WO2015196636A1 - 一种报文采集方法、系统、网络设备及网管中心 - Google Patents
一种报文采集方法、系统、网络设备及网管中心 Download PDFInfo
- Publication number
- WO2015196636A1 WO2015196636A1 PCT/CN2014/088575 CN2014088575W WO2015196636A1 WO 2015196636 A1 WO2015196636 A1 WO 2015196636A1 CN 2014088575 W CN2014088575 W CN 2014088575W WO 2015196636 A1 WO2015196636 A1 WO 2015196636A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- collected
- network device
- collection
- network management
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000005538 encapsulation Methods 0.000 claims description 16
- 238000005070 sampling Methods 0.000 claims description 11
- 239000002699 waste material Substances 0.000 abstract description 5
- 238000004171 remote diagnosis Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000003745 diagnosis Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/34—Signalling channels for network management communication
- H04L41/344—Out-of-band transfers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
Definitions
- the present invention relates to the field of network diagnosis, and in particular, to a packet collection method, system, network device, and network management center.
- the site personnel configure the network device to mirror the traffic of the destination port to be collected to another free port, or configure the packet collection function to another idle port.
- the embodiment of the present invention provides a packet collection method, a system, a network device, and a network management center, so as to at least solve the problem that the existing packet collection mode causes a waste of resources of the network device or a temporary interruption of the service, and the human resource cost is high.
- the problem is not limited to:
- the embodiment of the present invention provides a packet collection method, including:
- the collected packet is encapsulated into an IP packet of the collected packet, and the IP packet of the collected packet is sent to the network management center through the network management channel.
- the acquiring the collection message according to the feature information of the to-be-collected packet includes:
- Mirroring or sampling the packet to obtain a mirrored packet or a sampled packet and the mirrored packet or the sampled packet is used as the collected packet.
- the collecting the packet to collect the packet IP data packet specifically includes:
- a package label is configured for the collection packet, where the package label includes identifier information of the network device, address information of the network management center, and identifier information of the collected packet.
- the collected message is encapsulated into an collected packet IP data packet according to a UDP protocol or a TCP protocol.
- a network device including:
- the first receiving module is configured to receive a packet collection command sent by the network management center, where the packet collection command includes feature information of the to-be-collected packet;
- the acquiring module is configured to acquire the collected packet according to the feature information of the to-be-collected packet received by the first receiving module;
- the processing module is configured to encapsulate the collected packet obtained by the acquiring module into an IP packet for collecting the packet;
- the first sending module is configured to send the collected packet IP data packet encapsulated by the processing module to the network management center through a network management channel.
- the method further includes:
- a determining module configured to determine, according to the feature information of the to-be-collected message, a packet having the feature information
- the acquiring module is specifically configured to mirror or sample the packet determined by the determining module, and obtain a mirrored packet or a sampled packet, and the mirrored packet or the sampled packet is used as the collected packet.
- the processing module is specifically configured to configure a package label for the collection packet, where the package label includes identifier information of the network device, address information of the network management center, and identifier information of the collected packet.
- the processing module is specifically configured to encapsulate the collected packet into an IP packet of the collected packet according to the UDP protocol or the TCP protocol.
- a packet collection method includes:
- the collected packet IP data packet is parsed and restored to obtain an collected packet.
- the collecting the packet IP data packet, and the obtaining the collected packet specifically includes:
- a network management center including:
- the second sending module is configured to send the packet collection command to the network device, where the packet collection command includes the feature information of the to-be-collected packet;
- the second receiving module is configured to receive the collected packet IP data packet sent by the network device;
- the parsing module is configured to parse the collected packet IP data packet received by the second receiving module, and restore the collected packet.
- the parsing module is specifically configured to detach the encapsulation label of the IP packet of the collection packet, where the encapsulation label includes identification information of the network device, address information of the network management center, and identifier information of the collected packet.
- a locating module configured to search for a network device to which the collected packet belongs according to the identification information of the network device
- the storage module is configured to perform corresponding storage on the collection packet of the stripping label of the parsing module according to the identifier information of the collected packet.
- a packet collection method includes:
- the network management center sends a packet collection command to the network device, where the packet collection command includes the feature information of the to-be-collected packet.
- the network device Receiving, by the network device, a packet collection command sent by the network management center, where the packet collection command includes the feature information of the to-be-collected packet, and acquiring the collection packet according to the feature information of the to-be-collected packet,
- the collection packet is encapsulated to collect the packet IP data packet, and the collected packet IP data packet is sent to the network management center through the network management channel;
- the network management center receives the collected packet IP data packet sent by the network device, parses the collected packet IP data packet, and restores the collected packet.
