transfer Protocol ): 端口为 80。
DHCP( DHCP的中文全称为动态主机设置协议,英文全称为 Dynamic Host
Configuration Protocol ): 端口为 67 , 是 DHCP服务器端。
DHCP: 端口为 68 , 是 DHCP客户机端。
POP3 ( POP3 的中文全称为邮局协议版本 3 , 英文全称为 Post Office Protocol - Version 3 ): 端口为 110。
SMTP ( SMTP的中文全称为筒单邮件传输协议, 英文全称为 Simple Mail
Transfer Protocol ): 端口为 25。
Telnet ( Telnet的中文全称为电信网络协议,英文全称为 Telecommunication Network Protocol ): 端口为 23。
FTP( FTP的中文全称为文件传输协议,英文全称为 File Transfer Protocol ): FTP使用的端口有 20和 21。 20端口用于数据传输, 21端口用于控制信令的 传输。
TFTP ( TFTP 的中文全称为筒单文件传输协议, 英文全称为 Trivial File Transfer Protocol ): 端口为 69。
DNS ( DNS 的中文全称为域名系统,英文全称为 Domain Name System ): 端口为 53。
NetBIOS ( NetBIOS 的中文全称为网络基本输入输出系统, 英文全称为 Network Basic Input Output System ): 端口为 137、 138、 139。
NNTP( NNTP的中文全称为网络新闻传输协议,英文全称为 Network News Transport Protocol ): 端口为 119。 SNMP ( SNMP 的中文全称为筒单网络管理协议, 英文全称为 Simple Network Management Protocol ): 端口为 161。
RPC( RPC的中文全称为远程过程调用协议,英文全称为 Remote Procedure Call Protocol ): 端口为 135。
QQ: 使用端口为 8000和 4000, 其中服务端为 8000, 客户端为 4000。
Bootp服务的 Bootstrap Protocol Served引导程序协议服务端)和 Bootstrap Protocol Client (引导程序协议客户端), 端口为 67、 68。
Finger : 端口为 79。
Metagram Relay (亚对策延时 ) 的服务: 端口为 99。
POP2 (由局十办议版本 2, Post Office Protocol Version2, ): 端口为 109。
RPC (中文全称为远程过程调用, 英文全称为 Remote Procedure Call, ): 端口为 111。
Authentication Service (验证服务): 端口为 113 。
IMAP (中文全称为 Internet 消息访问协议, 英文全称为 Internet Message Access Protocol ): 端口为 143。
HTTPS (中文全称为安全超文本传输协议, 英文全称为 Hypertext Transfer Protocol over Secure Socket Layer ): 端口为 443。
RTSP(中文全称为实时流协议,英文全称为 Real Time Streaming Protocol ): 端口为 554。
Reserved (保留): 端口为 1024。
Socks 代理服务: 端口为 1080。
MMS (中文全称为微软媒体服务器,英文全称为 Microsoft Media Server ): 端口为 1755。
远程桌面服务: 端口为 3389端口。
以上举例只是说明了端口和协议类型之间对应关系,在实际应用中,还存 在其它的端口和各自对应的协议类型, 此处只作为说明之用, 不作为限定。
需要说明的是,在本发明实施例中, 网络拓朴自动发现代理模块获取到 IP 报文的目的 IP地址、 网络类型、 协议类型之后, 可以做出如下表 1 , 用于描 述各个 IP报文的相关属性。 表 1为网络拓朴自动发现代理模块对 IP报文的目的地址、 网络类型、 协 议类型之间的关系表:
Figure imgf000011_0001
102、若 IP报文的网络类型为直连网络, 网络拓朴自动发现代理模块对 IP 报文的目的 IP地址进行请求立即应答探测, 得到第一探测结果。
在本发明实施例中, 由步骤 101的获取到的 IP报文的网络类型可知, 若
IP报文的网络类型为直连网络, 则网络拓朴自动发现代理模块的 IP与目的 IP 在同一网络, 网络拓朴自动发现代理模块对目的 IP地址进行请求立即应答探 测, 得到第一探测结果。
在实际应用中, 网络拓朴自动发现代理模块具体可以对目的 IP地址进行 因特网控制报文协议回应请求(ICMP Ping )探测, 得到第一探测结果。 其中, 第一探测结果具体可以为:如果接收到因特网控制报文协议回应( ICMP Reply ) 报文, 则本端和对端之间的网络连接正常,表明本端与对端之间有直连的拓朴 连线; 如果没有接收到 ICMP Reply报文, 则本端和对端之间的网络连接有变 化, 需要进行拓朴刷新。
需要说明的是,网络拓朴自动发现代理模块对目的 IP地址进行 ICMP Ping 可以是周期的,其探测周期可以根据网络拓朴中链路的服务质量(QoS, Quality of Service ) 的要求设置。
需要说明的是, 在本发明实施例中, 网络拓朴自动发现代理模块对 IP报 文的目的 IP地址进行请求立即应答探测之后还包括:
网络拓朴自动发现代理模块统计在预置的探测周期内发送的请求立即应 答报文个数和接收对端反馈的应答报文个数。
网络拓朴自动发现代理模块根据请求立即应答报文个数和对端反馈的应 答报文个数, 获取本端和对端之间的丟包率。 网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报丟包率。 例如, 当步骤 102网络拓朴自动发现代理模块对目的 IP地址进行 ICMP Ping探测之后, 还可以包括:
网络拓朴自动发现代理模块统计在预置的探测周期内发送 ICMP Ping报 文个数和接收 ICMP Reply 文个数;
网络拓朴自动发现代理模块将 ICMP Reply个数报文除以 ICMP Ping报文 个数乘以 100%, 得到本端和对端之间的丟包率。
网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述丟包率。 例如, 对每个对端探测多次, 如 20次, 如果全部接收到应答报文, 则丟 包率为 0%, 如果有 2个丟弃, 则丟包率为 10%。
