[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115118611A - Software SDN network specification statistical method and system - Google Patents

Software SDN network specification statistical method and system Download PDF

Info

Publication number
CN115118611A
CN115118611A CN202210723280.3A CN202210723280A CN115118611A CN 115118611 A CN115118611 A CN 115118611A CN 202210723280 A CN202210723280 A CN 202210723280A CN 115118611 A CN115118611 A CN 115118611A
Authority
CN
China
Prior art keywords
data
acquiring
data set
instruction
api
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210723280.3A
Other languages
Chinese (zh)
Inventor
浦晓君
冯湘云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210723280.3A priority Critical patent/CN115118611A/en
Publication of CN115118611A publication Critical patent/CN115118611A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The specification relates to the technical field of information networks, provides a software SDN network specification statistical method and a software SDN network specification statistical system, and relates to the field of network specification statistics, wherein the method comprises the following steps: acquiring a first API (application program interface) type of a first cloud computing management platform; acquiring a first data request, and acquiring various types of data of the first API interface type according to the first data request to acquire a first data set, wherein the various types of data comprise: the number of subnets, the number of ports, elastic load balancing items and virtual firewall item specification data; acquiring a first data statistical instruction; and counting the first data set according to the first data counting instruction to obtain a first statistical report. The method and the device solve the technical problems that with the increase of the scale of the SDN, each specification has a super-threshold risk, the collection and statistics of risk data cannot be automatically carried out, and the network security monitoring efficiency is low.