- a packet collection system includes a network management center and at least one network device
- the network management center is configured to send different packet collection commands to the corresponding network device, where the packet collection command includes the feature information of the to-be-collected packet, and the received packet IP data packet sent by the network device;
- the collected packet IP data packet is parsed and restored to obtain the collected packet;
- the network device is configured to receive a packet collection command sent by the network management center, where the packet collection command includes feature information of the to-be-collected packet, and acquires the collected packet according to the feature information of the to-be-collected packet;
- the collection packet is encapsulated by collecting the packet IP data packet, and the collected packet IP data packet is sent to the network management center through the network management center.
- the embodiment of the present invention provides a packet collection method, a system, a network device, and a network management center.
- the network device collects the packet information of the packet to be collected according to the packet collection command sent by the network management center.
- the collected packet is encapsulated into an IP packet of the collected packet and sent to the network management center.
- the network management center parses the received IP packet of the collected packet and restores the collected packet.
- the network management center can collect the packets of the network device through the flexible and convenient configuration commands, so that the network device can collect the service packets of the destination port in a very accurate and simple manner. Collects different types of packets and transmits the collected packets to the network management center through the existing network management channel.
- the network is more stable without using idle ports. This saves network hardware resources and eliminates the need for network service ports.
- the network management center analyzes and analyzes the collected packets, which can remotely complete the network device's packet collection and realize remote diagnosis of service packets. It includes the judgment of the abnormality of the packet of the network device, and improves the diagnosis and maintenance capability of the network. It is simpler and more convenient than the packet collection method of the general network device, which saves the network operation and maintenance cost.
- the remote report can be performed Document collection, no need for manpower for on-site collection, but also saves on-site Set labor costs, while also avoiding the need to use or occupy the reserved service ports connected to the sampling device operates.
- FIG. 1 is a flowchart of a packet collection method according to Embodiment 1 of the present invention.
- FIG. 2 is a flowchart of a packet collection method according to Embodiment 2 of the present invention.
- FIG. 3 is a schematic structural diagram of a network device according to Embodiment 3 of the present invention.
- FIG. 4 is a schematic structural diagram of a network management center according to Embodiment 4 of the present invention.
- FIG. 5 is a flowchart of a packet collection method according to Embodiment 5 of the present invention.
- FIG. 6 is a schematic structural diagram of a packet collection system according to Embodiment 6 of the present invention.
- Embodiment 1 is a diagrammatic representation of Embodiment 1:
- FIG. 1 is a flowchart of a packet collection method according to an embodiment of the present invention. As shown in FIG. 1 , the packet collection method includes:
- S101 Receive a packet collection command sent by the network management center, where the packet collection command includes the feature information of the to-be-collected packet.
- the network device receives the packet collection command sent by the network management center in real time through the network management channel.
- the packet collection command is mainly configured to instruct the network device to complete the collection of the packet, and report the packet to the network management center.
- the central device configures the network device to complete the collection of the packets in the network device, so as to implement the remote diagnosis of the service, such as the abnormality of the network device, and the packet collection command includes the feature information of the packet to be collected.
- the feature information includes, but is not limited to, at least one destination port on the network device to which the packet to be collected belongs, such as port 1 of the network device, and attributes of a certain type or a special type of packet, such as discarded packets. Therefore, the collection of the message can be completed.
- S102 Acquire an collected packet according to the feature information of the to-be-collected packet.
- the collection information is obtained according to the feature information of the to-be-collected packet in the packet collection command.
- the packet having the feature information is determined according to the feature information. If the feature information is at least one destination port on the network device to which the packet to be collected belongs, then the pair is determined. The packet on the at least one destination port is collected, or the feature information is an attribute of a certain type or a special type of packet, and then it is determined that one or a special type of packet having the attribute is performed.
- the collection of discarded packets includes the following two methods:
- the mirroring of the packet with the feature information is performed, and the mirrored packet is obtained as the collected packet. For example, if it is determined that 100 packets in the network device have the feature information, 100 packets are mirrored, that is, "copy" gets 100 mirrored packets, and the 100 mirrored packets are used as the collected packets. In addition, for a certain type or a special type of packets, if the network device supports the pair If the network device supports the mirroring or ACL mirroring of the discarded packets, the device can perform the mirroring or ACL mirroring. The message is collected;
- sampling the packet with the feature information, and obtaining the sampled packet, and using the sampled packet as the collected packet for example, if it is determined that 100 packets in the network device have the feature information, 100
- the packet is sampled, that is, a plurality of packets are selected from the 100 packets, for example, 10 packets are selected to obtain sampled packets, and the 10 sampled packets are used as the collected packets.
