CN109861853A - A kind of management method and system of transmission device - Google Patents
A kind of management method and system of transmission device Download PDFInfo
- Publication number
- CN109861853A CN109861853A CN201910032303.4A CN201910032303A CN109861853A CN 109861853 A CN109861853 A CN 109861853A CN 201910032303 A CN201910032303 A CN 201910032303A CN 109861853 A CN109861853 A CN 109861853A
- Authority
- CN
- China
- Prior art keywords
- snmp
- transmission device
- mib
- management
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of management method of transmission device and systems, are related to field of communication technology.Management method includes: to receive network management or to be sent to it Simple Network Management Protocol snmp message, and transmitting-receiving to snmp message and processing are scheduled control;SNMP application layer issues the administration order to the management information bank MIB table of transmission device by underlying services interface, and receives the response results of the transmission device warning information reported and administration order;Wherein, the processing of snmp message includes: to synchronize processing or asynchronous multiple threads to different types of snmp message, administration order is obtained from the snmp message that network management issues, and response results and warning information are encapsulated as snmp message respectively.The present invention can efficiently handle a large amount of alarm datas, performance data and the configuration data of transmission device, realize the unified management to different type transmission device.
Description
Technical field
The present invention relates to fields of communication technology, are specifically related to the management method and system of a kind of transmission device.
Background technique
The alarm of conventional transmission equipment, performance, amount of configuration data are all very big, and the acquisition target definition of each producer is not also marked
It is quasi-.Currently, the management of conventional transmission equipment is substantially that each producer is realized using respective proprietary protocol in network element level level;
In network level, united net management largely uses northbound interface and is completed by osi model, realizes complexity, is applied to large size more
Network.But there is portions of client or private network user to use the transmission device networking of different manufacturers both at home and abroad, though conventional transmission equipment
So have network management function, but unified management is not implemented, and part army net also requires equipment level security and management function.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide a kind of management method of transmission device and
System can efficiently handle a large amount of alarm datas, performance data and the configuration data of transmission device, realize and pass to different type
The unified management of transfer device.
The present invention provides a kind of management method of transmission device comprising:
Receive and network management or be sent to it Simple Network Management Protocol snmp message, and transmitting-receiving to snmp message and handle into
Row scheduling controlling;
SNMP application layer issues the life of the management to the management information bank MIB of the transmission device by underlying services interface
It enables, and receives the response results of the transmission device warning information reported and the administration order;
Wherein, the processing of the snmp message includes:
Processing or asynchronous multiple threads, the institute issued from network management are synchronized to the different types of snmp message
It states and obtains the administration order in snmp message, and the response results and/or warning information are encapsulated as the SNMP and are disappeared
Breath.
Based on the above technical solution, the snmp message is received and dispatched by socket communication interface;
According to the release type of the snmp message, using corresponding message handling module to the agreement of the snmp message
Head and payload are packaged or decapsulation processing;
The MIB order of protocol Data Unit PDU in the payload is converted into the administration order, and by the response
As a result and/or warning information converted after be stored in PDU, wherein the MIB order for the MIB to the transmission device into
Row operation, the administration order is the call back function mapped one by one with the MIB order.
Based on the above technical solution, the encapsulation or decapsulation processing further include testing the protocol header
Card or the safety check based on security model, security model include semantic based query USM;
Before determining the administration order, according to the release type of the snmp message, binding variable is carried out to the PDU
The access control of legitimate verification or attribute based access control VACM.
Based on the above technical solution, the SNMP application layer is to the response results, warning information and management
Order is forwarded processing respectively.
The present invention also provides a kind of management systems of transmission device comprising:
Master control scheduler module is used between network management receive and dispatch snmp message by multi-protocol interface, and to snmp message
Transmitting-receiving and processing be scheduled control;
SNMP application layer is used to issue by underlying services interface to the management information bank MIB's of the transmission device
Administration order, and receive the response results of the transmission device warning information reported and the administration order;
Processing module is used to synchronize the different types of snmp message at processing or asynchronous multithreading
Reason, so that parsing obtains the administration order from the snmp message that network management issues, and by the response results and/or
Warning information is encapsulated as the snmp message.
Based on the above technical solution, the processing module includes:
The SNMP is received and dispatched by socket communication interface between information process unit, with the master control scheduler module to disappear
Breath;For the release type according to the snmp message, using corresponding message handling module to the agreement of the snmp message
Head and payload are packaged or decapsulation processing;
Local processing unit is used to the MIB order in the payload in protocol Data Unit PDU being converted to the pipe
Reason order, and PDU is stored in after the response results and/or warning information are converted, wherein the MIB order is used for
The MIB of the transmission device is operated, the administration order is the call back function mapped one by one with the MIB order.
Based on the above technical solution, the system also includes the user security modules based on security model, and
The access control module of attribute based access control VACM, the security model include semantic based query
USM;
The information process unit is also used to verify the protocol header or the user security module is called to be based on
The safety check of the security model;
The local processing unit is also used to carry out the PDU binding variable legitimate verification or calls the access
Control module carries out the processing of VACM access control.
