WO2023245721A1 - Method and apparatus for traffic orchestration - Google Patents

Method and apparatus for traffic orchestration Download PDF

Info

Publication number
WO2023245721A1
WO2023245721A1 PCT/CN2022/103302 CN2022103302W WO2023245721A1 WO 2023245721 A1 WO2023245721 A1 WO 2023245721A1 CN 2022103302 W CN2022103302 W CN 2022103302W WO 2023245721 A1 WO2023245721 A1 WO 2023245721A1
Authority
WO
WIPO (PCT)
Prior art keywords
traffic
destination device
preset
current
orchestration
Prior art date
Application number
PCT/CN2022/103302
Other languages
French (fr)
Chinese (zh)
Inventor
王洪波
张慧翔
李金恒
王婷婷
Original Assignee
天津天睿科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天津天睿科技有限公司 filed Critical 天津天睿科技有限公司
Publication of WO2023245721A1 publication Critical patent/WO2023245721A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/31Flow control; Congestion control by tagging of packets, e.g. using discard eligibility [DE] bits

Definitions

  • the present invention relates to the field of network technology, and specifically to a method and device for traffic orchestration.
  • Network security is receiving more and more attention and plays an important role in national security.
  • switch traffic mirroring function to divert traffic when analyzing traffic.
  • the currently commonly used traffic orchestration method is to use the traffic mirroring function of the switch to direct all traffic in and out of a certain switch port into network security devices (such as IDS intrusion detection system, IPS intrusion prevention). system, etc.) or other traffic analysis systems, all traffic will be imported, and the traffic that the user is interested in cannot be identified and imported.
  • network security devices such as IDS intrusion detection system, IPS intrusion prevention). system, etc.
  • the traffic mirroring function does not support this kind of fine-grained traffic orchestration function
  • the traffic mirroring function of the switch can only realize the traffic import of a single device, but cannot realize the traffic import of multiple devices in a certain sequence. For example, using The traffic first passes through the IDS system, then the IPS system, and finally the WAF system, making it impossible to implement the traffic orchestration function of multiple devices.
  • the purpose of the embodiments of the present invention is to provide a method and device for traffic orchestration, which can solve or at least partially solve the above problems.
  • one aspect of an embodiment of the present invention provides a method for traffic orchestration.
  • the method includes: determining whether the current received traffic is preset traffic to be arranged; when the current traffic is the preset traffic In the case of traffic to be arranged, determine a preset destination device sequence table corresponding to the arrangement of the current traffic; and control the current traffic to enter the destination devices in the preset destination device sequence table in sequence, so as to all Describe the current traffic for orchestration.
  • determining whether the current flow is the preset flow to be arranged includes: judging whether the current flow is the preset flow to be arranged according to any of the following: identification information corresponding to the current flow Whether it is the preset identification information and the traffic orchestration mark in the session record corresponding to the current traffic, wherein the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
  • the identification information is five-tuple information, a data string, or a feature code
  • the preset identification information is preset five-tuple information, a preset data string, or a preset feature code.
  • the method when determining whether the current traffic is the preset traffic to be arranged according to the traffic orchestration mark in the session record corresponding to the current traffic, the current traffic is determined according to the traffic orchestration mark. Whether it is the preset traffic to be orchestrated, the method further includes: obtaining the traffic orchestration mark corresponding to the current traffic.
  • obtaining the traffic orchestration mark corresponding to the current traffic includes: determining whether the current traffic is the first time traffic; and if the current traffic is the first time traffic, for the current traffic Create a session record and establish the traffic orchestration mark in the created session record, and obtain the established traffic orchestration mark from the created session record to obtain the traffic orchestration mark corresponding to the current flow; and/or If the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
  • controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes: determining the next destination device that the current traffic will enter; directing the current traffic to the determined Next destination device, so that the current traffic enters the determined next destination device; receives the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device; judging the determined Whether the next destination device is the last destination device in the preset destination device sequence list; in the case where the determined next destination device is the last destination device, control the current traffic to enter the preset sequence in sequence. Assume the destination device in the destination device sequence list; and if the determined next destination device is not the last destination device, repeat the steps of determining the next destination device and directing the current traffic to the determined next destination. The device receives the current traffic again and determines whether it is the last destination device until the determined next destination device is the last destination device.
  • directing the current traffic to the determined next destination device includes: modifying the destination MAC address of the packet of the current flow to the determined MAC address of the next destination device and changing the The source MAC address of the current traffic packet is modified to the MAC address of the device running the method used for traffic orchestration.
  • the device includes: a traffic judgment module for judging whether the current received traffic is the preset traffic to be arranged; the preset destination device a sequence table determination module, configured to determine a preset destination device sequence table corresponding to the current flow when the current flow is the preset flow to be arranged; and a control module, used to control all The current traffic sequentially enters the destination devices in the preset destination device sequence table to arrange the current traffic.
  • the flow judgment module determines whether the current traffic is the preset flow to be arranged, including: judging whether the current flow is the preset flow to be arranged according to any of the following: the current flow is the preset flow to be arranged. Whether the identification information corresponding to the traffic is preset identification information and the traffic orchestration mark in the session record corresponding to the current traffic, wherein the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
  • the identification information is five-tuple information, a data string, or a feature code
  • the preset identification information is preset five-tuple information, a preset data string, or a preset feature code.
  • the device further includes: a traffic orchestration mark acquisition module, configured to determine whether the current traffic is the preset traffic to be orchestrated according to the traffic orchestration mark in the session record corresponding to the current traffic. , before determining whether the current traffic is the preset traffic to be arranged according to the traffic orchestration mark, obtain the traffic orchestration mark corresponding to the current flow.
  • a traffic orchestration mark acquisition module configured to determine whether the current traffic is the preset traffic to be orchestrated according to the traffic orchestration mark in the session record corresponding to the current traffic.
  • Another aspect of the embodiments of the present invention also provides a machine-readable storage medium.
  • the machine-readable storage medium stores instructions. The instructions are used to cause the machine to execute the above method.
  • the current traffic received is the traffic to be arranged by default, and the current traffic is arranged only when it is the traffic to be arranged by default.
  • the received traffic is filtered, not all Traffic is orchestrated to achieve fine-grained flow orchestration;
  • the preset traffic to be orchestrated can be set according to user interests, so that the traffic that the user is interested in can be identified and imported; in addition, Control the current traffic to enter the destination device sequentially according to the preset destination device sequence table. In this way, multiple devices can import traffic in a certain order and realize the traffic orchestration function of multiple devices.
  • Figure 1 is a flow chart of a method for traffic orchestration provided by an embodiment of the present invention
  • Figure 4 is a structural block diagram of a device for traffic orchestration provided by another embodiment of the present invention.
  • One aspect of embodiments of the present invention provides a method for traffic orchestration.
  • Figure 1 is a flow chart of a method for traffic orchestration provided by an embodiment of the present invention. As shown in Figure 1, the method includes the following contents.
  • step S10 it is determined whether the received current traffic is the preset flow to be arranged. If the current flow is the preset flow to be arranged, step S11 is executed. If the current flow is not the preset flow to be arranged, step S13 is executed.
  • the preset traffic to be orchestrated is the traffic that is preset to be orchestrated.
  • the preset traffic to be arranged can be determined according to specific circumstances. For example, the traffic to be arranged is set according to the user's interests, and the traffic that the user is interested in is set to be the preset traffic to be arranged. For example, it can be determined whether the current traffic is the preset traffic by comparing the received current traffic with the preset traffic to be arranged.
  • the identification information of the traffic can be used to compare the current traffic with the preset traffic to be arranged. Specifically, by judging whether the identification information corresponding to the current flow is the preset identification corresponding to the preset traffic to be arranged. information to determine whether the current traffic is the preset traffic to be arranged.
  • the identification information may be five-tuple information, a data string, a feature code, or the like. Among them, the five-tuple information includes the source address, destination address, source port, destination port and protocol of the traffic.
  • a preset destination device sequence table corresponding to the arrangement of the current traffic is determined.
  • the preset destination device sequence list includes at least one destination device.
  • the destination device can be an IDS (Intrusion Detection System), IPS (Intrusion Prevention System), WAF (Web Firewall), DPI (Deep Packet Inspection) and other devices used to analyze traffic.
  • the preset destination device sequence table is preset, and the preset destination device sequence table indicates the destination devices included in the traffic arrangement and the order in which the traffic passes through the destination devices. It should be noted that when the preset destination device sequence table includes only one destination device, the traffic only passes through the one destination device, and the sequence also only passes through the one destination device.
  • a preset destination device sequence table is set for the preset traffic to be orchestrated.
  • the sequence table will be set with The preset destination device sequence table corresponding to the current traffic to be arranged is determined as the preset destination device sequence table corresponding to the current traffic arrangement.
  • the current traffic received is the traffic to be arranged by default, and the current traffic is arranged only when it is the traffic to be arranged by default.
  • the received traffic is filtered, not all Traffic is orchestrated to achieve fine-grained flow orchestration;
  • the preset traffic to be orchestrated can be set according to user interests, so that the traffic that the user is interested in can be identified and imported; in addition, Control the current traffic to enter the destination device sequentially according to the preset destination device sequence table. In this way, multiple devices can import traffic in a certain order and realize the traffic orchestration function of multiple devices.
  • the method when determining whether the current flow is preset traffic to be arranged based on the traffic orchestration mark in the session record corresponding to the current flow, it is determined based on the traffic orchestration mark whether the current flow is preset traffic. Before setting the traffic to be orchestrated, the method also includes: obtaining the traffic orchestration mark corresponding to the current traffic.
  • obtaining the traffic orchestration mark corresponding to the current traffic may include the following content.
  • first-time traffic refers to the traffic in which the corresponding data packet is received for the first time.
  • To determine whether the current traffic is the first-time traffic is to determine whether the data packet corresponding to the current traffic is received for the first time. For example, whether the current traffic is the first traffic can be judged based on the five-tuple information. Specifically, obtain the five-tuple information of the current traffic, determine whether there is a historical session record matching the obtained five-tuple information, and determine whether the current traffic is the first traffic.
  • the session record is created based on the traffic using five-tuple information, for example, using the hash map algorithm, and the created session record will be saved. If a data packet of a certain flow has been received before, a session record corresponding to the flow has been established before; if a data packet of a certain flow has not been received before, a session record corresponding to the flow has not been established. Therefore, it can be determined whether the current traffic is the first traffic by determining whether there is a historical session record matching the received five-tuple information of the current traffic. When the current traffic is the first traffic, create a session record for the current traffic and establish a traffic orchestration mark in the created session record.
  • Traffic orchestration tags Among them, establishing a traffic orchestration mark is based on whether the current traffic is a preset traffic to be orchestrated. When the current traffic is a preset traffic to be orchestrated, the established traffic orchestration mark indicates that the current traffic is a preset traffic to be orchestrated. Traffic; when the current traffic is not the default traffic to be orchestrated, the established traffic orchestration mark indicates that the current traffic is not the default traffic to be orchestrated.
  • whether the current flow is preset flow to be arranged can be determined based on whether the identification information of the current flow is preset identification information. Specifically, reference can be made to the method described in the above embodiment. And/or if the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
  • the first destination device ranked first in the preset destination device sequence table will be the next destination device; if the preset destination device If there is a destination device that is the same as the determined current destination device in the sequence table, the destination device ranked after the destination device that is the same as the determined current destination device in the preset destination device sequence table is the next destination device.
  • the preset destination device sequence table indicates the sequence relationship between destination devices. By comparing the current destination device with the preset destination device sequence table, the next destination device can be determined. Specifically, when comparing the current destination device with the destination devices in the preset destination device sequence table, the identification information of the device (for example, name, number, source MAC address, etc.
  • Receive the current traffic again wherein receiving the current traffic again is receiving from the determined next destination device.
  • the last destination device refers to the destination device ranked last in the preset destination device sequence list.
  • the next destination device may be compared with the last destination device in the preset destination device sequence list.
  • the identification information of the device may be compared to determine whether the next destination device is the last destination device.
  • control of the current traffic is completed to sequentially enter the destination devices in the preset destination device sequence table.
  • FIG. 2 is a logical schematic diagram of a method for traffic orchestration provided by another embodiment of the present invention.
  • the technical solution provided by the embodiment of the present invention mainly includes two aspects. One is to use traffic orchestration tags to match traffic, and the other is to forward traffic to designated devices in a customized order.
  • the following is an exemplary introduction to the method for traffic orchestration provided by the embodiment of the present invention with reference to Figure 2.
  • the traffic to be arranged is preset to be the traffic of interest.
  • the traffic orchestration mark indicates that the current traffic is the traffic of interest; obtain the preset destination device sequence table corresponding to the current traffic and record it into the created session record Medium; find the route and record it into the created session record. After the current traffic enters the destination device in the preset destination device sequence table in turn, it can be forwarded normally according to the routing information in the session record; perform the follow-up according to the information in the created session record. content. If not, it means that the current traffic is not the traffic of interest; mark it as not interesting, that is, the traffic orchestration mark indicates that the current traffic is not the traffic of interest; find the route and record it in the created session record; press the created session record Information execution subsequent content.
  • the next destination device is determined according to the session record corresponding to the current flow, that is, the next destination device is determined according to the preset destination device sequence table recorded in the session record corresponding to the current flow.
  • the method described in the above embodiment can be used to determine the next destination device. Modify the destination MAC address of the packets of the current flow to the MAC address of the determined next destination device and modify the source MAC address of the packets of the current flow to the MAC address of the device running the method for traffic orchestration, and change the current Traffic is sent to the determined next destination device.
  • the control module controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes: determining the next destination device that the current traffic will enter; and directing the current traffic to the determined next destination device.
  • a destination device so that the current traffic enters the determined next destination device; receiving the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device; judging whether the determined next destination device is The last destination device in the preset destination device sequence list; when the determined next destination device is the last destination device, complete the control of the current traffic entering the destination device in the preset destination device sequence list; and in the determined next destination device If the next destination device is not the last destination device, repeat the operations of determining the next destination device, directing the current traffic to the determined next destination device, receiving the current traffic again, and determining whether it is the last destination device until the determined next destination device is determined.
  • the next destination device is the last destination device.
  • the device for traffic orchestration includes a processor and a memory.
  • the traffic judgment module, the preset destination device sequence table determination module and the control module are all stored in the memory as program units.
  • the processor executes the above programs stored in the memory. units to implement corresponding functions.
  • Memory may include non-permanent memory in computer-readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM).
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Another aspect of the embodiments of the present invention also provides a machine-readable storage medium.
  • the machine-readable storage medium stores instructions. The instructions are used to cause the machine to execute the method described in the above embodiments.
  • the device includes a processor, a memory, and a program stored in the memory and executable on the processor.
  • the processor executes the program, it implements the steps described in the above embodiment. method.
  • the devices in this article can be servers, PCs, PADs, mobile phones, etc.
  • embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions
  • the device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-volatile memory in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information.
  • Information may be computer-readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory.
  • PRAM phase change memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • RAM random access memory
  • read-only memory read-only memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory or other memory technology
  • compact disc read-only memory CD-ROM
  • DVD digital versatile disc
  • Magnetic tape cassettes tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium can be used to store information that can be accessed by a computing device.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Control Of Conveyors (AREA)