- the collected message can be sent to a certain port by using a port mirroring or sampling method.
- a port mirroring or sampling method for a module having a processing function in the network device, including but not limited to a CPU.
- the collected packets can be directly mirrored or sampled to any module with processing functions in the network device, such as The mirroring configuration directly mirrors the mirrored packets to the CPU, or directly samples the sampled packets to the CPU through the sampling configuration.
- S103 The collected packet is encapsulated into an IP packet for collecting the packet, and the IP packet of the collected packet is sent to the network management center through the network management channel.
- the collected packet is encapsulated into an IP packet of the collected packet, and the collected IP packet of the collected packet is sent to the network management center through the network management channel.
- the manner in which the collected packets are encapsulated into the collected IP data packets according to different network protocol types includes, but is not limited to, the following manners: configuring the encapsulated labels for the collected packets, that is, collecting the collected packets.
- the IP packet and the protocol packet are encapsulated, and the encapsulation label is configured in the header of the collection packet, so that the IP packet of the collection packet includes the encapsulation label and the collection packet.
- the encapsulation label includes the identification information of the network device and the network management center.
- the address information and the identification information of the collected message wherein the identification information of the network device is set to identify the network device, including but not limited to the source IP address of the network device, and the address information of the network management center is set to indicate the purpose of sending the collected message.
- the address which includes but is not limited to the destination IP address of the network management center.
- the identification information of the collected packet is agreed by the network management center and the network device.
- the identifier is set to identify the packet as the collection packet, including but not limited to the port. No.
- the port number is an internal private port number. It should be noted that the identification information of the above network device and the network management center
- the address information and the identification information of the collected message are set in any field in the package label.
- the different network protocol types include, but are not limited to, the UDP (User Datagram Protocol) protocol and the TCP (Transmission Control Protocol) protocol, and the collected packets are based on the UDP protocol and the TCP.
- the protocol or other type of network encapsulation protocol is encapsulated to collect packet IP data packets.
- the UDP protocol is used as an example.
- the encapsulation label of the protocol header is encapsulated.
- the IP address of the network management center is directly used as the destination IP address, and the network device itself
- the network management IP address is used as the source IP address
- the UDP port number is an internal private port number.
- the UDP port number is configured as a special 12345, so that the encapsulated packet is encapsulated and made into an IP packet for collecting packets.
- the network management channel can complete the transmission of the collected packets.
- the network device can be used for any purpose.
- the packet on the port or a special packet is collected.
- the network management channel is a pure IP network channel.
- the IP data flow needs to be transmitted on the network management channel.
- the main purpose is to transmit the network management operation of the network device and the network device to report some running status.
- the IP packet of the collected packet is obtained, and the IP packet of the collected packet is sent to the network management center and the network device by using the existing network management channel.
- the IP data packet of the collected packet can be directly sent to the network management center by using the network management channel.
- the network device before the network device sends the IP packet of the collected packet, the network device needs to determine the destination port of the network management channel of the network management center, that is, according to the routing table of the network device, find the route whose destination address is the network management center.
- the next hop of the egress can be used to determine the next hop of the route of the network management channel. If the next hop of the route of the network management channel is determined to be port 2, the IP packet of the packet will be collected from the port according to the queried port.
- the IP address of the collected packets is sent to the NMS through the NMS channel.
- Embodiment 2 is a diagrammatic representation of Embodiment 1:
- FIG. 2 is a flowchart of a packet collection method according to another embodiment of the present invention. As shown in FIG. 2, the packet collection method includes:
- S201 Send the packet collection command to the network device, where the packet collection command includes the feature information of the to-be-collected packet.
- a message collection command is generated, and the message collection command is mainly set to instruct the network device to complete the message.
- the collection, the packet collection command is sent to the network device through the network management channel, and the packet collection command includes the feature information of the to-be-collected packet, where the feature information includes but is not limited to at least one destination on the network device to which the packet to be collected belongs.
- a port such as port 1 of a network device, has the attributes of a particular packet or a certain type of packet, such as discarding packets, so that the packet can be collected.
- S202 Receive an IP packet of the collected packet sent by the network device.
- the network management center receives the collected packet IP data packet.
- S203 Parse the collected packet IP data packet, and restore the collected packet.
- the network management center parses and analyzes the IP packet of the collected packet, and then the original collected packet can be restored.
- the network management center can determine, according to the encapsulation label of the IP packet of the packet, that the IP packet of the collected packet includes the collected packet, and the IP packet of the collected packet needs to be parsed and processed.