需要说明的是, 在本发明实施例中, 网络拓朴自动发现代理模块对 IP报 文的目的 IP地址进行请求立即应答探测之后还包括:
网络拓朴自动发现代理模块获取本端发送请求立即应答报文的时间和本 端接收到对端反馈的应答报文的时间。
网络拓朴自动发现代理模块将本端接收到对端反馈的应答报文的时间减 去本端发送请求立即应答报文的时间, 得到报文往返延时。
网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报报文往返延 时。
例如, 当网络拓朴自动发现代理模块对目的 IP地址进行 ICMP Ping探测 之后, 还可以包括:
网络拓朴自动发现代理模块获取本端发送 ICMP Ping报文的时间和本端 接收到对端反馈的 ICMP Reply报文的时间。
网络拓朴自动发现代理模块将本端接收到对端反馈的 ICMP Reply报文的 时间减去本端发送 ICMP Ping报文的时间, 得到报文往返延时。
网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报报文往返延 时。
例如, 如图 2所示, 节点 A向节点 B第一次发送 ICMP Ping 文的时间 为 T1 , 节点 A接收到节点 B反馈的 ICMP Reply报文的时间为 T3 , 则报文往 返延时 ( RTD, Round-Trip Delay) RTD1 = T3 - Tl。 如第一次发送时记录的时 间为 10时 22分 323毫秒,接收到应答时时间为 10时 22分 327毫秒, 则往返 时延 =10时 22分 327毫秒 - 10时 22分 323毫秒 =5毫秒。
需要说明的是, 网络拓朴自动发现代理模块得到报文往返延时之后还包 括:
网络拓朴自动发现代理模块分别计算出前次发送请求立即应答报文的报 文延时和本次发送请求立即应答报文的报文延时。
网络拓朴自动发现代理模块将本次发送请求立即应答报文的报文延时减 去前次发送请求立即应答报文的报文延时, 得到本端和对端之间的网络抖动。
网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报网络抖动。 例如, 网络拓朴自动发现代理模块得到报文往返延时之后还包括: 网络拓朴自动发现代理模块分别计算出前次发送 ICMP Ping报文的报文 延时和本次发送 ICMP Ping报文的报文延时。
网络拓朴自动发现代理模块将本次发送 ICMP Ping报文的报文延时减去 前次发送 ICMP Ping报文的报文延时, 得到本端和对端之间的网络抖动。
网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报网络抖动。 例如, 如图 2所示, 节点 A向节点 B第一次发送 ICMP Ping报文的时间 为 T1 , 节点 A接收到节点 B反馈的 ICMP Reply报文的时间为 T3 , 节点 A向 节点 B第二次发送 ICMP Ping报文的时间为 T4 ,节点 A接收到节点 B反馈的 ICMP Reply报文的时间为 T6。 则第一次发送报文的报文延时为 Τ3 _ T1 , 第 二次发送才艮文的才艮文延时为 Τ6 - Τ4。 贝' J网给抖动= ( T6 - T4 ) - (T3 - T1 )。 例如第一次发送 ICMP请求的时间为 10时 22分 323毫秒, 接收应答为 10时 22分 327毫秒, 则第一次时延为 5毫秒。 第二次发送 ICMP请求的时间为 10 时 22分 330毫秒,接收应答为 10时 22分 338毫秒, 则第二次时延为 8毫秒。 则网络抖动为 8毫秒 - 5毫秒 =3毫秒。
103、若 IP报文的网络类型为路由网络, 网络拓朴自动发现代理模块对 IP 报文的目的 IP地址进行路由探测, 以获取到本端和对端之间的路由器的 IP地 址。
在本发明实施例中, 由步骤 101获取到 IP报文的网络类型之后, 若 IP报 文的网络类型为路由网络, 则网络拓朴自动发现代理模块的 IP与目的 IP不在 同一网络, 网络拓朴自动发现代理模块对目的 IP地址进行路由探测具体可以 为网络拓朴自动发现代理模块对目的 IP地址进行跟踪路由( TraceRoute )探测, 以获取到本端和对端之间的路由器的 IP地址。
应用 TraceRoute 的执行过程是: 网络拓朴自动发现代理模块首先向目的 主机发送一个生存时间( TTL , Time To Live)为 1的 IP数据包, 当路径上的第 一跳路由设备收到此数据包时将 TTL减 1 , 并检查此数据包的 TTL是否为 0, 如果为 0, 则将数据包丟弃并给网络拓朴自动发现代理模块发送回一 ICMP错 误消息, 如果不为 0, 则继续转发此数据包。 由于此时数据包的 TTL变为 0, 因此该第一跳路由设备会将数据包丟弃,并发送回一个 ICMP错误消息以指明 此数据包因为 TTL超时而不能被发送, 其中 ICMP错误消息是通过 ICMP超 时差错报文发送。 之后网络拓朴自动发现代理模块重新发送一个 TTL为 2的 IP数据包, 同样第二跳路由设备收到数据包后将返回一个指明 TTL超时而不 能被发送的 ICMP错误消息。 这个过程不断进行, 直到到达目的主机为止。 执 行这些过程的目的是记录每一个 ICMP超时差错报文的源地址,以提供一个 IP 数据包到达目的主机所经历的路径。当最后收到目的主机回应的 ICMP应答报 文时, 说明从源主机到目的主机的网络是连通的, 并且根据上述记录的 ICMP 超时差错报文源地址, 可以知道源、 目的主机间跨越了哪些网关设备, 获取到 本端和对端之间的路由器的 IP地址。
104、 网络拓朴自动发现代理模块对路由器的 IP地址、 IP报文的目的 IP 地址进行请求立即应答探测, 得到第二探测结果。
在本发明实施例中,步骤 103中得到网络连接为路由网络的情况下本端和 对端之间的全部路由器的 IP地址之后, 网络拓朴自动发现代理模块对每一个 路由器的 IP地址以及对端的 IP地址进行请求立即应答探测, 得到第二探测结 果。
其中, 网络拓朴自动发现代理模块对路由器的 IP地址、 IP报文的目的 IP 地址进行 ICMP Ping探测, 第二探测结果具体可以为: 如果接收到路由器反馈 的 ICMP Reply报文, 则本端和该路由器之间的网络连接正常, 如果没有接收 到路由器反馈的 ICMP Reply报文,则本端和该路由器之间的网络连接有变化; 如果接收到对端反馈的 ICMP Reply报文, 则本端和对端之间的网络连接正 常, 如果没有接收到对端反馈的 ICMP Reply报文, 则本端和对端之间的网络 连接有变化。