Abstract

Embodiments of the present invention relate to the technical field of networks, and provide a method and apparatus for traffic orchestration. The method comprises: determining whether received current traffic is preset traffic to be orchestrated; when the current traffic is the preset traffic to be orchestrated, determining a preset destination device sequence list corresponding to orchestration of the current traffic; and controlling the current traffic to sequentially enter destination devices in the preset destination device sequence list, so as to orchestrate the current traffic. Thus, received traffic is screened, and not all the traffic is orchestrated, so as to implement fine-grained flow orchestration.

Description

用于流量编排的方法和装置Methods and apparatus for traffic orchestration
相关申请的交叉引用Cross-references to related applications
本申请要求2022年06月23日提交的中国专利申请202210715957.9的权益,该申请的内容通过引用被合并于本文。This application claims the rights and interests of Chinese patent application 202210715957.9 submitted on June 23, 2022. The content of this application is incorporated into this article by reference.
技术领域Technical field
本发明涉及网络技术领域,具体地涉及一种用于流量编排的方法和装置。The present invention relates to the field of network technology, and specifically to a method and device for traffic orchestration.
背景技术Background technique
网络安全越来越受到重视,在国家安全中占据重要地位,目前很多安全设备分析流量都需要交换机流量镜像功能进行引流,但是这种方式存在着一些问题。Network security is receiving more and more attention and plays an important role in national security. Currently, many security devices require the switch traffic mirroring function to divert traffic when analyzing traffic. However, there are some problems with this approach.
现有技术存在多处缺点:(1)目前常用的流量编排的方式就是利用交换机的流量镜像功能,将进出某个交换机端口的所有流量全部导入网络安全设备(例如IDS入侵检查系统、IPS入侵防御系统等)或其他流量分析系统,是全部流量都会被导入进去,而不能按照用户感兴趣的流量进行识别并导入,例如,用户只想要TCP流量或者所有目的端口为80的流量进行导入,交换机流量镜像功能是不支持这种细颗粒度的流量编排功能;(2)交换机的流量镜像功能只能实现单个设备的流量导入,而不能实现多个设备按一定先后顺序进行流量导入,例如,使流量先过IDS系统,再过IPS系统,最后过WAF系统,无法实现多设备的流量编排功能。There are many shortcomings in the existing technology: (1) The currently commonly used traffic orchestration method is to use the traffic mirroring function of the switch to direct all traffic in and out of a certain switch port into network security devices (such as IDS intrusion detection system, IPS intrusion prevention). system, etc.) or other traffic analysis systems, all traffic will be imported, and the traffic that the user is interested in cannot be identified and imported. For example, the user only wants TCP traffic or all traffic with destination port 80 to be imported, the switch The traffic mirroring function does not support this kind of fine-grained traffic orchestration function; (2) The traffic mirroring function of the switch can only realize the traffic import of a single device, but cannot realize the traffic import of multiple devices in a certain sequence. For example, using The traffic first passes through the IDS system, then the IPS system, and finally the WAF system, making it impossible to implement the traffic orchestration function of multiple devices.
发明内容Contents of the invention
本发明实施例的目的是提供一种用于流量编排的方法和装置,其可解决或至少部分解决上述问题。The purpose of the embodiments of the present invention is to provide a method and device for traffic orchestration, which can solve or at least partially solve the above problems.
为了实现上述目的,本发明实施例的一个方面提供一种用于流量编排的方法,该方法包括:判断接收到的当前流量是否是预设要编排的流量;在所述当前流量是所述预设要编排的流量的情况下,确定对所述当前流量进行编排对应的预设目的设备顺序表;以及控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备,以对所述当前流量进行编排。In order to achieve the above object, one aspect of an embodiment of the present invention provides a method for traffic orchestration. The method includes: determining whether the current received traffic is preset traffic to be arranged; when the current traffic is the preset traffic In the case of traffic to be arranged, determine a preset destination device sequence table corresponding to the arrangement of the current traffic; and control the current traffic to enter the destination devices in the preset destination device sequence table in sequence, so as to all Describe the current traffic for orchestration.
可选地,判断所述当前流量是否是所述预设要编排的流量包括:根据以下任一者判断所述当前流量是否是所述预设要编排的流量:所述当前流量对应的标识信息是否是预设标识信息以及所述当前流量对应的会话记录中的流量编排标记,其中,所述流量编排标记表明对应的流量是否是所述预设要编排的流量。Optionally, determining whether the current flow is the preset flow to be arranged includes: judging whether the current flow is the preset flow to be arranged according to any of the following: identification information corresponding to the current flow Whether it is the preset identification information and the traffic orchestration mark in the session record corresponding to the current traffic, wherein the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
可选地,所述标识信息是五元组信息或数据字符串或特征码,所述预设标识信息是预设五元组信息或预设数据字符串或预设特征码。Optionally, the identification information is five-tuple information, a data string, or a feature code, and the preset identification information is preset five-tuple information, a preset data string, or a preset feature code.
可选地,在根据所述当前流量对应的会话记录中的流量编排标记判断所述当前流量是否是所述预设要编排的流量的情况下,在根据所述流量编排标记判断所述当前流量是否是所述预设要编排的流量之前,该方法还包括:获取所述当前流量对应的所述流量编排标记。Optionally, when determining whether the current traffic is the preset traffic to be arranged according to the traffic orchestration mark in the session record corresponding to the current traffic, the current traffic is determined according to the traffic orchestration mark. Whether it is the preset traffic to be orchestrated, the method further includes: obtaining the traffic orchestration mark corresponding to the current traffic.
可选地,所述获取所述当前流量对应的所述流量编排标记包括:判断所述当前流量是否是首次流量;以及在所述当前流量是所述首次流量的情况下,针对所述当前流量创建会话记录并在所创建的会话记录中建立所述流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取所述当 前流量对应的所述流量编排标记;和/或在所述当前流量不是所述首次流量的情况下,获取所述当前流量对应的历史会话记录中的流量编排标记以获取所述当前流量对应的所述流量编排标记。Optionally, obtaining the traffic orchestration mark corresponding to the current traffic includes: determining whether the current traffic is the first time traffic; and if the current traffic is the first time traffic, for the current traffic Create a session record and establish the traffic orchestration mark in the created session record, and obtain the established traffic orchestration mark from the created session record to obtain the traffic orchestration mark corresponding to the current flow; and/or If the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
可选地,所述控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备包括:确定所述当前流量将进入的下一目的设备;将所述当前流量引至所确定的下一目的设备,以使得所述当前流量进入所确定的下一目的设备;再次接收所述当前流量,其中,再次接收所述当前流量为从所确定的下一目的设备进行接收;判断所确定的下一目的设备是否是所述预设目的设备顺序表中的最后目的设备;在所确定的下一目的设备是所述最后目的设备的情况下,完成控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备;以及在所确定的下一目的设备不是所述最后目的设备的情况下,重复关于确定下一目的设备、将所述当前流量引至所确定的下一目的设备、再次接收所述当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是所述最后目的设备。Optionally, controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes: determining the next destination device that the current traffic will enter; directing the current traffic to the determined Next destination device, so that the current traffic enters the determined next destination device; receives the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device; judging the determined Whether the next destination device is the last destination device in the preset destination device sequence list; in the case where the determined next destination device is the last destination device, control the current traffic to enter the preset sequence in sequence. Assume the destination device in the destination device sequence list; and if the determined next destination device is not the last destination device, repeat the steps of determining the next destination device and directing the current traffic to the determined next destination. The device receives the current traffic again and determines whether it is the last destination device until the determined next destination device is the last destination device.
可选地,所述将所述当前流量引至所确定的下一目的设备包括:将所述当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将所述当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址。Optionally, directing the current traffic to the determined next destination device includes: modifying the destination MAC address of the packet of the current flow to the determined MAC address of the next destination device and changing the The source MAC address of the current traffic packet is modified to the MAC address of the device running the method used for traffic orchestration.
相应地,本发明实施例的另一方面提供一种用于流量编排的装置,该装置包括:流量判断模块,用于判断接收到的当前流量是否是预设要编排的流量;预设目的设备顺序表确定模块,用于在所述当前流量是所述预设要编排的流量的情况下,确定对所述当前流量进行编排对应的预设目的设备顺序表;以及控制模块,用于控制所述当前流量依次进入所述预设目的设备顺序表中 的目的设备,以对所述当前流量进行编排。Accordingly, another aspect of the embodiment of the present invention provides a device for traffic orchestration. The device includes: a traffic judgment module for judging whether the current received traffic is the preset traffic to be arranged; the preset destination device a sequence table determination module, configured to determine a preset destination device sequence table corresponding to the current flow when the current flow is the preset flow to be arranged; and a control module, used to control all The current traffic sequentially enters the destination devices in the preset destination device sequence table to arrange the current traffic.
可选地,所述流量判断模块判断所述当前流量是否是所述预设要编排的流量包括:根据以下任一者判断所述当前流量是否是所述预设要编排的流量:所述当前流量对应的标识信息是否是预设标识信息以及所述当前流量对应的会话记录中的流量编排标记,其中,所述流量编排标记表明对应的流量是否是所述预设要编排的流量。Optionally, the flow judgment module determines whether the current traffic is the preset flow to be arranged, including: judging whether the current flow is the preset flow to be arranged according to any of the following: the current flow is the preset flow to be arranged. Whether the identification information corresponding to the traffic is preset identification information and the traffic orchestration mark in the session record corresponding to the current traffic, wherein the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
可选地,所述标识信息是五元组信息或数据字符串或特征码,所述预设标识信息是预设五元组信息或预设数据字符串或预设特征码。Optionally, the identification information is five-tuple information, a data string, or a feature code, and the preset identification information is preset five-tuple information, a preset data string, or a preset feature code.
可选地,该装置还包括:流量编排标记获取模块,用于在根据所述当前流量对应的会话记录中的流量编排标记判断所述当前流量是否是所述预设要编排的流量的情况下,在根据所述流量编排标记判断所述当前流量是否是所述预设要编排的流量之前,获取所述当前流量对应的所述流量编排标记。Optionally, the device further includes: a traffic orchestration mark acquisition module, configured to determine whether the current traffic is the preset traffic to be orchestrated according to the traffic orchestration mark in the session record corresponding to the current traffic. , before determining whether the current traffic is the preset traffic to be arranged according to the traffic orchestration mark, obtain the traffic orchestration mark corresponding to the current flow.