- the method for parsing the IP packet of the packet includes, but is not limited to, the following method: stripping the encapsulated label of the IP packet of the collected packet, and then restoring the original collected packet; the encapsulated label includes the identification information of the network device, and the network management center The address information and the identification information of the collected message, wherein the identification information of the network device is set to identify the network device, including but not limited to the source IP address of the network device, and the address information of the network management center is set to indicate the purpose of sending the collected message.
- the address which includes but is not limited to the destination IP address of the network management center.
- the identification information of the collected packet is agreed by the network management center and the network device.
- the identifier is set to identify the packet as the collection packet, including but not limited to the port. No.
- the port number is an internal private port number. It should be noted that the identification information of the above network device and the network management are in the network management. Address information and the identification information collecting packet in any of the fields of the package tag set. As the network management center has the identification information of all network devices, according to the identification information of the network devices in the package label, it can be found that the collected packets in the IP packets of the collected packets are from which network device in the network, that is, the collection report.
- the network device to which the text belongs, and according to the identification information of the collected packet in the package label, the IP packet of the collected packet after the package label is stripped is collected, and the collected packet is correspondingly stored. Display and output the user in the network management center, and output the collection result of the network device.
- the UDP protocol is also taken as an example. After receiving the IP data packet encapsulated according to the UDP protocol, the network management center receives the IP packet according to the package label. If the UDP port number is configured as a special 12345, the IP packet of the collected packet includes the collected packet. The IP packet of the collected packet has a packet label of the protocol header.
- the collection message can be restored, and in the IP encapsulation part of the UDP header, it is straight
- the network device's own IP network address as the source IP address therefore, by the source IP address, the network device can obtain the information collection message sending the IP packet.
- Embodiment 3 is a diagrammatic representation of Embodiment 3
- FIG. 3 is a schematic structural diagram of a network device according to an embodiment of the present invention. As shown in FIG. 3, the network device 1 includes:
- the first receiving module 11 is configured to receive a packet collection command sent by the network management center, where the packet collection command includes the feature information of the to-be-collected packet.
- the obtaining module 12 is configured to obtain the collected message according to the feature information of the to-be-collected packet received by the first receiving module 11;
- the processing module 13 is configured to encapsulate the collected packet obtained by the obtaining module 11 into an IP packet for collecting the packet;
- the first sending module 14 is configured to send the collected packet IP data packet encapsulated by the processing module 13 to the network management center through the network management channel.
- the first receiving module 11 receives the packet collection command sent by the network management center in real time through the network management channel, and the packet collection command is mainly configured to instruct the network device to complete the collection of the packet and report it to the network management center.
- the network device is configured to collect the packets of the network device, so as to implement the remote diagnosis of the service, such as the abnormality of the network device, and the packet collection command includes the to-be-collected packet.
- the feature information includes, but is not limited to, at least one destination port on the network device to which the packet to be collected belongs, such as port 1 of the network device, and attributes of a certain type or a special type of packet, such as discarding the report. Text, etc., so that the collection of messages can be done in a targeted manner.
- the network device 1 further includes a determining module 15 that, before acquiring the collected packet, the determining module 15 first determines, according to the feature information, a packet having the feature information, such as the feature information being the packet to be collected. At least one destination port on the network device, if it is determined to collect the packet on the at least one destination port, or the feature information is an attribute of a certain type or a special type of packet, then the pair is determined to have the A specific packet of a certain type or a certain type of packet is collected. For example, the method for obtaining the discarded packet is obtained by the obtaining module 12, but is not limited to the following two types:
- the packet with the feature information is mirrored, and the mirrored packet is obtained, and the mirrored packet is used as the collected packet.
- the packet with the feature information is sampled, and the sampled packet is obtained, and the sampled packet is used as the collected packet.
- the collected message can be sent to a certain port by using a port mirroring or sampling method.
- a module having a processing function in the network device including but not limited to a CPU
- the processing packet can be directly mirrored or sampled to any module with processing function in the network device, that is, the processing module, in order not to waste resources of the network device and prevent other service ports from being occupied. 13 can be a CPU.
- the mirrored packet can be directly mirrored to the CPU through the mirroring configuration, or the sampled packet can be directly sampled and sent to the CPU through the sampling configuration.
- the processing module 13 after acquiring the collected packet, the processing module 13 encapsulates the collected packet into an IP packet of the collected packet, and sends the collected packet IP data packet to the network management center through the network management channel.
- the processing module 13 specifically encapsulates the collected packets into the collected packets of the IP data packet, but is not limited to the following manner: configuring the encapsulated label for the collected packet, that is, performing IP reporting on the collected packet.
- Text and protocol packet encapsulation The encapsulation label is configured on the header of the collection packet, so that the IP packet of the collection packet includes a package label and an collection packet.