Based on the above technical solution, the system also includes configuration data modules, for storing user's peace
The configuration data of full module and access control module.
Based on the above technical solution, the SNMP application layer includes that command response device and multiple MIB realize module;
Multiple MIB realize that module includes that USM MIB realizes that module, VACM MIB realize that module and V1/V2C MIB realize mould
Block is respectively used to be forwarded processing to the corresponding administration order and its response results;
Command response device receives the administration order that the local processing unit issues by internal interface, and will be described
Administration order is transmitted to the corresponding MIB and realizes module;It is also used to upload the sound that module forwards are realized by the MIB
Answer result.
Based on the above technical solution, the SNMP application layer further includes notice generator, and notice generator is used for
By warning information described in the underlying services interface, and it is transmitted to the processing locality module.
Compared with prior art, the management method of the transmission device of the embodiment of the present invention, receives and dispatches simple net between network management
Network management agreement (Simple Network Management Protocol, SNMP) message, and to the transmitting-receiving of snmp message and
Processing is scheduled control;SNMP application layer issues the management information bank to transmission device by underlying services interface
The administration order of (Management Information Base, MIB), and receive the warning information that reports of transmission device and
The response results of administration order;Wherein, the processing of snmp message include: to the snmp message of different editions synchronize processing or
The asynchronous multiple threads of person, so that parsing obtains administration order from the snmp message that network management issues, and by response results or
Person's warning information is encapsulated as snmp message.On the one hand, by serializing synchronization process mechanism or asynchronous multiple threads mechanism,
A large amount of alarm datas, performance data and the configuration data of transmission device can efficiently be handled;On the other hand, height is provided to seal
Dress, modular SNMP core protocol stack and network management standard interface are realized and are managed to the unified of different type transmission device
Reason.
Detailed description of the invention
Fig. 1 is the management method flow chart of transmission device of the embodiment of the present invention;
Fig. 2 is the specific flow chart of step S120;
Fig. 3 is the specific flow chart of step S124;
Fig. 4 is the specific flow chart of step S130;
Fig. 5 is the specific flow chart of step S134;
Fig. 6 is the management method flow chart of another embodiment of the present invention transmission device;
Fig. 7 is the management system schematic diagram of transmission device of the embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawing and specific embodiment the present invention is described in further detail.
The embodiment of the present invention provides a kind of management method of transmission device, is used for transmission equipment management, and transmission device can be with
It is optical transfer network (Optical Transport Network, OTN) equipment or Packet Transport Network (Packet Transport
Network, PTN) equipment, management type includes configuration management, performance management and alarm management, and management method includes:
Receive and network management or be sent to it Simple Network Management Protocol snmp message, and transmitting-receiving to snmp message and handle into
Row scheduling controlling.The snmp message that network management issues can be the configuration life configured to the management information bank MIB of transmission device
It enables, is also possible to obtain the acquisition order of the performance data in MIB.
Existing SNMP system is substantially all tri- versions of compatible SNMPv1, SNMPv2c and SNMPv3, and snmp message can be with
It is SNMPv1, SNMPv2c or SNMPv3 version.
SNMPv1 and SNMPv2c message is by destination address, version number, group's name and protocol Data Unit (Protocol
Data Unit, PDU) four parts constitute;SNMP V3 message by destination address, version number, secured user's name, security model,
Apart from current time at the time of number Engine Boots that engine Engine ID, engine are restarted, the last engine are restarted
Duration Engine Time and Scope PDU is constituted, wherein PDU generally by PDU type Type, request Request ID and is tied up
Determine variable V ariable bindings composition, Variable bindings is by multiple groups object identifier (Object
Identifier, OID) and value Value composition.Scope PDU=Context Engine ID+Context Name+PDU.
SNMP application layer issues the administration order to the management information bank MIB of transmission device by underlying services interface, with
And receive the response results of the transmission device warning information reported and administration order.Underlying services interface can be application program volume
Journey interface (Application Programming Interface, API).
Wherein, the processing of snmp message includes:
Processing is synchronized to different types of snmp message or asynchronous multiple threads, the SNMP issued from network management disappear
Administration order is obtained in breath, and response results and warning information are encapsulated as different snmp messages respectively, alternatively, will response
As a result a snmp message is encapsulated as with warning information.
Snmp protocol, which is substantially all, to be applied in access style equipment, and the normal data amount being related to is smaller, may be implemented
The unified management of more producer's access devices.Since the alarm of conventional transmission equipment, performance and amount of configuration data are all very big, it is based on
The management method of the access style equipment of snmp protocol is difficult to meet the management needs of transmission device.
The management method of transmission device of the embodiment of the present invention, based on the SNMP core including SNMP engine and SNMP application layer
Protocol stack, wherein SNMP engine receives network management or is sent to it snmp message, handles snmp message, and disappear to SNMP
The transmitting-receiving and processing of breath are scheduled control;Warning information, pipe of the SNMP application layer by underlying services interface to transmission device
Reason order and its response results are forwarded.On the one hand, pass through serialization synchronization process mechanism or asynchronous multi-theread processor
System, can efficiently handle a large amount of alarm datas, performance data and the configuration data of transmission device;On the other hand, height is provided
Encapsulation, modular SNMP core protocol stack and network management standard interface realize the unification to different type transmission device
Management.