可选地,所述流量编排标记获取模块获取所述当前流量对应的所述流量编排标记包括:判断所述当前流量是否是首次流量;以及在所述当前流量是所述首次流量的情况下,针对所述当前流量创建会话记录并在所创建的会话记录中建立所述流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取所述当前流量对应的所述流量编排标记;和/或在所述当前流量不是所述首次流量的情况下,获取所述当前流量对应的历史会话记录中的流量编排标记以获取所述当前流量对应的所述流量编排标记。Optionally, the traffic orchestration mark acquisition module obtains the traffic orchestration mark corresponding to the current flow including: determining whether the current flow is the first time traffic; and if the current flow is the first time traffic, Create a session record for the current traffic and establish the traffic orchestration mark in the created session record, and obtain the established traffic orchestration mark from the created session record to obtain the traffic orchestration corresponding to the current flow. mark; and/or if the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current flow to obtain the traffic orchestration mark corresponding to the current flow.
可选地,所述控制模块控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备包括:确定所述当前流量将进入的下一目的设备;将所述当前流量引至所确定的下一目的设备,以使得所述当前流量进入所确定的下一目的设备;再次接收所述当前流量,其中,再次接收所述当前流量为从所 确定的下一目的设备进行接收;判断所确定的下一目的设备是否是所述预设目的设备顺序表中的最后目的设备;在所确定的下一目的设备是所述最后目的设备的情况下,完成控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备;以及在所确定的下一目的设备不是所述最后目的设备的情况下,重复关于确定下一目的设备、将所述当前流量引至所确定的下一目的设备、再次接收所述当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是所述最后目的设备。Optionally, the control module controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes: determining the next destination device that the current traffic will enter; directing the current traffic to the destination device. The determined next destination device, so that the current traffic enters the determined next destination device; receiving the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device; judging Whether the determined next destination device is the last destination device in the preset destination device sequence list; if the determined next destination device is the last destination device, complete the control of the current traffic entering all the destination devices in sequence. The destination device in the preset destination device sequence list; and if the determined next destination device is not the last destination device, repeat the steps of determining the next destination device and directing the current traffic to the determined next destination device. A destination device receives the current traffic again and determines whether it is the last destination device until the determined next destination device is the last destination device.
可选地,所述将所述当前流量引至所确定的下一目的设备包括:将所述当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将所述当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址。Optionally, directing the current traffic to the determined next destination device includes: modifying the destination MAC address of the packet of the current flow to the determined MAC address of the next destination device and changing the The source MAC address of the current traffic packet is modified to the MAC address of the device running the method used for traffic orchestration.
此外,本发明实施例的另一方面还提供一种机器可读存储介质,该机器可读存储介质上存储有指令,该指令用于使得机器执行上述的方法。In addition, another aspect of the embodiments of the present invention also provides a machine-readable storage medium. The machine-readable storage medium stores instructions. The instructions are used to cause the machine to execute the above method.
另外,本发明实施例的另一方面还提供一种处理器,用于运行程序,其中,所述程序被运行时用于执行上述的方法。In addition, another aspect of the embodiment of the present invention also provides a processor for running a program, wherein the program is used to perform the above method when run.
通过上述技术方案,判断接收到的当前流量是否是预设要编排的流量,在是预设要编排的流量的情况下才对当前流量进行编排,如此,对接收到的流量进行筛选,非全部流量都被进行编排,以实现细颗粒度的流编排;此外,预设要编排的流量可以是根据用户兴趣进行设定的,如此,可以实现按照用户感兴趣的流量进行识别并导入;另外,控制当前流量按照预设目的设备顺序表依次进入目的设备,如此,实现了多个设备按一定先后顺序进行流量导入,实现多设备的流量编排功能。Through the above technical solution, it is judged whether the current traffic received is the traffic to be arranged by default, and the current traffic is arranged only when it is the traffic to be arranged by default. In this way, the received traffic is filtered, not all Traffic is orchestrated to achieve fine-grained flow orchestration; in addition, the preset traffic to be orchestrated can be set according to user interests, so that the traffic that the user is interested in can be identified and imported; in addition, Control the current traffic to enter the destination device sequentially according to the preset destination device sequence table. In this way, multiple devices can import traffic in a certain order and realize the traffic orchestration function of multiple devices.
本发明实施例的其它特征和优点将在随后的具体实施方式部分予以详 细说明。Other features and advantages of embodiments of the present invention will be described in detail in the detailed description that follows.
附图说明Description of the drawings
附图是用来提供对本发明实施例的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本发明实施例,但并不构成对本发明实施例的限制。在附图中:The drawings are used to provide a further understanding of the embodiments of the present invention and constitute a part of the description. Together with the following specific implementation modes, they are used to explain the embodiments of the present invention, but do not constitute a limitation to the embodiments of the present invention. In the attached picture:
图1是本发明以实施例提供的用于流量编排的方法的流程图;Figure 1 is a flow chart of a method for traffic orchestration provided by an embodiment of the present invention;
图2是本发明另一实施例提供的用于流量编排的方法的逻辑示意图;Figure 2 is a logical schematic diagram of a method for traffic orchestration provided by another embodiment of the present invention;
图3是本发明另一实施例提供的流量走向示意图;以及Figure 3 is a schematic diagram of traffic flow provided by another embodiment of the present invention; and
图4是本发明另一实施例提供的用于流量编排的装置的结构框图。Figure 4 is a structural block diagram of a device for traffic orchestration provided by another embodiment of the present invention.
附图标记说明Explanation of reference signs
1、流量判断模块;2、预设目的设备顺序表确定模块;3、控制模块。1. Traffic judgment module; 2. Preset destination device sequence table determination module; 3. Control module.
具体实施方式Detailed ways
以下结合附图对本发明实施例的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明实施例,并不用于限制本发明实施例。Specific implementation modes of the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the specific implementations described here are only used to illustrate and explain the embodiments of the present invention, and are not used to limit the embodiments of the present invention.
本发明实施例的一个方面提供一种用于流量编排的方法。One aspect of embodiments of the present invention provides a method for traffic orchestration.
图1是本发明一实施例提供的用于流量编排的方法的流程图。如图1所示,该方法包括以下内容。Figure 1 is a flow chart of a method for traffic orchestration provided by an embodiment of the present invention. As shown in Figure 1, the method includes the following contents.
在步骤S10中,判断接收到的当前流量是否是预设要编排的流量,若当前流量是预设要编排的流量则执行步骤S11,若当前流量不是预设要编排的 流量则执行步骤S13。其中,预设要编排的流量是预先设置的对其进行编排的流量。此外,预设要编排的流量可以是根据具体情况而定的,例如,根据用户的兴趣进行设置,设置用户感兴趣的流量为预设要编排的流量。例如,可以通过将接收到的当前流量与预设要编排的流量进行比对,来判断当前流量是否是预设要编排的流量。可选地,可以是借助于流量的标识信息将当前流量与预设要编排的流量进行比对,具体地,通过判断当前流量对应的标识信息是否是预设要编排的流量对应的预设标识信息,来判断当前流量是否是预设要编排的流量。例如,标识信息可以是五元组信息或数据字符串或特征码等等。其中,五元组信息包括流量的源地址、目的地址、源端口、目的端口和协议。可选地,设置预设要编排的流量的五元组信息或数据字符串或特征码为预设五元组信息或预设数据字符串或预设特征码,将接收到的当前流量的五元组信息或数据字符串或特征码与预设五元组信息或预设数据字符串或预设特征码进行比对,以判断当前流量的五元组信息或数据字符串或特征码是否是预设五元组信息或预设数据字符串或预设特征码,从而判断当前流量是否是预设要编排的流量。也就是,在本发明实施例中,标识信息可以是五元组信息,预设标识信息可以是预设五元组信息;或者,标识信息可以是数据字符串,预设标识信息可以是预设数据字符串;或者,标识信息可以是特征码,预设标识信息可以是预设特征码。此外,还可以根据当前流量对应的会话(session)记录中的流量编排标记来判断当前流量是否是预设要编排的流量。其中,流量编排标记表明对应的流量是否是预设要编排的流量。具体地,当当前流量对应的流量编排标记表明当前流量不是预设要编排的流量时则判断当前流量不是预设要编排的流量,当当前流量对应的流量编排标记表明当前流量是预设要编排的流量时则判断当前流量是预设要编排的流 量。具体地,流量编排标记是会话记录中的一个变量,为其赋不同的值表明不同的内容,例如,标记变量赋值为0表明对应的流量不是预设要编排的流量,标记变量赋值为1表明对应的流量是预设要编排的流量。In step S10, it is determined whether the received current traffic is the preset flow to be arranged. If the current flow is the preset flow to be arranged, step S11 is executed. If the current flow is not the preset flow to be arranged, step S13 is executed. Among them, the preset traffic to be orchestrated is the traffic that is preset to be orchestrated. In addition, the preset traffic to be arranged can be determined according to specific circumstances. For example, the traffic to be arranged is set according to the user's interests, and the traffic that the user is interested in is set to be the preset traffic to be arranged. For example, it can be determined whether the current traffic is the preset traffic by comparing the received current traffic with the preset traffic to be arranged. Optionally, the identification information of the traffic can be used to compare the current traffic with the preset traffic to be arranged. Specifically, by judging whether the identification information corresponding to the current flow is the preset identification corresponding to the preset traffic to be arranged. information to determine whether the current traffic is the preset traffic to be arranged. For example, the identification information may be five-tuple information, a data string, a feature code, or the like. Among them, the five-tuple information includes the source address, destination address, source port, destination port and protocol of the traffic. Optionally, set the preset five-tuple information or data string or feature code of the traffic to be arranged as the preset five-tuple information or the preset data string or the preset feature code, and use the received five-tuple information of the current traffic as the preset five-tuple information or the preset data string or the preset feature code. Compare the tuple information or data string or feature code with the preset five-tuple information or preset data string or preset feature code to determine whether the five-tuple information, data string or feature code of the current traffic is Preset five-tuple information or preset data strings or preset feature codes to determine whether the current traffic is the preset traffic to be arranged. That is, in the embodiment of the present invention, the identification information may be five-tuple information, and the preset identification information may be preset five-tuple information; or the identification information may be a data string, and the preset identification information may be preset Data string; alternatively, the identification information may be a feature code, and the preset identification information may be a preset feature code. In addition, whether the current traffic is preset traffic can be determined based on the traffic orchestration mark in the session record corresponding to the current traffic. Among them, the traffic orchestration mark indicates whether the corresponding traffic is preset traffic to be orchestrated. Specifically, when the traffic orchestration mark corresponding to the current flow indicates that the current flow is not the traffic to be arranged by default, it is determined that the current flow is not the traffic to be arranged by default, and when the traffic orchestration mark corresponding to the current flow indicates that the current flow is the traffic to be arranged by default When there is traffic, it is judged that the current traffic is the traffic to be arranged by default. Specifically, the traffic orchestration tag is a variable in the session record. Assigning different values to it indicates different content. For example, assigning a value of 0 to the tag variable indicates that the corresponding traffic is not the preset traffic, and assigning a value of 1 to the tag variable indicates that The corresponding traffic is the traffic to be arranged by default.