- the package label includes the identification information of the network device, the address information of the network management center, and the identifier information of the collected packet.
- the identification information of the network device is set to identify the network device, including but not limited to the source IP address of the network device, and the address information of the network management center is set to indicate the destination address of the collected packet, including but not limited to the network management
- the destination IP address of the center and the identification information of the collected packets are jointly agreed by the network management center and the network device.
- the identifier is set to identify the packet as the collection packet.
- the port number is an internal number.
- the private port number is as follows: The identification information of the network device, the address information of the network management center, and the identification information of the collected packet are set in any field in the package label.
- the different network protocol types include, but are not limited to, the UDP (User Datagram Protocol) protocol and the TCP (Transmission Control Protocol) protocol, and the processing module 13 collects the packets according to UDP.
- UDP User Datagram Protocol
- TCP Transmission Control Protocol
- the processing module 13 collects the packets according to UDP.
- the protocol, the TCP protocol, or other types of network encapsulation protocols are encapsulated to collect packet IP data packets.
- the network management channel can complete the transmission of the collected packets.
- the network device can be used for any purpose.
- the packet on the port or a special packet is collected.
- the network management channel is a pure IP network channel.
- the IP data flow needs to be transmitted on the network management channel.
- the main purpose is to transmit the network management operation of the network device and the network device to report some running status.
- the IP packet of the collected packet is obtained, and the first sending module 104 sends the IP packet of the collected packet to the network management center by using the existing network management channel.
- the IP data packet of the collected packet can be directly sent to the network management center by using the network management channel.
- the network device before the network device sends the IP packet of the collected packet, the network device needs to determine the destination port of the network management channel of the network management center, that is, according to the routing table of the network device, find the route whose destination address is the network management center.
- the next hop of the egress can be used to determine the next hop of the route of the network management channel. If the next hop of the route of the network management channel is determined to be port 2, the IP packet of the packet will be collected from the port according to the queried port.
- the IP address of the collected packets is sent to the NMS through the NMS channel.
- Embodiment 4 is a diagrammatic representation of Embodiment 4:
- FIG. 4 is a schematic structural diagram of a network management center according to an embodiment of the present invention. As shown in FIG. 4, the network management center 2 includes:
- the second sending module 21 is configured to send the packet collection command to the network device, where the packet collection command includes the feature information of the to-be-collected packet.
- the second receiving module 22 is configured to receive an IP packet of the collected packet sent by the network device.
- the parsing module 23 is configured to parse the collected packet IP data packet received by the second receiving module 22, and restore the collected packet.
- the second sending module 21 sends the packet collection command to the network device through the network management channel.
- the packet collection command includes the feature information of the to-be-collected packet, and the feature information includes but is not limited to the network to which the packet to be collected belongs.
- the parsing module 22 parses and analyzes the collected packet IP data packet, and then the original collected packet can be restored.
- the network management center determines that the IP packet of the collected packet includes the collected packet, and the IP packet of the collected packet needs to be parsed, and the parsing module 22 collects the packet according to the encapsulation label of the IP packet.
- the method for parsing the IP data packet includes, but is not limited to, the following method: stripping the encapsulated label of the IP packet of the collected packet, and restoring the original collected packet; the package label includes the identification information of the network device, the address information of the network management center, and Collecting the identification information of the packet, wherein the identification information of the network device is set to identify the network device, including but not limited to the source IP address of the network device, and the address information of the network management center is set to indicate the destination address of the sent packet,
- the information of the packet is collected by the network management center and the network device, and is set to identify the packet as the collection packet, including but not limited to the port number.
- the port number is an internal private port number. It should be noted that the identification information of the above network device and the location of the network management center.
- the address information and the identification information of the collected message are set in any field in the package label.
- the network management center further includes a search module 24 and a storage module 25. Since the network management center has identification information of all network devices, the search module 24 can find the collection report according to the identification information of the network device in the package label.
- the collected packets in the IP data packet are from the network device in the network, that is, the network device to which the packet is collected.
- the storage module 25 can obtain the stripped package label according to the identification information of the collected packet in the package label.
- the IP packet of the collected packet is the collected packet, and the collected packet is stored correspondingly, so that the user is displayed and outputted in the network management center, and the collection result of the network device is output, so that the user is displayed and outputted in the network management center. Output the collection result of the network device.
- Embodiment 5 is a diagrammatic representation of Embodiment 5:
- FIG. 5 is a flowchart of a packet collection method according to another embodiment of the present invention. As shown in FIG. 5, the packet collection method includes:
- the network management center sends a packet collection command to the network device, where the packet collection command includes the feature information of the to-be-collected packet.