Preferably, the processing of snmp message includes:
Snmp message is received and dispatched by socket communication interface.
According to the release type of snmp message, using corresponding message handling module to the protocol header and payload of snmp message
It is packaged perhaps decapsulation processing and carries out the safety check verified or based on security model, security model packet to protocol header
Include semantic based query (User-Based Security Model, USM).Message handling module includes that SNMPv1 disappears
Breath processing model, SNMPv2c message handling module and SNMPv3 message handling module.
After passing through to the safety check that protocol header verify or based on security model, according to the version of snmp message
Type carries out binding variable legitimate verification to protocol Data Unit (Protocol Data Unit, PDU) or is based on view
Access control model (View-Based Access Control Model, VACM) access control, by agreement number in payload
Administration order is converted to according to the MIB order of unit PDU, and is stored in after response results and/or warning information are converted
PDU, wherein MIB table of the MIB order for transmission device operates, and administration order is time mapped one by one with MIB order
Letter of transfer number.
The snmp message that network management issues carries the MIB order operated to the management information bank MIB of transmission device,
MIB order includes the acquisition order of configuration order and performance data.When MIB order is configuration order, to the pipe of transmission device
Reason information bank MIB is configured, and when MIB order is that performance data obtains order, obtains the performance data in MIB.MIB order
GET, GET NEXT, GET BULK and SET order including snmp protocol.
By mapping relations predetermined, MIB order is converted into corresponding administration order, wherein take in MIB order
The specific OID information of MIB with transmission device, administration order are corresponding call back function, and call back function carries specific with this
The corresponding parameter of OID information, therefore, after administration order is handed down to transmission device by SNMP application layer, transmission device according to
Above-mentioned mapping relations predetermined execute administration order and return response result.Therefore, SNMP application can be further simplified
The underlying services interface and internal interface with upper layer SNMP engine of layer provide height encapsulation, modular SNMP core association
Stack and network management standard interface are discussed, realizes the unified management to different type transmission device.
Preferably, SNMP application layer is to response results, warning information and the administration order point handled by security control
It is not forwarded processing, wherein security control processing includes protocol header verifying, the safety check based on security model, binding change
Measure legitimate verification and VACM access control.
The configuration management of transmission device, performance management and alarm management are illustrated respectively below, it is shown in Figure 1,
The management method of configuration management and performance management is essentially identical, comprising the following steps:
S110 receives the snmp message that network management issues by multi-protocol interface.
Specifically, multi-protocol interface includes privately owned/standard SNMP protocol, hypertext transfer protocol (Hyper Text
Transfer Protocol, HTTP) and order line agreement etc..
S120 carries out decapsulation processing to different types of snmp message.
Preferably, adaptation layer can be pre-created, and receive and dispatch function creation set using socket in adaptation layer
Connect word communication interface.Snmp message is received and dispatched by socket communication interface to encapsulate and shield different development platforms, such as
Vxworks platform and Linux platform.
In addition, for SNMPv1, SNMPv2c and SNMPv3 release type, be pre-created SNMPv1 message handling module,
SNMPv2c message handling module and SNMPv3 message handling module.Respectively using corresponding message handling module to snmp message
Decapsulation processing is carried out, the protocol header and payload of snmp message are respectively obtained.
By socket communication interface and multiple message handling modules, to the scheduling strategy of transmitting-receiving and the processing of snmp message
It is preferred that compared with asynchronous multithreading, task priority is lower, therefore, to systematicness using serialization synchronization process mechanism
It can not have much affect, will not additionally increase the load of central processing unit (Central Processing Unit, CPU).
In other implementations, in order to realize the safety management to snmp message, snmp message is verified, such as
Fruit then receives the snmp message by verifying, otherwise refuses the snmp message, terminates process.
Shown in Figure 2, step S120 is specifically included:
S121 reads snmp message.
S122 checks the release type of snmp message, if the snmp message has illegal version number, process terminates;Such as
The fruit snmp message is SNMPv1 message or SNMPv2c message, enters step S123;If the snmp message is that SNMPv3 disappears
Breath, enters step S124.
S123 verifies the protocol header of SNMPv1 message or SNMPv2c message, if being verified, enters step
S130;If verifying does not pass through, process terminates.
S124 carries out USM safety verification and enters step S130 if being verified;If verifying does not pass through, process knot
Beam.
Compared with SNMPv1 and SNMPv2c, SNMPv3 increases three new security mechanisms: authentication, data encryption
And access control.Wherein, authentication refers to must confirm that snmp message is first when agency (management station) is connected to snmp message
It is no from the management station having the right (agency), and information unaltered process in transmission process.Realize this functional requirement
Management station and agency must share same key.Management station uses cipher key calculation identifying code (function of snmp message), then will
It is added in snmp message, and acts on behalf of and then extract identifying code from received snmp message using same key, to obtain
Snmp message.The process of data encryption is similar with authentication, it is also desirable to which management station and agency share same key to realize letter
The encryption and decryption of breath.