Description

Software SDN network specification statistical method and system
Technical Field
The invention relates to the field of information networks, in particular to a software SDN network specification statistical method and system.
Background
Software Defined Network (SDN) is a new Network innovation architecture, and is an implementation manner of Network virtualization. The core technology OpenFlow separates the control plane and the data plane of the network equipment, so that the flexible control of the network flow is realized, the network becomes more intelligent as a pipeline, and a good platform is provided for the innovation of a core network and application. With the idea of layering, SDN separates data from control. The control layer comprises a logic centralized and programmable controller, global network information can be mastered, and operators and scientific research personnel can manage and configure the network and deploy new protocols conveniently. The OpenStack is a set of open-source cloud computing management system, and the project goal is to provide a cloud computing management platform which is simple to implement, can be expanded in a large scale, is rich and has a unified standard. The main functions of the system are realized by a plurality of core components together, each component provides an API interface externally, and a user can finish the use and secondary development of various basic functions by calling the OpenStack API. In an OpenStack-based software SDN network, there are limitations on specifications such as the number of subnets, the number of ports, elastic load balancing entries, virtual firewall entries, and the like. As the network size increases, the above specification carries a risk of exceeding a threshold value, which may cause the OpenStack system to operate unstably. Therefore, the tool is required to periodically collect and display the network specification data.
Disclosure of Invention
In view of the problem that the OpenStack system is unstable in operation due to the risk of exceeding the threshold value in the specification, the present invention is provided to provide a solution for overcoming the above problem or at least partially solving the above problem, so that a tool periodically collects network specification data, thereby realizing stable operation of the system, improving the global control degree of operation and maintenance personnel on the software SDN network, and improving the operation and maintenance efficiency.
According to an aspect of the present invention, there is provided a software SDN network specification statistical method, including:
acquiring a first API (application program interface) type of a first cloud computing management platform;
acquiring a first data request, and acquiring various types of data of the first API interface type according to the first data request to acquire a first data set, wherein the various types of data comprise: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
acquiring a first data statistical instruction;
and counting the first data set according to the first data counting instruction to obtain a first statistical report.
Preferably, the obtaining of the first API interface type of the first cloud computing management platform further includes:
acquiring first account information, and acquiring a first field from the first account information;
acquiring first API service authorization information;
and acquiring the first API interface type according to the first API service authorization information.
Preferably, the first data set has a first data structure, and the first data structure is a three-layer data structure.
Preferably, the acquiring of the data of each category of the first API interface type according to the first data request to obtain a first data set further includes:
acquiring a second data set, wherein the second data set is original data acquired according to the first data acquisition instruction;
acquiring a first data structure model;
and storing the second data set into the first data structure model to obtain the first data set.
Preferably, the method further comprises:
defining a preset specification threshold value;
judging whether each data set of each specification category in the first data set is within the preset specification threshold value or not;
if the data sets are not in the preset specification threshold value, acquiring a third data set which is not in the preset specification threshold value;
and acquiring a first marking instruction, and marking the third data set according to the first marking instruction.
Preferably, the method further comprises:
obtaining a first specification category of the third data set;
generating a first early warning report form according to the third data set and the first specification type;
and sending the first early warning report to the first cloud computing management platform.
Preferably, the acquisition of the first data acquisition instruction has a first cycle.
According to another aspect of the present invention, there is provided a software SDN network specification statistical system, including:
the first obtaining unit is used for obtaining a first API (application program interface) type of a first cloud computing management platform;
a second obtaining unit, configured to obtain a first data request, and perform, according to the first data request, acquisition of data of each category for the first API interface type to obtain a first data set, where the data of each category includes: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
a third obtaining unit, configured to obtain a first data statistics instruction;
and the fourth acquisition unit is used for counting the first data set according to the first data counting instruction to acquire a first statistical report.
According to another aspect of the present invention, a software SDN network specification statistical method and system are provided, including a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method according to any one of claims 1 to 7 when executing the program.
According to another aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method of any one of the above first aspects.
One or more technical schemes provided by the invention have at least the following technical effects:
1. the method comprises the steps of obtaining a first API (application program interface) type of a first cloud computing management platform; acquiring a first data request, and acquiring various types of data of the first API interface type according to the first data request to acquire a first data set, wherein the various types of data comprise: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data; acquiring a first data statistical instruction; and counting the first data set according to the first data counting instruction to obtain a first statistical report. The method solves the technical problems that with the increase of the scale of the SDN network, each specification has a risk exceeding a threshold value, the collection and statistics of risk data cannot be automatically carried out, and the network security monitoring efficiency is low. The software SDN management system has the advantages that the network specification data are periodically collected by the tool, so that stable operation of the system is realized, the specification data are acquired in real time, statistics is carried out according to data categories, reports are generated, the data are viewed more visually, the overall control degree of operation and maintenance personnel on the software SDN is improved, and the operation and maintenance efficiency is improved.
2. The tool can periodically collect network specification data, realize automatic collection and statistics of various specifications of the software SDN, remove the limitation on the specifications such as the number of sub-networks, the number of ports, elastic load balancing entries, virtual firewall entries and the like, stabilize the system, improve the global control degree of operation and maintenance personnel on the software SDN, and improve the operation and maintenance efficiency.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of a software SDN network specification statistical method according to an embodiment of the present application;