- the network device receives the packet collection command sent by the network management center, where the packet collection command includes the feature information of the to-be-collected packet, and obtains the collected packet according to the feature information of the to-be-collected packet, and encapsulates the collected packet into the collected packet.
- the IP data packet is sent to the network management center through the network management channel.
- the network management center receives the IP packet of the collected packet sent by the network device, parses the IP packet of the collected packet, and restores the collected packet.
- FIG. 6 is a flowchart of a packet collection system according to an embodiment of the present invention.
- the packet collection system includes a network management center 2 and at least one network device 1;
- the network management center 2 is configured to send different packet collection commands to the corresponding network device 1, respectively, the packet collection command includes the feature information of the to-be-collected packet, and the received packet IP data packet sent by the network device 1; The IP data packet is parsed and restored to obtain the collected message;
- the network device 1 is configured to receive the packet collection command sent by the network management center 2, and the packet collection command includes the feature information of the to-be-collected packet; the collection packet is obtained according to the feature information of the to-be-collected packet; The packet IP data packet is sent to the network management center 2 through the network management center.
- the collected packets of the network device in the network are encapsulated correspondingly, and then the encapsulated collected packets are sent to the network management center by using the existing network management channel, thereby completing the remotely processing the packets of the device.
- the work of the collection is a simple process of the collection.
- the packet collection method, system, network device, and network management center provided by the embodiments of the present invention have the following beneficial effects: the network management center can complete the packet collection of a network device by using flexible and convenient configuration commands at any time.
- the network device can collect the service packets of the destination port in a very accurate and simple manner. You can also collect various types of packets through the flexible configuration.
- the collected packets are transmitted to the network management center through the existing network management channel.
- the use of the free port for the capture also makes the network more stable, saves the network hardware resources, does not need to adjust the service port of the network, does not need to add new network resources and do new configuration, and collects packets at the network management center.
- the packet collection of the network device can be completed remotely, and the remote diagnosis of the service packet is performed, including the judgment of the abnormality of the network device packet, which improves the diagnosis and maintenance capability of the network, compared with the general network device.
- the packet collection method is simpler and more convenient, saving network operation and maintenance costs.