SNMPv3 uses the security model of USM, can also be using other security models in addition to USM.Security model is used for
Handle the target of threat, service that it is taken precautions against and to provide security protocol used by security service, such as authentication protocol and hidden
Private agreement.Mechanism, process and mib object used by security protocol is pointed out to provide security service, pass through the use of traditional concept
Family (identifies) Lai Guanlian security information by user name, such as using HMAC-MD5-96 and HMAC-SHA-96 as authentication protocol,
Cipher block chaining-data encryption standards (Cipher Block Chaining-Data Encryption Standard, CBC-
DES) it is used as secret agreement.Security protocol is divided into three subfunctions, and each subfunction has specific responsibility, common to complete peace
Full service.It is defined as follows:
1) user authentication: guaranteeing data integrity, and carries out the initial authentication of user information, belongs to International Standard group
Part, the specific step that executes are provided by RFC2574;
2) time window is verified: prevention message delay repeats to bring network attack, belongs to International Standard component, specifically
Step is executed to be provided by RFC2574;
3) secret is verified: guarantee the correctness and integrality of private message, belongs to International Standard component, it is specific to execute
Step is provided by RFC2574.
It, can also be using other security protocols except above-mentioned agreement.
Shown in Figure 3, step S124 is specifically included:
S1241 judges whether user authentication passes through, if so, entering step S1242;If it is not, returning to failure information, process knot
Beam.
S1242 judges that time window verifies whether to pass through, if so, entering step S1243;If it is not, returning to failure information, process
Terminate.
S1243 judges that secret verifies whether to pass through, if so, entering step S130;If it is not, returning to failure information, process knot
Beam.
S130 parses the PDU in the payload of snmp message, obtains the life of the management to the management information bank MIB of transmission device
It enables.
In order to realize the safety management of snmp protocol, the control that accesses to snmp message is needed.It is shown in Figure 4, step
Rapid S130 is specifically included:
S131 obtains PDU.
S132 checks and judges the release type of snmp message, if the snmp message has illegal version number, process
Terminate;If the snmp message is SNMPv1 message or SNMPv2c message, S133 is entered step;If the snmp message is
SNMPv3 message, enters step S134.
S133 carries out binding variable legitimate verification and enters step S135 if passed through;If not over flowing
Journey terminates.
Specifically, the binding variable Variable bindings in PDU is made of multiple groups OID and value Value, that is, receiving
To snmp message PDU in, the OID in binding variable Variable bindings belongs to pre-registered MIB tree construction,
The pre-registered MIB tree construction is the MIB that the transmission device to come into force is registered in initial configuration.
The access control that S134 carries out attribute based access control VACM enters step S135 if passed through;
If not over process terminates.
Attribute based access control VACM is specific access control subsystem model defined in SNMPV3, packet
Include following important parameter:
1) group
Group defines the access mode of snmp management object, by (<security model, secured name>) composition or null value.
The associated rights based on securityName are contained in group.The combination of securityModel and securityName constitutes
The concept of group, group have unique mark groupName.In access control model, securityName, which can be used as, to be authenticated
Element use, do not need additional certification.Attribute based access control by securityModel and
SecurityName is verified as input.Access control model determine groupName be securityModel and
The parameter of securityName.
2) security level (securityLevel)
Member in group will be endowed different access authority, that is, setting security level, including noAuthNoPriv,
AuthNoPriv and authPriv.Security level will be used in during test access control authority.Access based on view
Control is needed in test access permission using securityLevel as the input of access control module.
3) context (Contexts)
The context of SNMP refers to the management information stored in a SNMP entity.One management information can store
In multiple SNMP contexts.One SNMP entity can possess multiple contexts.
Access control based on view defines vacmContextTable, wherein listing related to contextName
Local context.
4) MIB view and sets of views
Based on the considerations of safety factor, in the implementation of management level, it is granted to only the not all access authority of part group.For
It realizes this function, a SNMP context can be watched by " MIB view ", " MIB view " has formulated management object
The type of (being likely to be object after instantiation).For example, usually having a MIB view, it is provided in a context
For the management information of access control in addition, there are also other " MIB view ", they only include a part of of these management informations
Therefore, the access authority for authorizing group can realize its context needed by setting " the MIB view " of its group.Due to management
The type of object (and example) is to name structure description by the tree-shaped of ISO's OBJECT IDENTIFIERs [RFC2578]
, so view easily can be formed with sub- view.Therefore, simple MIB view is (such as all
Internet Network Management Framework manages object) it can define as a view subtree and multiple
View subtree can be with the view of complicated composition.
5) access mechanism
Attribute based access control determines the access authority of sets of views, by setting read view, write view and
It is notified to view, securityModel and securityLevel, different access rights is awarded in group (groupName indicates group name)
Limit.It reads view and gives the object instance for allowing group to be read.The operation of the object of reading occurs during reading (when the report of reading
When text is processed).It writes view and gives the object instance for allowing group to be write.The operation for the object write occurs during writing
(when the message write is processed).Notification view gives the object instance for allowing group to be notified to.It is notified to view to occur logical
During report (when notification message is processed).