在步骤S11中,确定对当前流量进行编排对应的预设目的设备顺序表。其中,预设目的设备顺序表包括至少1个目的设备。此外,目的设备可以是IDS(入侵检测系统)、IPS(入侵防御系统)、WAF(web防火墙)、DPI(深度报文检测)等用于分析流量的设备。另外,预设目的设备顺序表是预先设置的,预设目的设备顺序表表明了对流量进行编排包括的目的设备及流量经过目的设备的顺序。需要说明的是,当预设目的设备顺序表中仅包括一个目的设备时,流量仅经过该一个目的设备,顺序也是仅经过该一个目的设备。例如,可以是在设置哪些流量是预设要编排的流量时,针对预设要编排的流量设置预设目的设备顺序表,从在确定当前流量是预设要编排的流量的情况下,将与当前流量对应的预设要编排的流量对应的预设目的设备顺序表确定为对当前流量进行编排对应的预设目的设备顺序表。在借助于流量的标识信息将当前流量与预设要编排的流量进行比对的情况下,可以是针对预设标识信息设置预设目的设备顺序表;具体地,在当前流量的标识信息是预设标识信息的情况下,将与当前流量的标识信息对应的预设标识信息对应的预设目的设备顺序表确定为对当前流量进行编排对应的预设目的设备顺序表。此外,预设目的设备顺序表可以记录在会话记录中,当根据当前流量对应的会话记录中的流量编排标记判断当前流量是预设要编排的流量时,对当前流量进行编排对应的预设目的设备顺序表被记录在了当前流量对应的会话记录中,则可以从当前流量对应的会话记录中获取到当前流量对应的预设目的设备顺序表,以确定当前流量对应的预设目的设备顺序表。In step S11, a preset destination device sequence table corresponding to the arrangement of the current traffic is determined. The preset destination device sequence list includes at least one destination device. In addition, the destination device can be an IDS (Intrusion Detection System), IPS (Intrusion Prevention System), WAF (Web Firewall), DPI (Deep Packet Inspection) and other devices used to analyze traffic. In addition, the preset destination device sequence table is preset, and the preset destination device sequence table indicates the destination devices included in the traffic arrangement and the order in which the traffic passes through the destination devices. It should be noted that when the preset destination device sequence table includes only one destination device, the traffic only passes through the one destination device, and the sequence also only passes through the one destination device. For example, when setting which traffic is preset to be orchestrated, a preset destination device sequence table is set for the preset traffic to be orchestrated. When it is determined that the current traffic is the preset traffic to be orchestrated, the sequence table will be set with The preset destination device sequence table corresponding to the current traffic to be arranged is determined as the preset destination device sequence table corresponding to the current traffic arrangement. In the case where the current traffic is compared with the preset traffic to be arranged by means of the identification information of the traffic, a preset destination device sequence table may be set for the preset identification information; specifically, when the identification information of the current flow is the preset If identification information is provided, the preset destination device sequence table corresponding to the preset identification information corresponding to the identification information of the current flow is determined as the preset destination device sequence table corresponding to the arrangement of the current flow. In addition, the preset destination device sequence table can be recorded in the session record. When the current flow is determined to be preset to be arranged according to the traffic orchestration mark in the session record corresponding to the current flow, the current flow is arranged to the corresponding preset purpose. If the device sequence table is recorded in the session record corresponding to the current flow, the preset destination device sequence table corresponding to the current flow can be obtained from the session record corresponding to the current flow to determine the preset destination device sequence table corresponding to the current flow. .
在步骤S12中,控制当前流量依次进入预设目的设备顺序表中的目的设备,以对当前流量进行编排。其中,在预设目的设备顺序表中仅包括一个目的设备的情况下,控制当前流量进入该一个目的设备;在预设目的设备顺序表中包括至少两个目的设备的情况下,根据预设目的设备顺序表中表明的目的设备的顺序控制当前流量进入这至少两个目的设备。In step S12, the current traffic is controlled to enter the destination devices in the preset destination device sequence list in order to arrange the current traffic. Wherein, when the preset destination device sequence table includes only one destination device, the current traffic is controlled to enter the one destination device; when the preset destination device sequence table includes at least two destination devices, the current traffic is controlled according to the preset purpose. The order of destination devices indicated in the device sequence table controls current traffic entering these at least two destination devices.
在步骤S13中,查找路由正常转发。将当前流量正常转发至目的地,例如,转发至目的服务器。In step S13, the route is searched for normal forwarding. Forward the current traffic to the destination normally, for example, to the destination server.
通过上述技术方案,判断接收到的当前流量是否是预设要编排的流量,在是预设要编排的流量的情况下才对当前流量进行编排,如此,对接收到的流量进行筛选,非全部流量都被进行编排,以实现细颗粒度的流编排;此外,预设要编排的流量可以是根据用户兴趣进行设定的,如此,可以实现按照用户感兴趣的流量进行识别并导入;另外,控制当前流量按照预设目的设备顺序表依次进入目的设备,如此,实现了多个设备按一定先后顺序进行流量导入,实现多设备的流量编排功能。Through the above technical solution, it is judged whether the current traffic received is the traffic to be arranged by default, and the current traffic is arranged only when it is the traffic to be arranged by default. In this way, the received traffic is filtered, not all Traffic is orchestrated to achieve fine-grained flow orchestration; in addition, the preset traffic to be orchestrated can be set according to user interests, so that the traffic that the user is interested in can be identified and imported; in addition, Control the current traffic to enter the destination device sequentially according to the preset destination device sequence table. In this way, multiple devices can import traffic in a certain order and realize the traffic orchestration function of multiple devices.
可选地,在本发明实施例中,在根据当前流量对应的会话记录中的流量编排标记判断当前流量是否是预设要编排的流量的情况下,在根据流量编排标记判断当前流量是否是预设要编排的流量之前,该方法还包括:获取当前流量对应的流量编排标记。Optionally, in the embodiment of the present invention, when determining whether the current flow is preset traffic to be arranged based on the traffic orchestration mark in the session record corresponding to the current flow, it is determined based on the traffic orchestration mark whether the current flow is preset traffic. Before setting the traffic to be orchestrated, the method also includes: obtaining the traffic orchestration mark corresponding to the current traffic.
可选地,在本发明实施例中,获取当前流量对应的流量编排标记可以包括以下内容。判断当前流量是否是首次流量。其中,首次流量指的是对应的数据包第一次被接收的流量,判断当前流量是否是首次流量也就是判断当前流量对应的数据包是否是被首次接收。例如,可以根据五元组信息来判断当前流量是否是首次流量。具体地,获取当前流量的五元组信息,判断是否存 在与所获取的五元组信息匹配的历史会话记录来判断当前流量是否是首次流量。其中,会话记录是利用五元组信息针对流量创建的,例如使用hash map算法创建的,且创建的会话记录会被保存。若某流量的数据包之前被接收过则之前已建立过与该流量对应的会话记录;若某流量的数据包之前未被接收过则未建立过于该流量对应的会话记录。由此,可以通过判断是否有与接收到的当前流量的五元组信息匹配的历史会话记录来判断当前流量是否是首次流量。在当前流量是首次流量的情况下,针对当前流量创建会话记录并在所创建的会话记录中建立流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取当前流量对应的流量编排标记。其中,建立流量编排标记为根据当前流量是否是预设要编排的流量进行建立,在当前流量是预设要编排的流量的情况下,所建立的流量编排标记表明当前流量是预设要编排的流量;在当前流量不是预设要编排的流量的情况下,所建立的流量编排标记表明当前流量不是预设要编排的流量。具体地,可以根据当前流量的标识信息是否是预设标识信息判断当前流量是否是预设要编排的流量,具体地,可以参见上述实施例中所述的方法。和/或在当前流量不是首次流量的情况下,获取当前流量对应的历史会话记录中的流量编排标记以获取当前流量对应的流量编排标记。Optionally, in this embodiment of the present invention, obtaining the traffic orchestration mark corresponding to the current traffic may include the following content. Determine whether the current traffic is the first traffic. Among them, first-time traffic refers to the traffic in which the corresponding data packet is received for the first time. To determine whether the current traffic is the first-time traffic is to determine whether the data packet corresponding to the current traffic is received for the first time. For example, whether the current traffic is the first traffic can be judged based on the five-tuple information. Specifically, obtain the five-tuple information of the current traffic, determine whether there is a historical session record matching the obtained five-tuple information, and determine whether the current traffic is the first traffic. Among them, the session record is created based on the traffic using five-tuple information, for example, using the hash map algorithm, and the created session record will be saved. If a data packet of a certain flow has been received before, a session record corresponding to the flow has been established before; if a data packet of a certain flow has not been received before, a session record corresponding to the flow has not been established. Therefore, it can be determined whether the current traffic is the first traffic by determining whether there is a historical session record matching the received five-tuple information of the current traffic. When the current traffic is the first traffic, create a session record for the current traffic and establish a traffic orchestration mark in the created session record. Obtain the established traffic orchestration mark from the created session record to obtain the traffic corresponding to the current traffic. Traffic orchestration tags. Among them, establishing a traffic orchestration mark is based on whether the current traffic is a preset traffic to be orchestrated. When the current traffic is a preset traffic to be orchestrated, the established traffic orchestration mark indicates that the current traffic is a preset traffic to be orchestrated. Traffic; when the current traffic is not the default traffic to be orchestrated, the established traffic orchestration mark indicates that the current traffic is not the default traffic to be orchestrated. Specifically, whether the current flow is preset flow to be arranged can be determined based on whether the identification information of the current flow is preset identification information. Specifically, reference can be made to the method described in the above embodiment. And/or if the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