- remote packet capture no human-site acquisition, labor cost savings can also be collected at the scene, while also avoiding the need to use or occupy the reserved service ports operate sampling device connected.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (14)
- 一种报文采集方法,包括:接收网管中心发送的报文采集命令,所述报文采集命令包括待采集报文的特征信息;根据所述待采集报文的特征信息,获取采集报文;将所述采集报文封装为采集报文IP数据包,将所述采集报文IP数据包通过网管通道发送至所述网管中心。
- 根据权利要求1所述的报文采集方法,其中,根据所述待采集报文的特征信息,获取采集报文具体包括:根据所述待采集报文的特征信息,确定具有所述特征信息的报文;对所述报文进行镜像或采样,得到镜像报文或采样报文,将所述镜像报文或采样报文作为采集报文。
- 根据权利要求1所述的报文采集方法,其中,将所述采集报文封装为采集报文IP数据包具体包括:为所述采集报文配置封装标签,所述封装标签包括网络设备的识别信息、网管中心的地址信息以及采集报文的标识信息。
- 根据权利要求1-3任一项所述的报文采集方法,其中,将所述采集报文根据UDP协议或TCP协议封装为采集报文IP数据包。
- 一种网络设备,包括:第一接收模块,设置为接收网管中心发送的报文采集命令,所述报文采集命令包括待采集报文的特征信息;获取模块,设置为根据所述第一接收模块接收的待采集报文的特征信息,获取采集报文;处理模块,设置为将所述获取模块获取的采集报文封装为采集报文IP数据包;第一发送模块,设置为将所述处理模块封装的采集报文IP数据包通过网管通道发送至所述网管中心。
- 根据权利要求5所述的网络设备,其中,还包括:确定模块,设置为根据所述待采集报文的特征信息,确定具有所述特征信息的报文;所述获取模块具体设置为对所述确定模块确定的报文进行镜像或采样,得到镜像报文或采样报文,将所述镜像报文或采样报文作为采集报文。
- 根据权利要求5所述的网络设备,其中,所述处理模块具体设置为为所述采集报文配置封装标签,所述封装标签包括网络设备的识别信息、网管中心的地址信息以及采集报文的标识信息。
- 根据权利要求5-7任一项所述的网络设备,其中,所述处理模块具体设置为将所述采集报文根据UDP协议或TCP协议封装为采集报文IP数据包。
- 一种报文采集方法,包括:将报文采集命令发送至网络设备,所述报文采集命令包括待采集报文的特征信息;接收所述网络设备发送的采集报文IP数据包;对所述采集报文IP数据包进行解析,还原得到采集报文。
- 根据权利要求9所述的报文采集方法,其中,对所述采集报文IP数据包进行解析,还原得到采集报文具体包括:将所述采集报文IP数据包的封装标签剥离,所述封装标签包括网络设备的识别信息、网管中心的地址信息以及采集报文的标识信息;根据所述网络设备的识别信息,查找所述采集报文所属的网络设备,并根据所述采集报文的标识信息,对剥离所述封装标签的采集报文进行对应存储。
- 一种网管中心,包括:第二发送模块,设置为将报文采集命令发送至网络设备,所述报文采集命令包括待采集报文的特征信息;第二接收模块,设置为接收所述网络设备发送的采集报文IP数据包;解析模块,设置为对所述第二接收模块接收的采集报文IP数据包进行解析,还原得到采集报文。
- 根据权利要求11所述的网管中心,其中,所述解析模块具体设置为将所述采集报文IP数据包的封装标签剥离,所述封装标签包括网络设备的识别信息、网管中心的地址信息以及采集报文的标识信息;还包括:查找模块,设置为根据所述网络设备的识别信息,查找所述采集报文所属的网络设备;存储模块,设置为根据所述采集报文的标识信息,对所述解析模块剥离封装标签的采集报文进行对应存储。
- 一种报文采集方法,包括:网管中心将报文采集命令发送至网络设备,所述报文采集命令包括待采集报文的特征信息;所述网络设备接收所述网管中心发送的报文采集命令,所述报文采集命令包括待采集报文的特征信息,根据所述待采集报文的特征信息,获取采集报文,将所述采集报文封装为采集报文IP数据包,将所述采集报文IP数据包通过网管通道发送至所述网管中心;所述网管中心接收所述网络设备发送的采集报文IP数据包,对所述采集报文IP数据包进行解析,还原得到采集报文。
- 一种报文采集系统,包括网管中心、至少一个网络设备;所述网管中心设置为分别将不同的报文采集命令发送至对应的网络设备,所述报文采集命令包括待采集报文的特征信息;接收网络设备发送的采集报文IP数据包;对所述采集报文IP数据包进行解析,还原得到采集报文;所述网络设备设置为接收所述网管中心发送的报文采集命令,所述报文采集命令包括待采集报文的特征信息;根据所述待采集报文的特征信息,获取采集报文;将所述采集报文封装为采集报文IP数据包,将所述采集报文IP数据包通过网管中心发送至所述网管中心。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2017100654A RU2668394C2 (ru) | 2014-06-25 | 2014-10-14 | Способ и система для сбора пакетов, сетевое устройство и центр управления сетью |
EP14895920.8A EP3163801A4 (en) | 2014-06-25 | 2014-10-14 | Packet collection method and system, network device and network management centre |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410290390.0A CN105207834A (zh) | 2014-06-25 | 2014-06-25 | 一种报文采集方法、系统、网络设备及网管中心 |
CN201410290390.0 | 2014-06-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015196636A1 true WO2015196636A1 (zh) | 2015-12-30 |
Family
ID=54936593
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/088575 WO2015196636A1 (zh) | 2014-06-25 | 2014-10-14 | 一种报文采集方法、系统、网络设备及网管中心 |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP3163801A4 (zh) |
CN (1) | CN105207834A (zh) |
RU (1) | RU2668394C2 (zh) |
WO (1) | WO2015196636A1 (zh) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106230660B (zh) * | 2016-07-29 | 2019-06-14 | 锐捷网络股份有限公司 | sFlow采样的方法及装置 |
CN109995885B (zh) * | 2017-12-30 | 2022-06-03 | 中国移动通信集团辽宁有限公司 | 域名空间结构呈现方法、装置、设备及介质 |
CN108965061B (zh) * | 2018-08-03 | 2024-02-02 | 上海欣诺通信技术股份有限公司 | 数据包捕获设备及方法、还原设备及方法、系统和介质 |
RU2710302C1 (ru) * | 2018-12-05 | 2019-12-25 | Общество с ограниченной ответственностью "Траст Технолоджиз" | Способ организации работы компонентов сетевого оборудования для обработки сетевых пакетов (4 варианта) |