Fig. 5 show the process flow of the view access control for SNMPv3 message, according to given context, safety
Model, security level, view type and OID check whether SNMP access is effective.Step S134 is specifically included:
The verifying of S1341 contextual information: checking that contextual information whether there is and whether legal, if passed through, into
Enter step S1342;If not over process terminates.
S1342 checks whether user information is legal, if so, entering step S1343;If it is not, then process terminates.
S1343 checks whether security level is correct, if so, entering step S1344;If it is not, then process terminates.
S1344 reads and writes view certification: whether the view name and OID in inspection view are correct, if so, entering step
S136;If it is not, then process terminates.
The MIB order of protocol Data Unit PDU in payload is converted to administration order by S135, wherein MIB order for pair
The MIB table of transmission device is operated, and administration order is the call back function mapped one by one with MIB order.
S136 issues administration order to SNMP application layer.
S140 SNMP application layer is forwarded processing to the administration order received.
Specifically, being then forwarded processing, security control processing respectively for the administration order by security control processing
Access control including safety check, Variable-Bindings legitimate verification and VACM.For example, USM MIB is arranged in SNMP application layer
It realizes that module, VACM MIB realize that module and V1/V2C MIB realize that multiple MIB such as module realize module, realizes to different management
The Parallel transmutation of order is handled, wherein USM MIB realizes that module and VACM MIB realize module for forwarding SNMPv3 message pair
The administration order answered, V1/V2C MIB realize that module is used to forward SNMPv1 message and the corresponding administration order of SNMPv2c message,
Inter-process efficiency is further increased, is solved leading to SNMP due to master-slave communication is unsmooth, internal processing logic is abnormal etc.
The process performance of protocol stack task lowly waits performance bottlenecks.
S150 SNMP application layer issues the management to the management information bank MIB table of transmission device by underlying services interface
Order.
After transmission device executes configuration order, configuration successful or failure information are returned.Transmission device executes in administration order
Performance data obtain order after, return performance data.The response results that transmission device reports include configuration successful, unsuccessfully believe
Breath and performance data.Specifically, transmission device reports response results by call back function above-mentioned.
Management method further include:
The response results that S210 SNMP application layer is reported by underlying services interface transmission device.
S220 SNMP application layer is forwarded processing to response results.
Specifically, USM MIB realizes that module and VACM MIB realize module for forwarding the corresponding management of SNMPv3 message
The response results of order, V1/V2C MIB realize module for forwarding SNMPv1 message and the corresponding management life of SNMPv2c message
The response results of order carry out Parallel transmutation processing to the response results of the administration order of different editions type, further increase interior
Portion's treatment effeciency is solved leading to snmp stack task due to master-slave communication is unsmooth, internal processing logic is abnormal etc.
Process performance lowly waits performance bottlenecks.
Response results are encapsulated as snmp message by S230.
Specifically, being stored in PDU, root after being converted response results according to the mapping relations of administration order and MIB order
According to the release type of snmp message, corresponding access control is carried out to snmp message, and use corresponding message handling module pair
The protocol header and payload of snmp message are packaged processing, and the PDU in payload carries the configuration successful information of return, unsuccessfully believes
Breath or treated performance data carry secure authentication information in protocol header, the secure authentication information and aforementioned decapsulation
In secure authentication information it is identical, repeat no more.
S240 reports snmp message to network management by multi-protocol interface.
In other examples, the management method of alarm management includes:
S310 SNMP application layer receives the warning information that transmission device reports.
Warning information includes TRAP message.With to aforementioned arrangements order and obtain command definition call back function similarly, it is right
Warning information pre-defines call back function, establishes mapping relations, and transmission device can pass through the call back function report and alarm information.
S320 SNMP application layer uploads warning information.
Warning information is encapsulated as snmp message by S330.
Specifically, extracting warning information from call back function, according to the release type of snmp message, warning information is carried out
Corresponding access control, and it is packaged processing using protocol header and payload of the corresponding message handling module to snmp message,
PDU in payload carries warning information, carries secure authentication information in protocol header, the secure authentication information and aforementioned deblocking
Secure authentication information in dress is identical, repeats no more.
S340 reports snmp message to network management by multi-protocol interface.
Another embodiment of the present invention provides a kind of management methods of transmission device, realize configuration management, property respectively aforementioned
On the basis of the embodiment with alarm management capable of being managed, management method includes:
S401 initializes snmp management parameter.
Specifically, snmp management parameter includes global data, global data is used to construct the snmp message reported to network management,
Global data is initialized to support IPV4 and IPV6 agreement, is realized during reception, processing and transmission snmp message to IPV4
With the processing of IPV6 data, the management that IPV4 and IPV6 agreement is supported on Vxworks platform is realized.
S402 creates task of timer.
Specifically, whether thering is TRAP message to need to be sent to network management for periodically detection transmission device.
S403 initializes TRAP message sink pipeline.
SNMP application layer reports TRAP message by the TRAP message sink pipeline.
S404 time window is synchronous.
More than the also untreated TRAP message in set time section of time window setting, can be dropped.
S405 judges whether to define SNMP transmission interface, if so, entering step S407;If it is not, entering step S406.