例如,通过步骤 103,得到了路由器的 IP地址分别为 R1: 210.9.34.1 , R2: 32.223.43.1 , R3: 76.52.31.4, 对端主机 Host: 100.4.1.43。 则网络拓朴自动发现 代理模块开始对每个路由器以及对端主机进行 ICMP Ping探测,得到第二探测 结果。
为了详细说明步骤 102至步骤 104的实现过程,请参阅图 3所示的交互流 程图,以网络拓朴自动发现代理模块与对端主机之间共连接有两个路由器设备 (具体为路由器 A和路由器 B ) 为例进行说明。
301、 若网络类型为直连网络, 网络拓朴自动发现代理模块对本端主机进 行 ICMP Ping探测, 并接收到本端主机返回的 ICMP Reply报文。
302、 若网络类型为路由网络, 网络拓朴自动发现代理模块对对端主机进 行 TraceRoute探测, 获取到网络拓朴自动发现代理模块与对端主机之间连接 有两个路由器, 分别为路由器 A和路由器^
303、 网络拓朴自动发现代理模块对路由器 A进行 ICMP Ping探测, 并接 收到路由器 A返回的 ICMP Reply报文。
304、 网络拓朴自动发现代理模块对路由器 B进行 ICMP Ping探测, 并接 收到路由器 B返回的 ICMP Reply报文。
305、 网络拓朴自动发现代理模块对对端主机进行 ICMP Ping探测, 并接 收到对端主机返回的 ICMP Reply报文。
需要说明的是,在图 3中是以网络拓朴自动发现代理模块与对端主机之间 共连接有两个路由器设备为例进行说明的,在实际应用中, 具体连接的路由器 设备的个数可以由 TraceRoute探测得到, 此处仅作说明, 不做限定。
需要说明的是,在本发明实施例的步骤 102中描述的第一探测结果其实是 一种探测结果, 另外后续步骤 104中描述的第二探测结果也是一种探测结果, 在步骤 102中之所以命名为第一探测结果只是为了和后续步骤 104中出现的第 二探测结果相区别, 其 "第一" 和 "第二" 并不具有时序上或者逻辑上的任何 关系, 当出现第一探测结果时不是一定要出现第二探测结果, 当然在出现第二 探测结果时也不是一定要出现第一探测结果,只为了表示分别是两个不同的探 测结果而已。当然为了区别步骤 102和步骤 104中分别出现的探测结果还可以 采用其它的命名方式, 只要能够表示这个探测结果是不同的两个探测结果即 可, 例如, 可以分别命名为探测结果 a和探测结果 b等。
105、 网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报第一探 测结果或第二探测结果,以使网络拓朴发现分析服务器接收到第一探测结果或 第二探测结果之后绘制网络拓朴图。
其中, 网络拓朴图包括网络中各个网元设备之间的互连信息。
在本发明实施例中,当网络拓朴自动发现代理模块得到第一探测结果或第 二探测结果之后, 向网络拓朴发现分析服务器上报, 以使网络拓朴发现分析服 务器接收到第一探测结果或第二探测结果之后绘制网络拓朴图。
本发明实施例中,网络拓朴自动发现代理模块利用请求立即应答探测和路 由探测,得到第一探测结果或第二探测结果, 并向网络拓朴发现分析服务器上 报, 由网络拓朴发现分析服务器绘制出网络拓朴图。通过请求立即应答探测和 路由探测的技术实现了网络拓朴的自动发现,它不需要网络设备的提供特殊的 要求, 自动发现 IP系统的网络拓朴结构, 其通用性强, 可以有效实施。 接下来, 请参阅图 4所示, 本发明实施例提供的网络拓朴自动发现方法, 包括:
401、 网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块分别 上报的第一探测结果或第二探测结果。
其中,第一探测结果为网络拓朴自动发现代理模块获取的网间互连协议 IP 报文的网络类型为直连网络、 网络拓朴自动发现代理模块对 IP报文的目的 IP 地址进行请求立即应答探测得到。第二探测结果为网络拓朴自动发现代理模块 获取的 IP报文的网络类型为路由网络、 网络拓朴自动发现代理模块对 IP报文 的目的 IP地址和路由器的 IP地址进行请求立即应答探测得到。
在本发明实施例中,网络拓朴发现分析服务器接收各个网络拓朴自动发现 代理模块分别上报的各自的第一探测结果或第二探测结果,其中网络拓朴自动 发现代理模块获取第一探测结果或第二探测结果请参阅图 1所示的实施例,此 处不再赘述。 402、 网络拓朴发现分析服务器对各个网络拓朴自动发现代理模块的分别 上报的的第一探测结果或第二探测结果进行分析, 绘制出网络拓朴图。
在本发明实施例中, 部署于 NMS服务器上的网络拓朴发现分析服务器在 接收到各个网络拓朴自动发现代理模块上报的第一探测结果或第二探测结果 之后,对每个网络拓朴自动发现代理模块上报的第一探测结果或第二探测结果 进行分析,绘出出网络拓朴图。若各个网络拓朴自动发现代理模块上报的第一 探测结果或第二探测结果存在冗余,则网络拓朴发现分析服务器删除掉冗余的 探测结果, 绘制出网络拓朴图。
例如: 网络拓朴发现分析服务器收集到本地主机 Hostl到目的主机 Host2 的路径为: Hostl : 102.11.21.33 , Routel : 102.11.21.1 , Route2: 12.3.41.76, 目的主机 Host2: 32.4.34.56。 本地主机 Hostl到目的主机 2的路径为: Hostl : 102.11.21.33, Routel : 102.11.21.1 , Route3: 56.53.2.1 , Host3: 78.6.42.5。 综 合分析其两点之间的数据, 删除其中冗余的节点数据, 如: 本地主机 Hostl到 路由器 Routel : 102.11.21.1 的重复路径, 绘制出完整的网络拓朴图, 如图 5 所示。
需要说明的是, 在步骤 402之前还可以进一步的包括:
网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的 IP 报文的协议类型。
网络拓朴发现分析服务器接收到网络拓朴自动发现代理模块上报的 IP报 文的协议类型之后, 网络拓朴发现分析服务器根据各个不同的协议类型, 分别 绘制出网络拓朴图。
例如, 根据本发明实施例提供的表 1中, 有各个目的 IP地址与协议类型 的对应关系,则网络拓朴发现分析服务器可以根据用户的选择需要呈现的协议 类型而单独绘制出网络拓朴图,如用户需要呈现协议为 HTTP的网络拓朴, 则 网络拓朴发现分析服务器在绘制网络拓朴图时只需要绘制 HTTP 的网络拓朴 图即可。
需要说明的是,在本发明实施例中, 当网络拓朴发现分析服务器接收各个 网络拓朴自动发现代理模块上报的 IP报文的协议类型之后, 还可以包括: 网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的在 预置的时间段内各个协议类型下的报文数据流量。