CN113542273B (zh) * | 2021-07-15 | 2023-07-18 | 北京润科通用技术有限公司 | 一种数据传输方法和相关设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897541A (zh) * | 2005-07-15 | 2007-01-17 | 华为技术有限公司 | 一种网络实现采样的方法 |
CN102143070A (zh) * | 2011-03-04 | 2011-08-03 | 中兴通讯股份有限公司 | 远程流量采集的方法、装置和系统 |
CN103475537A (zh) * | 2013-08-30 | 2013-12-25 | 华为技术有限公司 | 一种报文特征提取方法和装置 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040003094A1 (en) * | 2002-06-27 | 2004-01-01 | Michael See | Method and apparatus for mirroring traffic over a network |
JP4774357B2 (ja) * | 2006-05-18 | 2011-09-14 | アラクサラネットワークス株式会社 | 統計情報収集システム及び統計情報収集装置 |
CN100493004C (zh) * | 2007-04-04 | 2009-05-27 | 杭州华三通信技术有限公司 | 支持远程报文镜像的报文镜像方法和网络设备 |
CN101159656B (zh) * | 2007-11-12 | 2011-05-11 | 华为技术有限公司 | 一种报文采样的方法、系统及设备 |
CN102055814B (zh) * | 2010-11-25 | 2014-05-07 | 深圳市科陆电子科技股份有限公司 | 一种实现跨网段实时采集的方法 |
-
2014
- 2014-06-25 CN CN201410290390.0A patent/CN105207834A/zh active Pending
- 2014-10-14 EP EP14895920.8A patent/EP3163801A4/en not_active Withdrawn
- 2014-10-14 WO PCT/CN2014/088575 patent/WO2015196636A1/zh active Application Filing
- 2014-10-14 RU RU2017100654A patent/RU2668394C2/ru active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897541A (zh) * | 2005-07-15 | 2007-01-17 | 华为技术有限公司 | 一种网络实现采样的方法 |
CN102143070A (zh) * | 2011-03-04 | 2011-08-03 | 中兴通讯股份有限公司 | 远程流量采集的方法、装置和系统 |
CN103475537A (zh) * | 2013-08-30 | 2013-12-25 | 华为技术有限公司 | 一种报文特征提取方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3163801A4 * |
Also Published As
Publication number | Publication date |
---|---|
RU2017100654A3 (zh) | 2018-07-26 |
RU2668394C2 (ru) | 2018-09-28 |
EP3163801A4 (en) | 2017-08-02 |
EP3163801A1 (en) | 2017-05-03 |
CN105207834A (zh) | 2015-12-30 |
RU2017100654A (ru) | 2018-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112866075B (zh) | 面向Overlay网络的带内网络遥测方法、系统及相关装置 | |
US7693092B2 (en) | Multicast tree monitoring method and system in IP network | |
WO2015196636A1 (zh) | 一种报文采集方法、系统、网络设备及网管中心 | |
WO2016045098A1 (zh) | 交换机、控制器、系统及链路质量检测方法 | |
CN113079091A (zh) | 一种主动随流检测的方法、网络设备以及通信系统 | |
EP3082293B1 (en) | Switching device and packet loss method therefor | |
WO2014082577A1 (zh) | 实现远程调试的方法及系统 | |
WO2016184245A1 (zh) | 一种隧道丢包检测方法、装置及网络通信设备 | |
CN101159656B (zh) | 一种报文采样的方法、系统及设备 | |
CN105827487A (zh) | 一种sdn网络报文流统计方法、处理方法及sdn网络系统 | |
EP2833574A1 (en) | Method and apparatus for ethernet performance measurement | |
CN103905251A (zh) | 网络拓扑获取方法及装置 | |
CN107623752B (zh) | 基于链路层的网络管理方法和装置 | |
CN111934936A (zh) | 网络状态检测方法、装置、电子设备及存储介质 | |
WO2017193732A1 (zh) | 一种伪线数据报文的封装、解封装方法和相关装置 | |
EP2439888A1 (en) | Method, apparatus and system for establishing pseudo wire | |
US20130042020A1 (en) | Quick Network Path Discovery | |
EP2897328A1 (en) | Method, system and apparatus for establishing communication link | |
EP3297245A1 (en) | Method, apparatus and system for collecting access control list | |
CN105812198B (zh) | 桥接网络端到端的监测方法和装置 | |
CN106789437B (zh) | 报文的处理方法、转发方法、相关装置及丢包率测量方法 | |
US20140301226A1 (en) | Apparatus and method for network monitoring and packet inspection | |
Feng et al. | OpenRouteFlow: Enable legacy router as a software-defined routing service for hybrid SDN | |
CN113328956B (zh) | 一种报文处理方法及装置 | |
CN102143070B (zh) | 远程流量采集的方法、装置和系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14895920 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REEP | Request for entry into the european phase |
Ref document number: 2014895920 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014895920 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017100654 Country of ref document: RU Kind code of ref document: A |