Specifically, SNMP transmission interface is generally defined in initial configuration, when not defining, then using the transmission of default
Interface function.
S406 bound socket Socket configures SNMP transmission interface.
SNMP transmission interface includes the multi-protocol interface between network management, and the socket of progress snmp message processing is logical
Believe interface.
S407 receives snmp message.
Specifically, the snmp message that network management issues is received by multi-protocol interface, and/or, pass through socket communication interface
Receive the snmp message returned from transmission device, wherein the snmp message returned from transmission device carries configuration successful information, matches
Failure information, treated performance data or warning information are set, warning information includes TRAP message.
S408 judges whether snmp message is TRAP message, if so, entering step S409;If it is not, entering step S410.
S409 handles TRAP message.
S410 is handled snmp message according to the release type and management type of snmp message.
Specifically, carrying out processing to snmp message includes previous embodiment configuration management, performance management and alarm management side
Method, which is not described herein again.
In addition, the response results and warning information of transmission device can be encapsulated as different snmp messages respectively, or
Person, response results and warning information are encapsulated as a snmp message, are not construed as limiting.
S411 sends snmp message, return step S407 by SNMP transmission interface.
In the present embodiment, step S401 to S406 completes initialization, and step S407 to S411 is received, handles and sent
Snmp message.
Since the alarm data of conventional transmission equipment, performance data and amount of configuration data are all very big, and need while locating
Reason alarm management, performance management and configuration management, the present embodiment can efficiently realize the transmitting-receiving and processing of a large amount of snmp messages,
Various transmission devices are managed.
Shown in Figure 7, the embodiment of the present invention also provides a kind of management system of transmission device, for realizing aforementioned each reality
The management method of a transmission device is applied, management system includes master control scheduler module, processing module and SNMP application layer.
Master control scheduler module is used to receive and dispatch snmp message by multi-protocol interface between network management, and to the receipts of snmp message
Hair and processing are scheduled control.
SNMP application layer is used to issue the life of the management to the management information bank MIB table of transmission device by underlying services interface
It enables, and receives the response results of the transmission device warning information reported and administration order.
Processing module is used to synchronize different types of snmp message processing or asynchronous multiple threads, thus from
Parsing obtains administration order in the snmp message that network management issues, and response results and/or warning information are encapsulated as SNMP and are disappeared
Breath.
SNMP core protocol stack is divided into the SNMP engine positioned at upper layer and the SNMP application layer positioned at lower layer, SNMP engine
Including master control scheduler module and processing module.
Preferably, processing module includes information process unit and local processing unit.
Snmp message is received and dispatched by socket communication interface between information process unit and master control scheduler module;For basis
The release type of snmp message, be packaged using protocol header and payload of the corresponding message handling module to snmp message or
Decapsulation processing.Specifically, information process unit include SNMPv1 message handling module, SNMPv2c message handling module and
SNMPv3 message handling module.
Local processing unit is used to the MIB order in payload in protocol Data Unit PDU being converted to administration order, and
PDU is stored in after response results and/or warning information are converted, wherein MIB order is carried out for the MIB to transmission device
Operation, administration order is the call back function mapped one by one with MIB order.
Further, management system further includes the user security module based on security model, and the access based on view
The access control module of Controlling model VACM, security model include semantic based query USM, can also simultaneously include it
His security model.
Information process unit is also used to that user security module is called to carry out verifying to protocol header or based on security model
Safety check, and notice processing locality module safety verification pass through result.
Local processing unit is also used to carry out binding variable legitimate verification to PDU or access control module is called to carry out
The processing of VACM access control.Specifically, local processing unit is used to parse the PDU in the payload of snmp message, check that SNMP disappears
The release type of breath calls user security subsystem and view access control subsystem, tests according to the version information of snmp message
The legitimacy of MIB access is demonstrate,proved, and administration order is determined by the MIB tree construction of registration, issues management life to SNMP application layer
It enables, and is stored in PDU after response results and warning information are converted.
Management system further includes configuration data module, for storing the configuration number of user security module and access control module
According to.
Information process unit defines in RFC 2272, for the generation and analysis of snmp message, and judges snmp message
Whether will be by proxy server etc. in transmission process.During snmp message generates, information process unit reception is come from
Then security parameter is added in the protocol header of snmp message by user security module in the PDU of local processing unit.It is connect in analysis
When the snmp message of receipts, first by the security parameter in the protocol header of user security resume module snmp message, after then unpacking
PDU give local processing unit carry out dissection process.
The function of local processing unit mainly accesses control to snmp message, handles the data and interruption of packing.
Access control, which refers to, has the managing process of different management stations not in access agent by setting agency
Same permission parses this level-one in PDU and completes.There are two types of common control strategies: limiting what management station can issue to agency
The specific part of the MIB of order or the determining accessible agency of management station.The strategy of access control must be preset.SNMPv3
By using the primitive with different parameters using neatly determining access control scheme.
Further, it is initialized before the transmitting-receiving of master control scheduler module scheduling controlling snmp message and processing.
Further, multiple MIB realize that module includes that USM MIB realizes that module, VACM MIB realize module and V1/V2C
MIB realizes module, is respectively used to be forwarded processing to corresponding administration order and its response results.