网络拓朴发现分析服务器接收到网络拓朴自动发现代理模块上报的 IP报 文的协议类型之后, 网络拓朴发现分析服务器根据各个不同的协议类型,将预 置的时间段内各个协议类型下的报文数据流量分别绘制在网络拓朴图上。
网络拓朴发现分析服务器统计时也根据其应用层协议类型进行统计,这样 可以在上面的协议拓朴图上呈现出协议对应的拓朴图,可以更精细化的管理和 监控网络。
需要说明的是, 在步骤 402之前还可以进一步的包括如下步骤 Sl、 步骤 S2、 步骤 S3中的至少一个步骤:
S1、网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的 丟包率。
52、网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的 才艮文往返延时。
53、网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的 网络抖动。
网络拓朴发现分析服务器绘制出网络拓朴图具体为:网络拓朴发现分析服 务器将通过步骤 Sl、 步骤 S2、 步骤 S3 中的至少一个步骤接收到的丟包率、 报文往返延时、 网络抖动中的至少一个绘制在网络拓朴图上。 其含义为: 若网 络拓朴发现分析服务器执行了步骤 S1 , 则网络拓朴发现分析服务器将步骤 S1 中接收到的丟包率绘制在网络图上。 若网络拓朴发现分析服务器执行了步骤 S2, 则网络拓朴发现分析服务器将步骤 S2中接收到的报文往返延时绘制在网 络图上。 若网络拓朴发现分析服务器执行了步骤 S3, 则网络拓朴发现分析服 务器将步骤 S3中接收到的网络抖动绘制在网络图上。 若网络拓朴发现分析服 务器执行了步骤是 S1和 S2,则网络拓朴发现分析服务器将接收到的丟包率和 报文往返时延绘制在网络图上。 若网络拓朴发现分析服务器执行了步骤是 S1 和 S3, 则网络拓朴发现分析服务器将接收到的丟包率和网络抖动绘制在网络 图上。 若网络拓朴发现分析服务器执行了步骤是 S2和 S3 , 则网络拓朴发现分 析服务器将接收到的报文往返时和网络抖动延绘制在网络图上。若网络拓朴发 现分析服务器执行了步骤是 Sl、 S2和 S3, 则网络拓朴发现分析服务器将接收 到的丟包率、 报文往返时和网络抖动延绘制在网络图上。
例如,在一个设定的 5分钟的时间段内, 网络拓朴发现分析服务器接收到 Hostl、 Host2、 Host3、 Host4、 Host5、 Route各自上报的探测结果之后, 可以 绘制出网络拓朴图, 并且可以根据不同的协议分别绘制网络拓朴图, 如图 6 所示, 在一个设定的 5分钟的时间段内, HTTP协议总共产生的报文数据流量 为 6M , 则在 5 分钟的时间段内的 HTTP 协议的带宽均值为 6 x 8 + 300Mbps=0.16Mbps。 Hostl与 Host2之间的报文延时为 10ms, 丟包率为 1%。 Host2与 Host3之间的报文延时为 5ms, 丟包率为 1%。 Host2与 Route之间的 报文延时为 2ms, 丟包率为 0%。 Host4与 Route之间的报文延时为 1ms, 丟包 率为 1%。 Host5与 Route之间的报文延时为 lms, 丟包率为 1%。 以应用层协 议为 HTTP为例进行说明, 可以单独绘制出使用 HTTP协议的网络拓朴图。在 该图中, 通过各个节点上的网络拓朴自动发现代理模块上报的丟包率、 时延、 带宽均值等信息都可以体现在网络拓朴图中,以实现更为精细化的管理和对网 络的监控。
又例如, 在一个设定的 10分钟的时间段内, 网络拓朴发现分析服务器接 收到 Hostl、 Host2、 Host3、 Route各自上报的探测结果之后, 可以绘制出网络 拓朴图, 并且可以根据不同的协议分别绘制网络拓朴图, 如图 7所示, 在一个 设定的 10分钟的时间段内, FTP协议总共产生的报文数据流量为 25M, 则在 10 分钟的时间段内的 FTP协议的带宽均值为 25 x 8 ÷ 600Mbps=0.33Mbps。 Hostl与 Host2之间的报文延时为 30ms,丟包率为 3%。 Host2与 Route之间的 报文延时为 10ms, 丟包率为 1%。 Host3与 Route之间的报文延时为 lms, 丟 包率为 1%。 以应用层协议为 FTP为例进行说明, 可以单独绘制出使用 FTP 协议的网络拓朴图。在该图中,通过各个节点上的网络拓朴自动发现代理模块 上才艮的丟包率、 时延、 带宽均值等信息都可以体现在网络拓朴图中, 以实现更 为精细化的管理和对网络的监控。
本发明实施例中,网络拓朴自动发现代理模块利用请求立即应答探测和路 由探测,得到第一探测结果或第二探测结果, 并向网络拓朴发现分析服务器上 报, 由网络拓朴发现分析服务器绘制出网络拓朴图。通过请求立即应答探测和 路由探测的技术实现了网络拓朴的自动发现,它不需要网络设备的提供特殊的 要求, 自动发现 IP系统的网络拓朴结构, 其通用性强, 可以有效实施。 以上实施例介绍了本发明实施例提供的网络拓朴自动发现方法,接下来请 参阅图 8所示, 本发明实施例提供的网络拓朴自动发现代理模块 800, 包括: 获取单元 801 , 用于获取 IP报文的网络类型, 网络类型包括直连网络或 路由网络, 直连网络为 IP报文的源 IP地址和目的 IP地址在同一网段内的网 络, 路由网络为 IP报文的源 IP地址和目的 IP地址不在同一网段内的网络。
第一探测单元 802, 用于若 IP报文的网络类型为直连网络, 对 IP报文的 目的 IP地址进行请求立即应答探测, 得到第一探测结果。
第二探测单元 803, 用于若 IP报文的网络类型为路由网络, 对 IP报文的 目的 IP地址进行路由探测, 以获取到本端和对端之间的路由器的 IP地址。
第三探测单元 804, 用于分别对路由器的 IP地址、 IP 文的目的 IP地址 进行请求立即应答探测, 得到第二探测结果。
上报单元 805, 用于向网络拓朴发现分析服务器上报第一探测结果或第二 探测结果,以使网络拓朴发现分析服务器接收到第一探测结果或第二探测结果 之后绘制网络拓朴图, 网络拓朴图包括网络中各个网元设备之间的互连信息。
需要说明的是, 在实际应用中, 对于获取单元 801而言, 一种可实现的方 式是, 获取单元 801具体用于获取 IP报文的目的 IP地址和源 IP地址; 根据 本端的 IP地址, 获取到本端的 IP地址对应的掩码; 将掩码分别与目的 IP地 址、 源 IP地址进行位与运算, 比较两者的位与运算结果, 若两者的位与运算 结果相同, 则 IP报文的网络类型为直连网络, 否则 IP报文的网络类型为路由 网络。
需要说明的是,在实际应用中,对于获取单元 801和上报单元 805而言, 一种可实现的方式是, 获取单元 801还用于根据 IP报文的端口号, 获取 IP报 文的协议类型。