可选地,在本发明实施例中,控制当前流量依次进入预设目的设备顺序表中的目的设备可以包括以下内容。确定当前流量将进入的下一目的设备。例如,解析当前流量的报文的协议头部,根据解析得到的源MAC地址,确定当前流量所来自的或者刚刚进入的当前目的设备,将所确定的当前目的设备与预设目的设备顺序表中包括的目的设备进行比对,判断预设目的设备顺序表中是否有与所确定的当前目的设备相同的目的设备。若预设目的设备顺 序表中没有与所确定的当前目的设备相同的目的设备,则预设目的设备顺序表中排在第一位的第一目的设备为下一目的设备;若预设目的设备顺序表中有与所确定的当前目的设备相同的目的设备,则预设目的设备顺序表中排在与所确定的当前目的设备相同的目的设备后的目的设备为下一目的设备。预设目的设备顺序表中表明了目的设备之间的顺序关系,通过将当前目的设备与预设目的设备顺序表进行比对,可以确定下一目的设备。具体地,在将当前目的设备与预设目的设备顺序表中的目的设备进行比对时,可以是将设备的标识信息(例如,名称、编号、源MAC地址等可以对设备进行区分的信息)进行比对。例如,标识信息可以是源MAC地址,预设目的设备顺序表中包括目的设备的源MAC地址,将当前目的设备的源MAC地址与预设目的设备顺序表中的目的设备的源MAC地址进行比对。将当前流量引至所确定的下一目的设备,以使得当前流量进入所确定的下一目的设备。例如,可以是通过将当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址来将当前流量引至所确定的下一目的设备。再次接收当前流量,其中,再次接收当前流量为从所确定的下一目的设备进行接收。判断所确定的下一目的设备是否是预设目的设备顺序表中的最后目的设备。其中,最后目的设备指的是预设目的设备顺序表中排在最后一位的目的设备。具体地,可以将下一目的设备与预设目的设备顺序表中的最后目的设备进行比对,例如,可以是将设备的标识信息进行比对,以判断下一目的设备是否是最后目的设备。在所确定的下一目的设备是最后目的设备的情况下,完成控制当前流量依次进入预设目的设备顺序表中的目的设备。其中,完成控制当前流量依次进入预设目的设备顺序表中的目的设备后,可以进行 查找路由正常转发的操作。其中,路由可以被记录在会话记录中,可以根据会话记录中的路由进行转发。在所确定的下一目的设备不是最后目的设备的情况下,重复关于确定下一目的设备、将当前流量引至所确定的下一目的设备、再次接收当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是最后目的设备。Optionally, in this embodiment of the present invention, controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence list may include the following content. Determine the next destination device that current traffic will enter. For example, parse the protocol header of the current traffic packet, determine the current destination device from which the current traffic comes or has just entered based on the parsed source MAC address, and compare the determined current destination device with the preset destination device sequence table. The included destination devices are compared to determine whether there is a destination device in the preset destination device sequence table that is the same as the determined current destination device. If there is no destination device that is the same as the determined current destination device in the preset destination device sequence table, the first destination device ranked first in the preset destination device sequence table will be the next destination device; if the preset destination device If there is a destination device that is the same as the determined current destination device in the sequence table, the destination device ranked after the destination device that is the same as the determined current destination device in the preset destination device sequence table is the next destination device. The preset destination device sequence table indicates the sequence relationship between destination devices. By comparing the current destination device with the preset destination device sequence table, the next destination device can be determined. Specifically, when comparing the current destination device with the destination devices in the preset destination device sequence table, the identification information of the device (for example, name, number, source MAC address, etc. that can distinguish the device) Make a comparison. For example, the identification information may be a source MAC address. The preset destination device sequence table includes the source MAC address of the destination device. The source MAC address of the current destination device is compared with the source MAC address of the destination device in the preset destination device sequence table. right. Direct the current traffic to the determined next destination device, so that the current traffic enters the determined next destination device. For example, the destination MAC address of the packets of the current flow can be modified to the MAC address of the determined next destination device and the source MAC address of the packets of the current flow can be modified to that of the device running the method for traffic orchestration. MAC address to direct the current traffic to the determined next destination device. Receive the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device. Determine whether the determined next destination device is the last destination device in the preset destination device sequence list. Among them, the last destination device refers to the destination device ranked last in the preset destination device sequence list. Specifically, the next destination device may be compared with the last destination device in the preset destination device sequence list. For example, the identification information of the device may be compared to determine whether the next destination device is the last destination device. In the case where the determined next destination device is the last destination device, control of the current traffic is completed to sequentially enter the destination devices in the preset destination device sequence table. Among them, after completing the control of the current traffic entering the destination devices in the preset destination device sequence table, the operation of finding the route and forwarding it normally can be performed. Among them, the route can be recorded in the session record, and forwarding can be performed based on the route in the session record. If the determined next destination device is not the last destination device, repeat the operations of determining the next destination device, directing the current traffic to the determined next destination device, receiving the current traffic again, and determining whether it is the last destination device. , until the determined next destination device is the final destination device.
图2是本发明另一实施例提供的用于流量编排的方法的逻辑示意图。其中,本发明实施例提供的技术方案主要包括两个方面,一个是采用流量编排标记进行流量匹配,二是将流量按自定义顺序依次转发到指定设备上。下面结合图2对本发明实施例提供的用于流量编排的方法进行示例性介绍。其中,在该实施例中,预设要编排的流量是感兴趣的流量。Figure 2 is a logical schematic diagram of a method for traffic orchestration provided by another embodiment of the present invention. Among them, the technical solution provided by the embodiment of the present invention mainly includes two aspects. One is to use traffic orchestration tags to match traffic, and the other is to forward traffic to designated devices in a customized order. The following is an exemplary introduction to the method for traffic orchestration provided by the embodiment of the present invention with reference to Figure 2. In this embodiment, the traffic to be arranged is preset to be the traffic of interest.
如图2所示,该方法包括以下内容。客户端发起输入流量的请求,所请求的流量即为当前流量。当前流量输入。获取当前流量的五元组信息。判断是否存在与当前流量的五元组信息匹配的会话记录。若存在,则当前流量非首次流量,则按照与当前流量的五元组信息匹配的会话记录的信息执行后续内容。若不存在,则当前流量是首次流量,用五元组信息使用hash map算法针对当前流量创建会话记录。获取当前流量的数据字符串或者特征码。判断当前流量是否匹配到五元组信息或者数据字符串或者特征码,预先设置感兴趣的流量对应的五元组信息或者数据字符串或者特征码,判断预先设置的五元组信息或者数据字符串或者特征码中是否有与当前流量匹配的五元组信息或者数据字符串或者特征码,也就是判断当前流量的五元组信息是否是预设五元组信息,或者判断当前流量的数据字符串是否是预设数据字符串,或者判断当前流量的特征码是否是预设特征码。若是,则说明当前流量是感兴趣的流量;标记感兴趣,也就是流量编排标记表明当前流量是感兴趣的流 量;获取当前流量对应的预设目的设备顺序表并将其记录进创建的会话记录中;查找路由并将其记录进创建的会话记录中,在当前流量依次进入预设目的设备顺序表中的目的设备后可按会话记录中路由信息正常转发;按创建的会话记录的信息执行后续内容。若否,则说明当前流量不是感兴趣的流量;标记不感兴趣,也就是流量编排标记表明当前流量不是感兴趣的流量;查找路由并将其记录进创建的会话记录中;按创建的会话记录的信息执行后续内容。根据会话记录中的标记(流量编排标记)判断当前流量是否是感兴趣的流量。若不是,则根据当前流量对应的会话记录中的路由转发出去。若是,则根据当前流量对应的会话记录确定下一目的设备,也就是,根据当前流量对应的会话记录中的记录的预设目的设备顺序表确定下一目的设备。具体地,可以参加上述实施例中所述的方法确定下一目的设备。将当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址,将当前流量发送至所确定的下一目的设备。下一目的设备接收当前流量分析后又返回当前流量,也就是再次接收到当前流量。其中,可以预先设置好从下一目的设备返回当前流量的路由地址。根据会话记录判断下一目的设备是否是最后目的设备,也就是根据会话记录中记录的预设目的设备顺序表判断下一目的设备是否是最后目的设备,具体地,参见上述实施例中所述的方法。若是,则根据当前流量对应的会话记录中的路由转发出去。若否,执行回到“根据当前流量对应的会话记录确定下一目的设备”这一步继续重复执行后续内容,此时下一目的设备成为当前流量刚刚进入的当前目的设备。根据当前流量对应的会话记录中的路由转发出去后,目的服务器接收当前流量。As shown in Figure 2, the method includes the following contents. The client initiates a request for input traffic, and the requested traffic is the current traffic. Current traffic input. Get the 5-tuple information of the current traffic. Determine whether there is a session record matching the five-tuple information of the current traffic. If it exists, the current traffic is not the first traffic, and the subsequent content is executed according to the information of the session record that matches the five-tuple information of the current traffic. If it does not exist, the current traffic is the first traffic, and the five-tuple information is used to create a session record for the current traffic using the hash map algorithm. Get the data string or feature code of the current traffic. Determine whether the current traffic matches the five-tuple information, data string or feature code, pre-set the five-tuple information, data string or feature code corresponding to the traffic of interest, and determine the pre-set five-tuple information or data string Or whether there is five-tuple information or data string or feature code in the characteristic code that matches the current traffic, that is, it is judged whether the five-tuple information of the current traffic is the preset five-tuple information, or whether it is the data string of the current traffic. Whether it is a preset data string, or whether the feature code of the current traffic is a preset feature code. If so, it means that the current traffic is the traffic of interest; mark the interest, that is, the traffic orchestration mark indicates that the current traffic is the traffic of interest; obtain the preset destination device sequence table corresponding to the current traffic and record it into the created session record Medium; find the route and record it into the created session record. After the current traffic enters the destination device in the preset destination device sequence table in turn, it can be forwarded normally according to the routing information in the session record; perform the follow-up according to the information in the created session record. content. If not, it means that the current traffic is not the traffic of interest; mark it as not interesting, that is, the traffic orchestration mark indicates that the current traffic is not the traffic of interest; find the route and record it in the created session record; press the created session record Information execution subsequent content. Determine whether the current traffic is interesting traffic based on the tags (traffic orchestration tags) in the session record. If not, it will be forwarded based on the route in the session record corresponding to the current traffic. If so, the next destination device is determined according to the session record corresponding to the current flow, that is, the next destination device is determined according to the preset destination device sequence table recorded in the session record corresponding to the current flow. Specifically, the method described in the above embodiment can be used to determine the next destination device. Modify the destination MAC address of the packets of the current flow to the MAC address of the determined next destination device and modify the source MAC address of the packets of the current flow to the MAC address of the device running the method for traffic orchestration, and change the current Traffic is sent to the determined next destination device. The next destination device receives the current traffic analysis and then returns the current traffic, that is, it receives the current traffic again. Among them, the routing address for returning current traffic from the next destination device can be set in advance. Determine whether the next destination device is the last destination device according to the session record, that is, determine whether the next destination device is the last destination device according to the preset destination device sequence table recorded in the session record. Specifically, see what is described in the above embodiment. method. If so, it will be forwarded based on the route in the session record corresponding to the current traffic. If not, return to the step of "Determine the next destination device based on the session record corresponding to the current traffic" and continue to repeat the subsequent content. At this time, the next destination device becomes the current destination device that the current traffic has just entered. After forwarding according to the route in the session record corresponding to the current traffic, the destination server receives the current traffic.