Command response device receives the administration order that issues of local processing unit by internal interface, and by administration order
It is transmitted to corresponding MIB and realizes module;It is also used to upload the response results that module forwards are realized by MIB.
SNMP application layer further includes notice generator;Generator is notified to be used for through underlying services interface alarm letter
Breath, and it is transmitted to processing locality module.
The USM MIB of SNMP application layer realizes that module, VACM MIB realize that module and notice generator can be from configuration numbers
Corresponding configuration data is obtained according to module.
Specifically, existing exploitation frame can be used in the internal interface received between local processing unit and command response device
Frame structure, such as information database (Information DataBase Plus, IDB+) frame structure, further increase management
The versatility of system.
The management system of transmission device of the embodiment of the present invention supports the SNMP of SNMPv1, SNMPv2c and SNMPv3 version to disappear
The processing of breath;Safety protecting mechanism of the snmp message in network transmission is provided, supports the USM of SNMPv3 message;SNMP is provided
Safe access control of the message in agent platform inter-process supports the VACM of SNMPv3 message;It supports in IPV4 and IPV6
It is run under environment;Support the Remote configuration function of USM and VACM;Support the safe TRAP information reporting function of SNMPv3;It improves
The maintainability and scalability of SNMP functional module;Meet height encapsulation, the modular requirement of SNMP core protocol stack;It mentions
The safety and stability of high-transmission equipment management;Using IDB+ frame structure, the multi-protocols network management interface of Unified Device is (private
Have/standard SNMP protocol, http protocol, order line agreement etc.);Support kinds of platform, such as Vxworks and Linux.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from
Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention
Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.
Claims (10)
1. a kind of management method of transmission device, characterized in that it comprises:
It receives network management or is sent to it Simple Network Management Protocol snmp message, and the transmitting-receiving and processing of snmp message are adjusted
Degree control;
SNMP application layer issues the administration order to the management information bank MIB of the transmission device by underlying services interface, with
And receive the response results of the transmission device warning information reported and the administration order;
Wherein, the processing of the snmp message includes:
Processing or asynchronous multiple threads are synchronized to the different types of snmp message, issue from network management described in
The administration order is obtained in snmp message, and the response results and/or warning information are encapsulated as the snmp message.
2. the management method of transmission device as described in claim 1, it is characterised in that:
The snmp message is received and dispatched by socket communication interface;
According to the release type of the snmp message, using corresponding message handling module to the protocol header of the snmp message and
Payload is packaged or decapsulation processing;
The MIB order of protocol Data Unit PDU in the payload is converted into the administration order, and by the response results
And/or warning information converted after be stored in PDU, wherein MIB of the MIB order for the transmission device is grasped
Make, the administration order is the call back function mapped one by one with the MIB order.
3. the management method of transmission device as claimed in claim 2, it is characterised in that:
The encapsulation or decapsulation processing further include that verifying or the safe school based on security model are carried out to the protocol header
It tests, security model includes semantic based query USM;
Before determining the administration order, according to the release type of the snmp message, it is legal that binding variable is carried out to the PDU
Property verifying or attribute based access control VACM access control.
4. the management method of transmission device as described in any one of claims 1 to 3, it is characterised in that: the SNMP application layer
Processing is forwarded respectively to the response results, warning information and administration order.
5. a kind of management system of transmission device, characterized in that it comprises:
Master control scheduler module is used between network management receive and dispatch snmp message by multi-protocol interface, and to the receipts of snmp message
Hair and processing are scheduled control;
SNMP application layer is used to issue the management to the management information bank MIB of the transmission device by underlying services interface
Order, and receive the response results of the transmission device warning information reported and the administration order;
Processing module is used to synchronize the different types of snmp message processing or asynchronous multiple threads, from
And parsing obtains the administration order from the snmp message that network management issues, and by the response results and/or alarm
Information encapsulation is the snmp message.
6. the management system of transmission device as claimed in claim 5, which is characterized in that the processing module includes:
The snmp message is received and dispatched by socket communication interface between information process unit, with the master control scheduler module;
For the release type according to the snmp message, using corresponding message handling module to the protocol header of the snmp message and
Payload is packaged or decapsulation processing;
Local processing unit is used to be converted to the MIB order in the payload in protocol Data Unit PDU the management life
It enables, and is stored in PDU after the response results and/or warning information are converted, wherein the MIB order is for institute
The MIB for stating transmission device is operated, and the administration order is the call back function mapped one by one with the MIB order.
7. the management system of transmission device as claimed in claim 6, it is characterised in that:
The system also includes user security modules and attribute based access control VACM based on security model
Access control module, the security model include semantic based query USM;
The information process unit is also used to verify the protocol header or the user security module is called to carry out based on described
The safety check of security model;
The local processing unit is also used to carry out the PDU binding variable legitimate verification or calls the access control
Module carries out the processing of VACM access control.
8. the management system of transmission device as claimed in claim 7, it is characterised in that:
The system also includes configuration data modules, for storing the configuration number of the user security module and access control module
According to.