上报单元 805, 还用于向网络拓朴发现分析服务器上报 IP报文的协议类 型。
需要说明的是, 在实际应用中, 对于获取单元 801和上报单元 805而言, 另一种可实现的方式是, 获取单元 801 , 还用于根据协议类型的不同, 分类统 计在预置的时间段内各个协议下的报文数据流量。
上报单元 805, 还用于向网络拓朴发现分析服务器上报在预置的时间段内 各个协议下的报文数据流量。
需要说明的是, 在实际应用中, 对于获取单元 801和上报单元 805而言, 另一种可实现的方式是,获取单元 801还用于统计在预置的探测周期内发送的 请求立即应答报文个数和接收对端反馈的应答报文个数;根据请求立即应答报 文个数和对端反馈的应答报文个数, 获取本端和对端之间的丟包率。
上报单元 805, 还用于向网络拓朴发现分析服务器上报丟包率。
需要说明的是, 在实际应用中, 对于获取单元 801和上报单元 805而言, 另一种可实现的方式是,获取单元 801还用于获取本端发送请求立即应答报文 的时间和本端接收到对端反馈的应答报文的时间;将本端接收到对端反馈的应 答报文的时间减去本端发送请求立即应答报文的时间, 得到报文往返延时。 需要说明的是, 在实际应用中, 对于获取单元 801和上报单元 805而言, 另一种可实现的方式是, 获取单元 801 , 还用于分别计算出前次发送请求立即 应答报文的报文延时和本次发送请求立即应答报文的报文延时;将本次发送请 求立即应答报文的报文延时减去前次发送请求立即应答报文的报文延时,得到 本端和对端之间的网络抖动。 需要说明的是, 上述装置各模块 /单元之间的信息交互、 执行过程等内容, 由于与本发明方法实施例基于同一构思,其带来的技术效果与本发明方法实施 例相同, 具体内容可参见本发明如图 1所示的方法实施例中的叙述, 此处不再 赘述。
本发明实施例中,网络拓朴自动发现代理模块利用请求立即应答探测和路 由探测,得到第一探测结果或第二探测结果, 并向网络拓朴发现分析服务器上 报, 由网络拓朴发现分析服务器绘制出网络拓朴图。通过请求立即应答探测和 路由探测的技术实现了网络拓朴的自动发现,它不需要网络设备的提供特殊的 要求, 自动发现 IP系统的网络拓朴结构, 其通用性强, 可以有效实施。 所示, 网络拓朴发现分析服务器 900, 包括:
接收单元 901 , 用于接收各个网络拓朴自动发现代理模块分别上报的第一 探测结果或第二探测结果。第一探测结果为网络拓朴自动发现代理模块获取的 网间互连协议 IP 文的网络类型为直连网络、 网络拓朴自动发现代理模块对 IP报文的目的 IP地址进行因特网控制报文协议回应请求请求立即应答探测得 到。 第二探测结果为网络拓朴自动发现代理模块获取的 IP报文的网络类型为 路由网络、网络拓朴自动发现代理模块对 IP报文的目的 IP地址和路由器的 IP 地址进行请求立即应答探测得到,网络拓朴图包括网络中各个网元设备之间的 互连信息。
绘图单元 902, 用于对各个网络拓朴自动发现代理模块的分别上报的第一 探测结果或第二探测结果进行分析,绘制出网络拓朴图, 网络拓朴图包括网络 中各个网元设备之间的互连信息。
需要说明的是, 在实际应用中, 对于接收单元 901和绘图单元 902而言, 一种可实现的方式是,接收单元 901还用于接收各个网络拓朴自动发现代理模 块上报的 IP报文的协议类型。
绘图单元 902, 具体用于根据各个不同的协议类型, 分别绘制出网络拓朴 图。
需要说明的是, 在实际应用中, 对于接收单元 901和绘图单元 902而言, 另一种可实现的方式是, 接收单元 901 , 还用于接收各个网络拓朴自动发现代 理模块上报的在预置的时间段内各个协议类型下的报文数据流量。
绘图单元 902, 具体用于根据各个不同的协议类型, 将预置的时间段内各 个协议类型下的报文数据流量分别绘制在网络拓朴图上。
需要说明的是, 在实际应用中, 对于接收单元 901和绘图单元 902而言, 另一种可实现的方式是,接收单元还用于接收各个网络拓朴自动发现代理模块 上报的丟包率、 报文往返延时、 网络抖动中的至少一个。
绘图单元 902,具体用于将接收单元 901接收到的丟包率、报文往返延时、 网络抖动中的至少一个绘制在网络拓朴图上。
需要说明的是, 上述装置各模块 /单元之间的信息交互、 执行过程等内容, 由于与本发明方法实施例基于同一构思,其带来的技术效果与本发明方法实施 例相同, 具体内容可参见本发明如图 4所示的方法实施例中的叙述, 此处不再 赘述。
本发明实施例中,网络拓朴自动发现代理模块利用请求立即应答探测和路 由探测,得到第一探测结果或第二探测结果, 并向网络拓朴发现分析服务器上 报, 由网络拓朴发现分析服务器绘制出网络拓朴图。通过请求立即应答探测和 路由探测的技术实现了网络拓朴的自动发现,它不需要网络设备的提供特殊的 要求, 自动发现 IP系统的网络拓朴结构, 其通用性强, 可以有效实施。 以上实施例介绍了本发明实施例提供的网络拓朴自动发现代理模块和网 络拓朴发现分析服务器, 接下来, 请参阅图 10, 本发明实施例提供的网络拓 朴自动发现系统 1000, 包括:
网络拓朴自动发现代理模块 1001和网络拓朴发现分析服务器 1002。
其中, 网络拓朴自动发现代理模块 1001执行过程请参阅如图 8所示, 此 处不再赘述。 网络拓朴发现分析服务器 1002执行过程请参阅如图 9所示, 此 处不再赘述。
需要说明的是, 在实际应用中, 网络拓朴发现分析服务器 1002通常会和 多个网络拓朴自动发现代理模块 1001相连, 各个网络拓朴自动发现代理模块 个网络拓朴自动发现代理模块 1001 , 但是在实际应用中, 具体连接的网络拓 朴自动发现代理模块个数由具体的应用场景决定, 此处只是示例, 不做限定。
本发明实施例提供的网络拓朴自动发现系统中,网络拓朴自动发现代理模 块利用请求立即应答探测和路由探测,得到第一探测结果或第二探测结果, 并 向网络拓朴发现分析服务器上报,由网络拓朴发现分析服务器绘制出网络拓朴 图。通过请求立即应答探测和路由探测的技术实现了网络拓朴的自动发现, 它 不需要网络设备的提供特殊的要求, 自动发现 IP系统的网络拓朴结构, 其通 用性强, 可以有效实施。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤 是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可 读存储介质中, 上述提到的存储介质可以是只读存储器, 磁盘或光盘等。 以上对本发明所提供的网络拓朴自动发现方法、装置及系统进行了详细介 绍, 对于本领域的一般技术人员, 依据本发明实施例的思想, 在具体实施方式 及应用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为对本发明 的限制。