采用本发明实施例提供的技术方案可以实现识别对应的流量(也就是对 流量进行筛选),不着急转发到真正的目的地,而是先依次过要编排的设备,如图3所示,流量依次过IDS、WAF,最后到达目的服务器。其中,在图3中,流量编排系统即为本发明实施例提供的用于流量编排的方法对应的产品。The technical solution provided by the embodiment of the present invention can be used to identify the corresponding traffic (that is, to filter the traffic), without rushing to forward it to the real destination, but first through the devices to be arranged in sequence. As shown in Figure 3, the traffic Pass through IDS, WAF in turn, and finally reach the destination server. Among them, in Figure 3, the traffic orchestration system is the product corresponding to the method for traffic orchestration provided by the embodiment of the present invention.
本发明实施例提供的技术方案可以解决交换机流量镜像功能的不足,实现细颗粒度的识别流量,并且将识别出来的流量按自定义顺序依次导入指定的设备进行分析。The technical solution provided by the embodiment of the present invention can solve the deficiencies of the switch's traffic mirroring function, realize fine-grained identification of traffic, and import the identified traffic into designated devices in a customized order for analysis.
相应地,本发明实施例的另一方面提供一种用于流量编排的装置。Accordingly, another aspect of the embodiment of the present invention provides an apparatus for traffic orchestration.
图4是本发明另一实施例提供的用于流量编排的装置的结构框图。如图4所示,该装置包括流量判断模块1、预设目的设备顺序表确定模块2和控制模块3。其中,流量判断模块1用于判断接收到的当前流量是否是预设要编排的流量;预设目的设备顺序表确定模块2用于在当前流量是预设要编排的流量的情况下,确定对当前流量进行编排对应的预设目的设备顺序表;控制模块3用于控制当前流量依次进入预设目的设备顺序表中的目的设备,以对当前流量进行编排。Figure 4 is a structural block diagram of a device for traffic orchestration provided by another embodiment of the present invention. As shown in Figure 4, the device includes a flow judgment module 1, a preset destination equipment sequence table determination module 2 and a control module 3. Among them, the traffic judgment module 1 is used to judge whether the current received traffic is a preset flow to be arranged; the preset destination device sequence table determination module 2 is used to determine whether the current flow is a preset flow to be arranged. The current traffic is arranged in a corresponding preset destination device sequence table; the control module 3 is used to control the current traffic to enter the destination devices in the preset destination device sequence table in order to arrange the current traffic.
可选地,在本发明实施例中,流量判断模块判断当前流量是否是预设要编排的流量包括:根据以下任一者判断当前流量是否是预设要编排的流量:当前流量对应的标识信息是否是预设标识信息以及当前流量对应的会话记录中的流量编排标记,其中,流量编排标记表明对应的流量是否是预设要编排的流量。Optionally, in the embodiment of the present invention, the flow judgment module determines whether the current flow is the preset flow to be arranged, including: judging whether the current flow is the preset flow to be arranged according to any of the following: identification information corresponding to the current flow Whether it is preset identification information and the traffic orchestration mark in the session record corresponding to the current traffic, where the traffic orchestration mark indicates whether the corresponding traffic is preset traffic to be orchestrated.
可选地,在本发明实施例中,标识信息是五元组信息或数据字符串或特征码,预设标识信息是预设五元组信息或预设数据字符串或预设特征码。Optionally, in the embodiment of the present invention, the identification information is five-tuple information, a data string, or a feature code, and the preset identification information is preset five-tuple information, a preset data string, or a preset feature code.
可选地,在本发明实施例中,该装置还包括:流量编排标记获取模块,用于在根据当前流量对应的会话记录中的流量编排标记判断当前流量是否 是预设要编排的流量的情况下,在根据流量编排标记判断当前流量是否是预设要编排的流量之前,获取当前流量对应的流量编排标记。Optionally, in the embodiment of the present invention, the device further includes: a traffic orchestration mark acquisition module, used to determine whether the current flow is preset traffic to be orchestrated based on the traffic orchestration mark in the session record corresponding to the current flow. Next, before judging whether the current traffic is the preset traffic to be orchestrated based on the traffic orchestration tag, obtain the traffic orchestration tag corresponding to the current flow.
可选地,在本发明实施例中,流量编排标记获取模块获取当前流量对应的流量编排标记包括:判断当前流量是否是首次流量;以及在当前流量是首次流量的情况下,针对当前流量创建会话记录并在所创建的会话记录中建立流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取当前流量对应的流量编排标记;和/或在当前流量不是首次流量的情况下,获取当前流量对应的历史会话记录中的流量编排标记以获取当前流量对应的流量编排标记。Optionally, in the embodiment of the present invention, the traffic orchestration mark acquisition module obtains the traffic orchestration mark corresponding to the current flow, including: determining whether the current flow is the first time traffic; and if the current flow is the first time traffic, creating a session for the current flow. Record and create a traffic orchestration mark in the created session record, obtain the created traffic orchestration mark from the created session record, to obtain the traffic orchestration mark corresponding to the current flow; and/or when the current flow is not the first traffic flow Next, obtain the traffic orchestration tags in the historical session records corresponding to the current traffic to obtain the traffic orchestration tags corresponding to the current traffic.
可选地,在本发明实施例中,控制模块控制当前流量依次进入预设目的设备顺序表中的目的设备包括:确定当前流量将进入的下一目的设备;将当前流量引至所确定的下一目的设备,以使得当前流量进入所确定的下一目的设备;再次接收当前流量,其中,再次接收当前流量为从所确定的下一目的设备进行接收;判断所确定的下一目的设备是否是预设目的设备顺序表中的最后目的设备;在所确定的下一目的设备是最后目的设备的情况下,完成控制当前流量依次进入预设目的设备顺序表中的目的设备;以及在所确定的下一目的设备不是最后目的设备的情况下,重复关于确定下一目的设备、将当前流量引至所确定的下一目的设备、再次接收当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是所述最后目的设备。Optionally, in the embodiment of the present invention, the control module controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes: determining the next destination device that the current traffic will enter; and directing the current traffic to the determined next destination device. A destination device, so that the current traffic enters the determined next destination device; receiving the current traffic again, wherein receiving the current traffic again is receiving from the determined next destination device; judging whether the determined next destination device is The last destination device in the preset destination device sequence list; when the determined next destination device is the last destination device, complete the control of the current traffic entering the destination device in the preset destination device sequence list; and in the determined next destination device If the next destination device is not the last destination device, repeat the operations of determining the next destination device, directing the current traffic to the determined next destination device, receiving the current traffic again, and determining whether it is the last destination device until the determined next destination device is determined. The next destination device is the last destination device.
可选地,在本发明实施例中,将当前流量引至所确定的下一目的设备包括:将当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址。Optionally, in this embodiment of the present invention, directing the current traffic to the determined next destination device includes: modifying the destination MAC address of the packets of the current flow to the MAC address of the determined next destination device and changing the current The source MAC address of the traffic packets is modified to the MAC address of the device running the method used for traffic orchestration.
本发明实施例提供的用于流量编排的装置的具体工作原理及益处与本发明实施例提供的用于流量编排的方法的具体工作原理及益处相似,这里将不再赘述。The specific working principles and benefits of the device for traffic orchestration provided by the embodiment of the present invention are similar to the specific working principles and benefits of the method for traffic orchestration provided by the embodiment of the present invention, and will not be described again here.
所述用于流量编排的装置包括处理器和存储器,流量判断模块、预设目的设备顺序表确定模块和控制模块等均作为程序单元存储在存储器中,由处理器执行存储在存储器中的上述程序单元来实现相应的功能。The device for traffic orchestration includes a processor and a memory. The traffic judgment module, the preset destination device sequence table determination module and the control module are all stored in the memory as program units. The processor executes the above programs stored in the memory. units to implement corresponding functions.
处理器中包含内核,由内核去存储器中调取相应的程序单元。内核可以设置一个或以上,通过调整内核参数来对接收到的流量进行筛选,非全部流量都被进行编排,以实现细颗粒度的流编排。The processor contains a core, which retrieves the corresponding program unit from the memory. The kernel can set one or more kernel parameters to filter the received traffic. Not all traffic will be orchestrated to achieve fine-grained flow orchestration.
存储器可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM),存储器包括至少一个存储芯片。Memory may include non-permanent memory in computer-readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). The memory includes at least one memory chip.
此外,本发明实施例的另一方面还提供一种机器可读存储介质,该机器可读存储介质上存储有指令,该指令用于使得机器执行上述实施例中所述的方法。In addition, another aspect of the embodiments of the present invention also provides a machine-readable storage medium. The machine-readable storage medium stores instructions. The instructions are used to cause the machine to execute the method described in the above embodiments.
另外,本发明实施例的另一方面还提供一种处理器,用于运行程序,其中,所述程序被运行时用于执行上述实施例中所述的方法。In addition, another aspect of the embodiment of the present invention also provides a processor for running a program, wherein the program is used to perform the method described in the above embodiment when run.
此外,本发明实施例的另一方面还提供一种设备,设备包括处理器、存储器及存储在存储器上并可在处理器上运行的程序,处理器执行程序时实现上述实施例中所述的方法。本文中的设备可以是服务器、PC、PAD、手机等。In addition, another aspect of the embodiment of the present invention also provides a device. The device includes a processor, a memory, and a program stored in the memory and executable on the processor. When the processor executes the program, it implements the steps described in the above embodiment. method. The devices in this article can be servers, PCs, PADs, mobile phones, etc.
另外,本发明实施例的另一方面还提供一种计算机程序产品,当在数据处理设备上执行时,适于执行初始化有上述实施例中所述的方法步骤的程序:In addition, another aspect of the embodiments of the present invention also provides a computer program product, which, when executed on a data processing device, is suitable for executing a program initialized with the method steps described in the above embodiments:
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或 计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will understand that embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
存储器可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。存储器是计算机可读介质的示例。Memory may include non-volatile memory in computer-readable media, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information. Information may be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory. (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprises," "comprises," or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements not only includes those elements, but also includes Other elements are not expressly listed or are inherent to the process, method, article or equipment. Without further limitation, an element qualified by the statement "comprises a..." does not exclude the presence of additional identical elements in the process, method, good, or device that includes the element.
以上仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above are only examples of the present application and are not used to limit the present application. To those skilled in the art, various modifications and variations may be made to this application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this application shall be included in the scope of the claims of this application.