9. such as the management system of the described in any item transmission devices of claim 5 to 8, it is characterised in that: the SNMP application layer
Module is realized including command response device and multiple MIB;
Multiple MIB realize that module includes that USM MIB realizes that module, VACM MIB realize that module and V1/V2C MIB realize module,
It is respectively used to be forwarded processing to the corresponding administration order and its response results;
Command response device receives the administration order that the local processing unit issues by internal interface, and by the management
Order is transmitted to the corresponding MIB and realizes module;It is also used to upload the response knot that module forwards are realized by the MIB
Fruit.
10. the management system of transmission device as claimed in claim 9, it is characterised in that: the SNMP application layer further includes leading to
Know generator, notice generator is used for through warning information described in the underlying services interface, and is transmitted to the local
Processing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910032303.4A CN109861853A (en) | 2019-01-14 | 2019-01-14 | A kind of management method and system of transmission device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910032303.4A CN109861853A (en) | 2019-01-14 | 2019-01-14 | A kind of management method and system of transmission device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109861853A true CN109861853A (en) | 2019-06-07 |
Family
ID=66894669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910032303.4A Withdrawn CN109861853A (en) | 2019-01-14 | 2019-01-14 | A kind of management method and system of transmission device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109861853A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021057802A1 (en) * | 2019-09-23 | 2021-04-01 | 三维通信股份有限公司 | Das system management method and device, electronic device, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023702A (en) * | 2012-12-14 | 2013-04-03 | 武汉烽火网络有限责任公司 | Method for processing batched management information bases (MIB) |
| US20150319032A1 (en) * | 2006-05-23 | 2015-11-05 | Cisco Technology, Inc. | Method and system for detecting changes in a network using simple network management protocol polling |
| CN107154872A (en) * | 2017-05-05 | 2017-09-12 | 烽火通信科技股份有限公司 | The method and system of distributed asynchronous management telecommunication apparatus based on snmp protocol |
| CN107508713A (en) * | 2017-09-21 | 2017-12-22 | 烽火通信科技股份有限公司 | NMS MIB and the system and method for network element Proprietary MIB Mapping implementation NE management |
-
2019
- 2019-01-14 CN CN201910032303.4A patent/CN109861853A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150319032A1 (en) * | 2006-05-23 | 2015-11-05 | Cisco Technology, Inc. | Method and system for detecting changes in a network using simple network management protocol polling |
| CN103023702A (en) * | 2012-12-14 | 2013-04-03 | 武汉烽火网络有限责任公司 | Method for processing batched management information bases (MIB) |
| CN107154872A (en) * | 2017-05-05 | 2017-09-12 | 烽火通信科技股份有限公司 | The method and system of distributed asynchronous management telecommunication apparatus based on snmp protocol |
| CN107508713A (en) * | 2017-09-21 | 2017-12-22 | 烽火通信科技股份有限公司 | NMS MIB and the system and method for network element Proprietary MIB Mapping implementation NE management |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021057802A1 (en) * | 2019-09-23 | 2021-04-01 | 三维通信股份有限公司 | Das system management method and device, electronic device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7483384B2 (en) | System and method for monitoring network traffic | |
| Guttman et al. | Rigorous automated network security management | |
| CN115118705B (en) | Industrial edge management and control platform based on micro-service | |
| EP1067745A2 (en) | Multilevel security attribute passing methods, apparatuses, and computer program products in a stream | |
| CN101707608A (en) | Method and device for automatically testing application layer protocol | |
| EP2589198A1 (en) | Automated security assessment of business-critical systems and applications | |
| CN110071873A (en) | A kind of method, apparatus and relevant device sending data | |
| Moniz et al. | RITAS: Services for randomized intrusion tolerance | |
| CN106878135A (en) | A kind of connection method and device | |
| CN105373891A (en) | Smart grid data management and transmission system | |
| CN110138753A (en) | Distributed message service system, method, equipment and computer readable storage medium | |
| CN110049046A (en) | Access control method, terminal, server and system | |
| CN112019330A (en) | Intranet security audit data storage method and system based on alliance chain | |
| CN109861853A (en) | A kind of management method and system of transmission device | |
| CN109413001A (en) | The method and device of safeguard protection is carried out to the interaction data in cloud computing system | |
| CN115378645A (en) | Verification method and system based on unified authentication of electric power marketing management system | |
| CN109218064A (en) | network management system and management method | |
| Khalil et al. | IoT-MAAC: Multiple attribute access control for IoT environments | |
| CN110572353A (en) | Cloud computing network security services | |
| CN104917638B (en) | GPON uplinks home gateway OMCI module intercommunication fault self-diagnosis systems and method | |
| CN100471198C (en) | A Distributed Network Security Supervision Method | |
| CN111385249B (en) | A Vulnerability Detection Method | |
| Wu et al. | ENFW: An Industrial Firewall for Edge Computing | |
| EP2739010B1 (en) | Method for improving reliability of distributed computer systems based on service-oriented architecture | |
| Neumann et al. | Universal Utility Data Exchange (UUDEX)–Protocol Design-Rev 1 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190607 |
|
| WW01 | Invention patent application withdrawn after publication |