Claims

权 利 要 求
1、 一种网络拓朴自动发现方法, 其特征在于, 包括:
网络拓朴自动发现代理模块获取网间互连协议 IP报文的网络类型, 所述 网络类型包括直连网络或路由网络, 所述直连网络为 ΙΡ ·¾文的源 IP地址和目 的 IP地址在同一网段内的网络, 所述路由网络为 IP报文的源 IP地址和目的 IP地址不在同一网段内的网络;
若所述 IP报文的网络类型为直连网络, 所述网络拓朴自动发现代理模块 对所述 IP报文的目的 IP地址进行请求立即应答探测, 得到第一探测结果; 若所述 IP报文的网络类型为路由网络, 所述网络拓朴自动发现代理模块 对所述 IP 文的目的 IP地址进行路由探测, 以获取到本端和对端之间的路由 器的 IP地址;
所述网络拓朴自动发现代理模块分别对所述路由器的 IP地址、 所述 IP报 文的目的 IP地址进行请求立即应答探测, 得到第二探测结果;
所述网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述第 一探测结果或所述第二探测结果,以使所述网络拓朴发现分析服务器接收到所 述第一探测结果或所述第二探测结果之后绘制网络拓朴图,所述网络拓朴图包 括网络中各个网元设备之间的互连信息。
2、 根据权利要求 1所述的网络拓朴自动发现方法, 其特征在于, 所述方 法还包括:
所述网络拓朴自动发现代理模块根据所述 IP报文的端口号, 获取所述 IP 报文的协议类型;
所述网络拓朴自动发现代理模块向所述网络拓朴发现分析服务器上报所 述 IP ^艮文的协议类型。
3、 根据权利要求 2所述的网络拓朴自动发现方法, 其特征在于, 所述方 法还包括:
所述网络拓朴自动发现代理模块根据协议类型的不同,分类统计在预置时 间段内各个协议下的报文数据流量, 然后向所述网络拓朴发现分析服务器上 报。
4、 根据权利要求 1至 3中任一项所述的网络拓朴自动发现方法, 其特征 在于, 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址进行请求 立即应答探测之后还包括:
所述网络拓朴自动发现代理模块统计在预置的探测周期内发送的请求立 即应答报文个数和接收对端反馈的应答报文个数;
所述网络拓朴自动发现代理模块根据所述请求立即应答报文个数和所述 对端反馈的应答报文个数, 获取本端和对端之间的丟包率;
所述网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述丟 包率。
5、 根据权利要求 1至 4中任一项所述的网络拓朴自动发现方法, 其特征 在于, 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址进行请求 立即应答探测之后还包括:
所述网络拓朴自动发现代理模块获取本端发送请求立即应答报文的时间 和本端接收到对端反馈的应答报文的时间;
所述网络拓朴自动发现代理模块将本端接收到对端反馈的应答报文的时 间减去本端发送请求立即应答报文的时间, 得到报文往返延时;
所述网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述报 文往返延时。
6、 根据权利要求 5所述的网络拓朴自动发现方法, 其特征在于, 所述方 法还包括:
所述网络拓朴自动发现代理模块分别计算出前次发送请求立即应答报文 的报文延时和本次发送请求立即应答报文的报文延时;
所述网络拓朴自动发现代理模块将本次发送请求立即应答报文的报文延 时减去前次发送请求立即应答报文的报文延时,得到本端和对端之间的网络抖 动;
所述网络拓朴自动发现代理模块向网络拓朴发现分析服务器上报所述网 络抖动。
7、 根据权利要求 1至 6中任一项所述的网络拓朴自动发现方法, 其特征 在于, 所述网络拓朴自动发现代理模块获取网间互连协议 IP报文的网络类型 包括: 所述网络拓朴自动发现代理模块获取所述 IP报文的目的 IP地址和源 IP 地址;
所述网络拓朴自动发现代理模块根据本端的 IP地址, 获取所述本端的 IP 地址对应的掩码;
所述网络拓朴自动发现代理模块将所述掩码分别与所述目的 IP地址、 所 述源 IP地址进行位与运算, 比较两者的位与运算结果, 若两者的位与运算结 果相同, 则所述 IP报文的网络类型为直连网络, 否则所述 IP报文的网络类型 为路由网络。
8、 根据权利要求 1至 7中任一项所述网络拓朴自动发现方法, 其特征在 于, 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址进行请求立 即应答探测具体为: 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP 地址进行因特网控制报文协议回应请求 ICMP Ping探测, 所述第一探测结果 为: 如果接收到因特网控制报文协议回应 ICMP Reply报文, 则本端和对端之 间的网络连接正常; 如果没有接收到 ICMP Reply报文, 则本端和对端之间的 网络连接有变化。
9、 根据权利要求 1至 7中任一项所述的网络拓朴自动发现方法, 其特征 在于, 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址进行路由 探测具体为: 所述网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址进 行跟踪路由 TraceRoute探测, 所述第二探测结果为: 如果接收到所述路由器 反馈的 ICMP Reply报文, 则本端和所述路由器之间的网络连接正常, 如果没 有接收到所述路由器反馈的 ICMP Reply报文, 则本端和所述路由器之间的网 络连接有变化; 如果接收到对端反馈的 ICMP Reply报文, 则本端和所述对端 之间的网络连接正常, 如果没有接收到对端反馈的 ICMP Reply报文, 则本端 和对端之间的网络连接有变化。
10、 一种网络拓朴自动发现方法, 其特征在于, 包括:
网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块分别上报 的第一探测结果或第二探测结果,所述第一探测结果为网络拓朴自动发现代理 模块获取的网间互连协议 IP报文的网络类型为直连网络、 网络拓朴自动发现 代理模块对所述 IP报文的目的 IP地址进行请求立即应答探测得到, 所述第二 探测结果为网络拓朴自动发现代理模块获取的 IP报文的网络类型为路由网 络、 网络拓朴自动发现代理模块对所述 IP报文的目的 IP地址和路由器的 IP 地址进行请求立即应答探测得到;
所述网络拓朴发现分析服务器对各个网络拓朴自动发现代理模块分别上 报的第一探测结果或第二探测结果进行分析,绘制出网络拓朴图, 所述网络拓 朴图包括网络中各个网元设备之间的互连信息。
11、 根据权利要求 10所述的网络拓朴自动发现方法, 其特征在于, 所述 网络拓朴发现分析服务器绘制出网络拓朴图之前还包括:
所述网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报 的 的协议类型;
所述网络拓朴发现分析服务器绘制出网络拓朴图具体为:所述网络拓朴发 现分析服务器根据各个不同的协议类型, 分别绘制出网络拓朴图。
12、 根据权利要求 11所述的网络拓朴自动发现方法, 其特征在于, 所述 网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报的 IP报文 的协议类型之后还包括:
所述网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上报 的在预置的时间段内各个协议类型下的报文数据流量;
所述网络拓朴发现分析服务器绘制出网络拓朴图具体为:所述网络拓朴发 现分析服务器根据各个不同的协议类型,将预置的时间段内各个协议类型下的 报文数据流量分别绘制在网络拓朴图上。
13、 根据权利要求 10所述的网络拓朴自动发现方法, 其特征在于, 所述 网络拓朴发现分析服务器绘制出网络拓朴图之前还包括如下步骤 S1、步骤 S2、 步骤 S3中的至少一个步骤:
S1、所述网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上 的丟包率;
52、所述网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上 报的报文往返延时;
53、所述网络拓朴发现分析服务器接收各个网络拓朴自动发现代理模块上 报的网络抖动; 所述网络拓朴发现分析服务器绘制出网络拓朴图具体为:所述网络拓朴发 现分析服务器将通过步骤 Sl、 步骤 S2、 步骤 S3 中的至少一个步骤接收到的 所述丟包率、 所述报文往返延时、 所述网络抖动绘制在网络拓朴图上。
14、 一种网络拓朴自动发现代理模块, 其特征在于, 包括:
获取单元, 用于获取网间互连协议 IP ·^艮文的网络类型, 所述网络类型包 括直连网络或路由网络, 所述直连网络为 IP 文的源 IP地址和目的 IP地址 在同一网段内的网络, 所述路由网络为 IP报文的源 IP地址和目的 IP地址不 在同一网段内的网络;
第一探测单元, 用于若所述 IP报文的网络类型为直连网络, 对所述 IP报 文的目的 IP地址进行请求立即应答探测, 得到第一探测结果;
第二探测单元, 用于若所述 IP报文的网络类型为路由网络, 对所述 IP报 文的目的 IP地址进行路由探测,以获取到本端和对端之间的路由器的 IP地址; 第三探测单元, 用于分别对所述路由器的 IP地址、 所述 IP报文的目的 IP 地址进行请求立即应答探测, 得到第二探测结果;
上报单元,用于向网络拓朴发现分析服务器上报所述第一探测结果或所述 第二探测结果,以使所述网络拓朴发现分析服务器接收到所述第一探测结果或 所述第二探测结果之后绘制网络拓朴图,所述网络拓朴图包括网络中各个网元 设备之间的互连信息。
15、 根据权利要求 14所述的网络拓朴自动发现代理模块, 其特征在于, 所述获取单元, 还用于根据所述 IP报文的端口号, 获取所述 IP报文的协 议类型;
所述上报单元, 还用于向网络拓朴发现分析服务器上报所述 IP报文的协 议类型。
16、 根据权利要求 15所述的网络拓朴自动发现代理模块, 其特征在于, 所述获取单元,还用于根据协议类型的不同, 分类统计在预置的时间段内 各个协议下的报文数据流量;
所述上报单元,还用于向网络拓朴发现分析服务器上报在预置的时间段内 各个协议下的报文数据流量。
17、 根据权利要求 14至 16中任一项所述的网络拓朴自动发现代理模块, 其特征在于,
所述获取单元,还用于统计在预置的探测周期内发送的请求立即应答报文 报文个数和接收对端反馈的应答报文个数;根据所述请求立即应答报文个数和 所述对端反馈的应答报文个数, 获取本端和对端之间的丟包率;
18、 根据权利要求 14至 17中任一项所述的网络拓朴自动发现代理模块, 其特征在于,
所述获取单元,还用于获取本端发送请求立即应答报文的时间和本端接收 到对端反馈的应答报文的时间;将本端接收到对端反馈的应答报文的时间减去 本端发送请求立即应答 文的时间, 得到 文往返延时;
所述上报单元, 还用于向网络拓朴发现分析服务器上报所述报文往返延 时。
19、 根据权利要求 14至 18中任一项所述的网络拓朴自动发现代理模块, 其特征在于,
所述获取单元,还用于分别计算出前次发送请求立即应答报文的报文延时 和本次发送请求立即应答报文的报文延时;将本次发送请求立即应答报文的报 文延时减去前次发送请求立即应答报文的报文延时,得到本端和对端之间的网 络抖动;
20、 根据权利要求 14至 19中任一项所述的网络拓朴自动发现代理模块, 其特征在于,
所述获取单元, 具体用于获取所述 IP 文的目的 IP地址和源 IP地址; 根据本端的 IP地址, 获取所述本端的 IP地址对应的掩码; 将所述掩码分别与 所述目的 IP地址、 所述源 IP地址进行位与运算, 比较两者的位与运算结果, 若两者的位与运算结果相同, 则所述 IP报文的网络类型为直连网络, 否则所 述 IP 文的网络类型为路由网络。
21、 一种网络拓朴发现分析服务器, 其特征在于, 包括:
接收单元,用于接收各个网络拓朴自动发现代理模块分别上报的第一探测 结果或第二探测结果,所述第一探测结果为网络拓朴自动发现代理模块获取的 网间互连协议 IP 文的网络类型为直连网络、 网络拓朴自动发现代理模块对 所述 IP报文的目的 IP地址进行请求立即应答探测得到, 所述第二探测结果为 网络拓朴自动发现代理模块获取的 IP报文的网络类型为路由网络、 网络拓朴 自动发现代理模块对所述 IP报文的目的 IP地址和路由器的 IP地址进行请求 立即应答探测得到;
绘图单元,用于对各个网络拓朴自动发现代理模块分别上报的第一探测结 果或第二探测结果进行分析,绘制出网络拓朴图, 所述网络拓朴图包括网络中 各个网元设备之间的互连信息。
22、 根据权利要求 21所述的网络拓朴发现分析服务器, 其特征在于, 所述接收单元, 还用于接收各个网络拓朴自动发现代理模块上报的 IP报 文的协议类型;
所述绘图单元, 具体用于根据各个不同的协议类型, 分别绘制出网络拓朴 图。
23、 根据权利要求 22所述的网络拓朴发现分析服务器, 其特征在于, 所述接收单元,还用于接收各个网络拓朴自动发现代理模块上报的在预置 的时间段内各个协议类型下的报文数据流量;
所述绘图单元, 具体用于根据各个不同的协议类型,将预置的时间段内各 个协议类型下的报文数据流量分别绘制在网络拓朴图上。
24、根据权利要求 21至 23中任一项所述的网络拓朴发现分析服务器, 其 特征在于,
所述接收单元, 还用于接收各个网络拓朴自动发现代理模块上报的丟包 率、 文往返延时、 网络抖动中的至少一个;
所述绘图单元, 具体用于将所述接收单元接收到的所述丟包率、所述报文 往返延时、 所述网络抖动中的至少一个绘制在网络拓朴图上。
25、 一种网络拓朴自动发现系统, 其特征在于, 包括: 如权利要求 14至
20所述的网络拓朴自动发现代理模块、 如权利要求 21至 24所述的网络拓朴 发现分析服务器。
PCT/CN2011/080498 2011-09-30 2011-09-30 网络拓扑自动发现方法、装置及系统 WO2012149794A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2011/080498 WO2012149794A1 (zh) 2011-09-30 2011-09-30 网络拓扑自动发现方法、装置及系统
CN201180002342.1A CN102439905B (zh) 2011-09-30 2011-09-30 网络拓扑自动发现方法、装置及系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/080498 WO2012149794A1 (zh) 2011-09-30 2011-09-30 网络拓扑自动发现方法、装置及系统