Claims (16)

  1. 一种用于流量编排的方法,其特征在于,该方法包括:A method for traffic orchestration, characterized in that the method includes:
    判断接收到的当前流量是否是预设要编排的流量;Determine whether the current traffic received is the preset traffic to be arranged;
    在所述当前流量是所述预设要编排的流量的情况下,确定对所述当前流量进行编排对应的预设目的设备顺序表;以及When the current traffic is the preset traffic to be arranged, determine a preset destination device sequence table corresponding to the arrangement of the current traffic; and
    控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备,以对所述当前流量进行编排。Control the current traffic to sequentially enter the destination devices in the preset destination device sequence list to arrange the current traffic.
  2. 根据权利要求1所述的方法,其特征在于,判断所述当前流量是否是所述预设要编排的流量包括:The method according to claim 1, characterized in that determining whether the current traffic is the preset traffic to be arranged includes:
    根据以下任一者判断所述当前流量是否是所述预设要编排的流量:所述当前流量对应的标识信息是否是预设标识信息以及所述当前流量对应的会话记录中的流量编排标记,其中,所述流量编排标记表明对应的流量是否是所述预设要编排的流量。Determine whether the current traffic is the preset traffic to be arranged according to any of the following: whether the identification information corresponding to the current flow is the preset identification information and the traffic orchestration mark in the session record corresponding to the current flow, Wherein, the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
  3. 根据权利要求2所述的方法,其特征在于,所述标识信息是五元组信息或数据字符串或特征码,所述预设标识信息是预设五元组信息或预设数据字符串或预设特征码。The method according to claim 2, characterized in that the identification information is quintuple information or data string or feature code, and the preset identification information is preset quintuple information or preset data string or Default feature code.
  4. 根据权利要求2所述的方法,其特征在于,在根据所述当前流量对应的会话记录中的流量编排标记判断所述当前流量是否是所述预设要编排的流量的情况下,在根据所述流量编排标记判断所述当前流量是否是所述预设要编排的流量之前,该方法还包括:The method according to claim 2, characterized in that, in the case of determining whether the current traffic is the preset traffic to be arranged according to the traffic orchestration mark in the session record corresponding to the current traffic, Before using the traffic orchestration mark to determine whether the current traffic is the preset traffic to be orchestrated, the method further includes:
    获取所述当前流量对应的所述流量编排标记。Obtain the traffic orchestration mark corresponding to the current traffic.
  5. 根据权利要求4所述的方法,其特征在于,所述获取所述当前流量对应的所述流量编排标记包括:The method according to claim 4, wherein said obtaining the traffic orchestration mark corresponding to the current traffic includes:
    判断所述当前流量是否是首次流量;以及Determine whether the current traffic is the first traffic; and
    在所述当前流量是所述首次流量的情况下,针对所述当前流量创建会话记录并在所创建的会话记录中建立所述流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取所述当前流量对应的所述流量编排标记;和/或When the current traffic is the first time traffic, create a session record for the current traffic, establish the traffic orchestration mark in the created session record, and obtain the established traffic orchestration from the created session record. mark to obtain the traffic orchestration mark corresponding to the current traffic; and/or
    在所述当前流量不是所述首次流量的情况下,获取所述当前流量对应的历史会话记 录中的流量编排标记以获取所述当前流量对应的所述流量编排标记。If the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
  6. 根据权利要求1所述的方法,其特征在于,所述控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备包括:The method according to claim 1, wherein the controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes:
    确定所述当前流量将进入的下一目的设备;Determine the next destination device that the current traffic will enter;
    将所述当前流量引至所确定的下一目的设备,以使得所述当前流量进入所确定的下一目的设备;Direct the current traffic to the determined next destination device, so that the current traffic enters the determined next destination device;
    再次接收所述当前流量,其中,再次接收所述当前流量为从所确定的下一目的设备进行接收;Receive the current traffic again, wherein receiving the current traffic again is from the determined next destination device;
    判断所确定的下一目的设备是否是所述预设目的设备顺序表中的最后目的设备;Determine whether the determined next destination device is the last destination device in the preset destination device sequence list;
    在所确定的下一目的设备是所述最后目的设备的情况下,完成控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备;以及In the case where the determined next destination device is the last destination device, complete controlling the current traffic to enter the destination devices in the preset destination device sequence list in sequence; and
    在所确定的下一目的设备不是所述最后目的设备的情况下,重复关于确定下一目的设备、将所述当前流量引至所确定的下一目的设备、再次接收所述当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是所述最后目的设备。If the determined next destination device is not the last destination device, repeat the steps of determining the next destination device, directing the current traffic to the determined next destination device, receiving the current traffic again, and determining whether is the operation of the last destination device until the determined next destination device is the last destination device.
  7. 根据权利要求6所述的方法,其特征在于,所述将所述当前流量引至所确定的下一目的设备包括:The method according to claim 6, characterized in that said directing the current traffic to the determined next destination device includes:
    将所述当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将所述当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址。Modify the destination MAC address of the packet of the current flow to the MAC address of the determined next destination device and modify the source MAC address of the packet of the current flow to the MAC of the device running the method for traffic orchestration address.
  8. 一种用于流量编排的装置,其特征在于,该装置包括:A device for traffic orchestration, characterized in that the device includes:
    流量判断模块,用于判断接收到的当前流量是否是预设要编排的流量;The traffic judgment module is used to judge whether the current traffic received is the preset traffic to be arranged;
    预设目的设备顺序表确定模块,用于在所述当前流量是所述预设要编排的流量的情况下,确定对所述当前流量进行编排对应的预设目的设备顺序表;以及A preset destination device sequence table determination module, configured to determine a preset destination device sequence table corresponding to the arrangement of the current traffic when the current traffic is the preset traffic to be arranged; and
    控制模块,用于控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备,以对所述当前流量进行编排。A control module configured to control the current traffic to sequentially enter the destination devices in the preset destination device sequence table to arrange the current traffic.
  9. 根据权利要求8所述的装置,其特征在于,所述流量判断模块判断所述当前流 量是否是所述预设要编排的流量包括:The device according to claim 8, wherein the flow determination module determines whether the current flow is the preset flow to be arranged including:
    根据以下任一者判断所述当前流量是否是所述预设要编排的流量:所述当前流量对应的标识信息是否是预设标识信息以及所述当前流量对应的会话记录中的流量编排标记,其中,所述流量编排标记表明对应的流量是否是所述预设要编排的流量。Determine whether the current traffic is the preset traffic to be arranged according to any of the following: whether the identification information corresponding to the current flow is the preset identification information and the traffic orchestration mark in the session record corresponding to the current flow, Wherein, the traffic orchestration mark indicates whether the corresponding traffic is the preset traffic to be orchestrated.
  10. 根据权利要求9所述的装置,其特征在于,所述标识信息是五元组信息或数据字符串或特征码,所述预设标识信息是预设五元组信息或预设数据字符串或预设特征码。The device according to claim 9, characterized in that the identification information is five-tuple information or a data string or a feature code, and the preset identification information is preset five-tuple information or a preset data string or Default feature code.
  11. 根据权利要求9所述的装置,其特征在于,该装置还包括:The device of claim 9, further comprising:
    流量编排标记获取模块,用于在根据所述当前流量对应的会话记录中的流量编排标记判断所述当前流量是否是所述预设要编排的流量的情况下,在根据所述流量编排标记判断所述当前流量是否是所述预设要编排的流量之前,获取所述当前流量对应的所述流量编排标记。A traffic orchestration mark acquisition module, configured to determine whether the current traffic is the preset traffic to be orchestrated according to the traffic orchestration mark in the session record corresponding to the current traffic, and determine according to the traffic orchestration mark. Before determining whether the current traffic is the preset traffic to be arranged, the traffic orchestration mark corresponding to the current traffic is obtained.
  12. 根据权利要求11所述的装置,其特征在于,所述流量编排标记获取模块获取所述当前流量对应的所述流量编排标记包括:The device according to claim 11, wherein the traffic orchestration mark acquisition module obtains the traffic orchestration mark corresponding to the current traffic including:
    判断所述当前流量是否是首次流量;以及Determine whether the current traffic is the first traffic; and
    在所述当前流量是所述首次流量的情况下,针对所述当前流量创建会话记录并在所创建的会话记录中建立所述流量编排标记,从所创建的会话记录中获取所建立的流量编排标记,以获取所述当前流量对应的所述流量编排标记;和/或When the current traffic is the first time traffic, create a session record for the current traffic, establish the traffic orchestration mark in the created session record, and obtain the established traffic orchestration from the created session record. mark to obtain the traffic orchestration mark corresponding to the current traffic; and/or
    在所述当前流量不是所述首次流量的情况下,获取所述当前流量对应的历史会话记录中的流量编排标记以获取所述当前流量对应的所述流量编排标记。If the current traffic is not the first traffic, obtain the traffic orchestration mark in the historical session record corresponding to the current traffic to obtain the traffic orchestration mark corresponding to the current traffic.
  13. 根据权利要求8所述的装置,其特征在于,所述控制模块控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备包括:The device according to claim 8, wherein the control module controlling the current traffic to sequentially enter the destination devices in the preset destination device sequence table includes:
    确定所述当前流量将进入的下一目的设备;Determine the next destination device that the current traffic will enter;
    将所述当前流量引至所确定的下一目的设备,以使得所述当前流量进入所确定的下一目的设备;Direct the current traffic to the determined next destination device, so that the current traffic enters the determined next destination device;
    再次接收所述当前流量,其中,再次接收所述当前流量为从所确定的下一目的设备进行接收;Receive the current traffic again, wherein receiving the current traffic again is from the determined next destination device;
    判断所确定的下一目的设备是否是所述预设目的设备顺序表中的最后目的设备;Determine whether the determined next destination device is the last destination device in the preset destination device sequence list;
    在所确定的下一目的设备是所述最后目的设备的情况下,完成控制所述当前流量依次进入所述预设目的设备顺序表中的目的设备;以及In the case where the determined next destination device is the last destination device, complete controlling the current traffic to enter the destination devices in the preset destination device sequence list in sequence; and
    在所确定的下一目的设备不是所述最后目的设备的情况下,重复关于确定下一目的设备、将所述当前流量引至所确定的下一目的设备、再次接收所述当前流量及判断是否是最后目的设备的操作,直到所确定的下一目的设备是所述最后目的设备。If the determined next destination device is not the last destination device, repeat the steps of determining the next destination device, directing the current traffic to the determined next destination device, receiving the current traffic again, and determining whether is the operation of the last destination device until the determined next destination device is the last destination device.
  14. 根据权利要求13所述的装置,其特征在于,所述将所述当前流量引至所确定的下一目的设备包括:The device according to claim 13, characterized in that said directing the current traffic to the determined next destination device includes:
    将所述当前流量的报文的目的MAC地址修改为所确定的下一目的设备的MAC地址以及将所述当前流量的报文的源MAC地址修改为运行用于流量编排的方法的设备的MAC地址。Modify the destination MAC address of the packet of the current flow to the MAC address of the determined next destination device and modify the source MAC address of the packet of the current flow to the MAC of the device running the method for traffic orchestration address.
  15. 一种机器可读存储介质,其特征在于,该机器可读存储介质上存储有指令,该指令用于使得机器执行权利要求1-7中任一项所述的方法。A machine-readable storage medium, characterized in that instructions are stored on the machine-readable storage medium, and the instructions are used to cause the machine to execute the method described in any one of claims 1-7.
  16. 一种处理器,其特征在于,用于运行程序,其中,所述程序被运行时用于执行权利要求1-7中任一项所述的方法。A processor, characterized in that it is used to run a program, wherein when the program is run, it is used to perform the method according to any one of claims 1-7.
PCT/CN2022/103302 2022-06-23 2022-07-01 Method and apparatus for traffic orchestration WO2023245721A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210715957.9A CN114827045B (en) 2022-06-23 2022-06-23 Method and device for flow arrangement
CN202210715957.9 2022-06-23

Publications (1)

Publication Number Publication Date
WO2023245721A1 true WO2023245721A1 (en) 2023-12-28

Family

ID=82521590

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/103302 WO2023245721A1 (en) 2022-06-23 2022-07-01 Method and apparatus for traffic orchestration

Country Status (2)

Country Link
CN (1) CN114827045B (en)
WO (1) WO2023245721A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294866A1 (en) * 2011-02-16 2016-10-06 Fortinet, Inc. Load balancing in a network with session information
CN107819683A (en) * 2017-10-25 2018-03-20 杭州安恒信息技术有限公司 Realize the method, apparatus and electronic equipment of tenant's service traffics layout in secure resources pond
CN112822037A (en) * 2020-12-30 2021-05-18 绿盟科技集团股份有限公司 Flow arrangement method and system for security resource pool
CN114338193A (en) * 2021-12-31 2022-04-12 北京天融信网络安全技术有限公司 Flow arrangement method and device and ovn flow arrangement system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610264B (en) * 2009-07-24 2011-12-07 深圳市永达电子股份有限公司 Firewall system, safety service platform and firewall system management method
CN108092934A (en) * 2016-11-21 2018-05-29 中国移动通信有限公司研究院 Safety service system and method
CN107896195B (en) * 2017-11-16 2020-04-24 锐捷网络股份有限公司 Service chain arranging method and device and service chain topological structure system
CN111163004B (en) * 2019-12-31 2023-03-31 奇安信科技集团股份有限公司 Service chain data processing method and device and computer equipment
CN112104540A (en) * 2020-09-08 2020-12-18 中国电子科技集团公司第五十四研究所 Cross-domain resource dynamic arranging method and cross-domain interconnection system
CN112910705B (en) * 2021-02-02 2023-04-07 杭州安恒信息技术股份有限公司 Method, device and storage medium for arranging network flow

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294866A1 (en) * 2011-02-16 2016-10-06 Fortinet, Inc. Load balancing in a network with session information
CN107819683A (en) * 2017-10-25 2018-03-20 杭州安恒信息技术有限公司 Realize the method, apparatus and electronic equipment of tenant's service traffics layout in secure resources pond
CN112822037A (en) * 2020-12-30 2021-05-18 绿盟科技集团股份有限公司 Flow arrangement method and system for security resource pool
CN114338193A (en) * 2021-12-31 2022-04-12 北京天融信网络安全技术有限公司 Flow arrangement method and device and ovn flow arrangement system

Also Published As

Publication number Publication date
CN114827045A (en) 2022-07-29
CN114827045B (en) 2022-09-13

Similar Documents

Publication Publication Date Title
US20190075049A1 (en) Determining Direction of Network Sessions
US10133591B2 (en) Network traffic data in virtualized environments
US10547674B2 (en) Methods and systems for network flow analysis
WO2018001269A1 (en) Method of processing cloud resource, and physical node
CN110943961B (en) Data processing method, device and storage medium
KR102580898B1 (en) System and method for selectively collecting computer forensics data using DNS messages
JP7320572B2 (en) Collection and Processing of Context Attributes on the Host
JP6740379B2 (en) Botmaster discovery system and method
US20220094633A1 (en) Method and system for traffic scheduling
US20190260837A1 (en) Method and system of data packet transmission
CN107770221B (en) Data transmission method, server conversion device, client conversion device and system
EP3427452A1 (en) System and method for implementing virtual platform media access control (mac) address-based layer 3 network switching
US11616759B2 (en) Increased coverage of application-based traffic classification with local and cloud classification services
WO2023245721A1 (en) Method and apparatus for traffic orchestration
US9473396B1 (en) System for steering data packets in communication network
JP7228712B2 (en) Abnormal host monitoring
JP2015164295A (en) Information transmission system, information communication apparatus, information transmission apparatus, and program
US7844731B1 (en) Systems and methods for address spacing in a firewall cluster
WO2016201780A1 (en) Gateway management method and apparatus
CN111083173B (en) Dynamic defense method in network communication based on openflow protocol
CN114301872A (en) Domain name based access method and device, electronic equipment and storage medium
CN112104566A (en) Load balancing processing method and device
CN111106982B (en) Information filtering method and device, electronic equipment and storage medium
US11949658B2 (en) Increased coverage of application-based traffic classification with local and cloud classification services
US20180027015A1 (en) System and method for identifying cyber-attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22947482

Country of ref document: EP

Kind code of ref document: A1