Publications (1)

Publication Number Publication Date
WO2012149794A1 true WO2012149794A1 (zh) 2012-11-08

Family

ID=45986266

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/080498 WO2012149794A1 (zh) 2011-09-30 2011-09-30 网络拓扑自动发现方法、装置及系统

Country Status (2)

Country Link
CN (1) CN102439905B (zh)
WO (1) WO2012149794A1 (zh)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113448A (zh) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 一种局域网内设备自动发现及监控的方法
CN109728959A (zh) * 2019-03-15 2019-05-07 广东电网有限责任公司 一种网络拓扑结构自动分析方法、装置和设备
CN112751689A (zh) * 2019-10-30 2021-05-04 北京京东振世信息技术有限公司 一种网络连通性检测方法、监控服务端和监控代理装置
CN114285718A (zh) * 2021-12-28 2022-04-05 北京航天数据股份有限公司 一种拓扑生成方法、装置、电子设备及存储介质

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891765B (zh) * 2012-09-05 2016-01-20 曙光云计算技术有限公司 一种基于SNMP和HTML5实现web网络拓扑的方法
CN103051477A (zh) * 2012-12-24 2013-04-17 中兴通讯股份有限公司 一种网络拓扑自动获取方法及系统、网络管理系统
CN103001811B (zh) * 2012-12-31 2016-01-06 北京启明星辰信息技术股份有限公司 故障定位方法和装置
CN104579842A (zh) * 2015-01-12 2015-04-29 浪潮电子信息产业股份有限公司 一种基于socket通信获取集群监控计算节点状态的处理方法
CN105119679B (zh) * 2015-09-24 2017-09-29 烽火通信科技股份有限公司 一种实现sntp客户端时间同步的方法及系统
CN106850337B (zh) * 2016-12-29 2020-07-03 中兴通讯股份有限公司 一种网络质量检测方法及装置
CN108462597B (zh) * 2017-02-21 2022-05-06 腾讯科技(深圳)有限公司 信息上报方法、装置和系统
CN107104845B (zh) * 2017-05-31 2020-08-11 浙江远望信息股份有限公司 网络拓扑发现方法和系统
CN107480179B (zh) * 2017-07-04 2020-06-16 阿里巴巴集团控股有限公司 检测方法及装置和电子设备
CN107682270B (zh) * 2017-09-13 2020-06-12 北京百卓网络技术有限公司 一种网络拓扑发现方法及装置
CN107786684B (zh) * 2017-09-28 2020-10-16 中南林业科技大学 一种移动自组网地址自动分配协议在ns2中的模拟仿真方法
CN107786373B (zh) * 2017-10-13 2021-08-31 广东电网有限责任公司广州供电局 生成服务器拓扑关系的方法、装置、存储介质及计算机设备
CN110868702A (zh) * 2018-08-27 2020-03-06 深圳市讯扬通信有限公司 共享智能终端数据流量的软件实现
CN110233908B (zh) * 2019-06-11 2022-02-25 深圳市灵星雨科技开发有限公司 安卓播放盒网线直连电脑的方法以及装置
CN110505149B (zh) * 2019-08-06 2021-11-02 新华三技术有限公司合肥分公司 网络拓扑收集方法及装置
CN110868318B (zh) * 2019-11-01 2022-10-18 咪咕文化科技有限公司 网络访问关系的生成方法、装置、电子设备及存储介质
CN110912751A (zh) * 2019-12-03 2020-03-24 山东中创软件商用中间件股份有限公司 一种网络设备拓扑图生成方法及相关装置
CN112422321B (zh) * 2020-10-28 2022-02-22 电子科技大学 一种基于梯度引导的高效网络拓扑探测方法
CN114244755B (zh) * 2021-12-15 2023-11-14 北京恒安嘉新安全技术有限公司 一种资产探测方法、装置、设备及存储介质
CN114338414B (zh) * 2022-01-30 2024-01-16 阿里巴巴(中国)有限公司 一种骨干网络拓扑发现方法、装置及控制设备
CN114827086B (zh) * 2022-06-28 2022-09-16 杭州安恒信息技术股份有限公司 一种探测ip发现方法、装置、设备及存储介质
CN115277437B (zh) * 2022-07-29 2023-12-01 湖南大学 网络拓扑构建方法、装置、计算机设备和存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1211843A1 (en) * 2000-11-30 2002-06-05 Hewlett-Packard Company, A Delaware Corporation Process and apparatus for automatic topology discovery
CN102045190A (zh) * 2009-10-21 2011-05-04 杭州华三通信技术有限公司 一种网络拓扑发现方法和设备
CN102143007A (zh) * 2011-05-03 2011-08-03 中国南方电网有限责任公司 基于分布式的多级网络拓扑发现方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006008349A1 (fr) * 2004-06-23 2006-01-26 Witbe Net Procede et equipement de mesure de la qualite d’au moins un service du protocole internet
CN101043430B (zh) * 2006-06-20 2010-12-01 华为技术有限公司 一种设备之间网络地址转换的方法
CN101616029B (zh) * 2009-07-28 2011-10-26 中兴通讯股份有限公司 一种实现网络拓扑发现的方法及系统
CN102082690B (zh) * 2011-01-10 2013-04-03 北京邮电大学 一种网络拓扑的被动发现设备及其发现方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1211843A1 (en) * 2000-11-30 2002-06-05 Hewlett-Packard Company, A Delaware Corporation Process and apparatus for automatic topology discovery
CN102045190A (zh) * 2009-10-21 2011-05-04 杭州华三通信技术有限公司 一种网络拓扑发现方法和设备
CN102143007A (zh) * 2011-05-03 2011-08-03 中国南方电网有限责任公司 基于分布式的多级网络拓扑发现方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TIAN, HUI ET AL.: "Improved IP network topology discovery algorithm", RADIO ENGINEERING OF CHINA, vol. 32, no. 10, October 2002 (2002-10-01), pages 50 - 53 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113448A (zh) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 一种局域网内设备自动发现及监控的方法
CN109728959A (zh) * 2019-03-15 2019-05-07 广东电网有限责任公司 一种网络拓扑结构自动分析方法、装置和设备
CN112751689A (zh) * 2019-10-30 2021-05-04 北京京东振世信息技术有限公司 一种网络连通性检测方法、监控服务端和监控代理装置
CN112751689B (zh) * 2019-10-30 2023-12-05 北京京东振世信息技术有限公司 一种网络连通性检测方法、监控服务端和监控代理装置
CN114285718A (zh) * 2021-12-28 2022-04-05 北京航天数据股份有限公司 一种拓扑生成方法、装置、电子设备及存储介质
CN114285718B (zh) * 2021-12-28 2024-02-09 北京航天数据股份有限公司 一种拓扑生成方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN102439905A (zh) 2012-05-02
CN102439905B (zh) 2014-02-19

Similar Documents

Publication Publication Date Title
WO2012149794A1 (zh) 网络拓扑自动发现方法、装置及系统
US9692679B2 (en) Event triggered traceroute for optimized routing in a computer network
Mohan et al. Active and passive network measurements: a survey
US8125911B2 (en) First-hop domain reliability measurement and load balancing in a computer network
US8451745B2 (en) Auto probing endpoints for performance and fault management
EP1589692A1 (en) Packet tracing using dynamic packet filters
US7848230B2 (en) Sharing performance measurements among address prefixes of a same domain in a computer network
US20050091371A1 (en) Ingress points localization of a flow in a network
Cisco Debug Commands (aaa - ip)
Cisco Debug Commands
Cisco Debug Commands
Cisco Debug Commands
Cisco Debug Commands
Cisco Debug Commands
Cisco Debug Commands
Cisco Debug Commands
Cisco Index
Cisco Index
Cisco Cisco IOS Command References Master Index
Cisco Index
Cisco Debug Commands
Cisco Command Summary Index
Cisco Command Reference Master Index
Cisco
Cisco

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180002342.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11864846

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11864846

Country of ref document: EP

Kind code of ref document: A1