fig. 2 is a schematic flowchart illustrating a third data set marking process in a software SDN network specification statistical method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of sending the first early warning report to the first cloud computing management platform in the software SDN network specification statistical method according to the embodiment of the present application;
fig. 4 is a schematic structural diagram of a software SDN network specification statistical system according to an embodiment of the present application;
fig. 5 is a schematic diagram of a computer device of a software SDN network specification statistical tool according to an embodiment of the present application.
[ description of reference ]:
11. a first acquisition unit;
12. a second acquisition unit;
13. a third acquisition unit;
14. a fourth acquisition unit;
1002. a computer device;
1004. a processor;
1006. a memory;
1008. a drive mechanism;
1010. an input/output module;
1012. an input device;
1014. an output device;
1016. a presentation device;
1018. a Graphical User Interface (GUI);
1020. a network interface;
1022. a communication link;
1024. a communication bus.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. It should be understood that the present application is not limited to the example embodiments described herein. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application. It should be further noted that, for the convenience of description, only some but not all of the elements relevant to the present application are shown in the drawings.
The novel network innovation architecture is an implementation mode of network virtualization. The core technology OpenFlow separates the control plane and the data plane of the network equipment, thereby realizing the flexible control of network flow, enabling the network to be more intelligent as a pipeline, and providing a good platform for the innovation of a core network and application. With the idea of layering, SDN separates data from control. The control layer comprises a logic centralized and programmable controller, global network information can be mastered, and operators and scientific research personnel can manage and configure the network and deploy new protocols conveniently. The OpenStack is a set of open-source cloud computing management system, and the project aims to provide a cloud computing management platform which is simple to implement, can be expanded in a large scale, is rich and has a unified standard. The main functions of the system are realized by a plurality of core components together, each component provides an API interface externally, and a user can finish the use and secondary development of various basic functions by calling the OpenStack API. In an OpenStack-based software SDN network, there are limitations on the types of data that are qualified, such as the number of subnets, the number of ports, elastic load balancing entries, virtual firewall entries, etc. As the network size increases, the above specification carries a risk of exceeding a threshold value, which may cause the OpenStack system to operate unstably. Therefore, the tool is required to periodically collect and display the network specification data.
In view of the problem that the OpenStack system is unstable in operation due to the risk of exceeding the threshold value in the specification, the present invention is provided to provide a solution for overcoming the above problem or at least partially solving the above problem, so that a tool periodically collects network specification data, thereby realizing stable operation of the system, improving the global control degree of operation and maintenance personnel on the software SDN network, and improving the operation and maintenance efficiency.
Having thus described the general principles of the present application, various non-limiting embodiments thereof will now be described in detail with reference to the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a software SDN network specification statistical method, where the method includes:
step S100: acquiring a first API (application program interface) type of a first cloud computing management platform;
step S200: acquiring a first data request, acquiring various types of data of the first API interface type according to the first data request, and acquiring a first data set, wherein the various types of data comprise: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
specifically, the cloud computing Management platform is also called a cloud Management platform, also called cmp (cloud Management platform), and is a concept proposed by the well-known IT research institution Gartner in 2016. As the name suggests, the cloud computing management platform is used for enabling users to better manage cloud computing resources such as public clouds and private clouds. The API interface is a middleware for collecting data. The first API interface types are divided into four types: remote procedure call, standard query language, file transfer, information delivery. The method can be applied to an actual cloud computing management platform according to the specific function of the interface. The system firstly acquires a first cloud computing management platform, OpenStack is a set of open-source cloud computing management system, main functions of the system are realized by a plurality of core components together, each component provides an API (application program interface) for the outside, all first API interface types of the first cloud computing management platform must be acquired firstly for further data acquisition, the types of all the interfaces are not all the same, and the acquired data types are different. Therefore, the acquisition functions of various data need to be matched according to the type of the first API interface, and data such as subnets, ports, elastic load balancing, virtual firewalls and the like are collected by calling the OpenStack API, so that the use and secondary development of various basic functions are completed, and a foundation is laid for data acquisition.
Step S300: acquiring a first data statistical instruction;
step S400: and counting the first data set according to the first data counting instruction to obtain a first statistical report.
Specifically, the system firstly determines the specification and the type of data to be acquired, and acquires target information by using the interfaces of the first cloud computing management platform, wherein the interfaces are the same in the type of the first API interface. After the system determines the type of the data information to be acquired, the system generates an instruction to enable the information acquisition device to acquire the required information, and the acquired information is recorded as a first data acquisition instruction. And the system enables the acquisition device to acquire various types of data information in the first data acquisition type by calling the matched first API interface type according to the first data acquisition instruction.
Further, the RESTful request is a network API interface, and the RESTful URL is resource-oriented and has the functions of uniquely identifying and positioning resources. The request method comprises 4 methods including get, post, put and delete. And correspondingly acquiring resources, adding resources, updating resources and deleting resources respectively. In this embodiment, the method is used for acquiring the resource and performing identification, and belongs to the first data request. The method comprises the steps of constructing a RESTful request to inquire a subnet (subnet), a port (port) and a VPC peer (vpC peering), constructing the RESTful request to inquire a virtual firewall (vfw), a virtual firewall policy (vfw policy) and a virtual firewall rule (vfw rule), constructing the RESTful request to inquire elastic load balance, acquiring data of VPC (subnet, port, VPC peering and the like), vfw (group, policy, polarity, elb and the like by calling api opened by OpenStack to the outside, and storing the data into a predefined data structure after the inquiry is completed to finish the collection of various resource information. Merging and sorting the original data to form a network specification report with strong readability, and referring to tables 1, 2 and 3. And arranging and filing the acquired data information to further form a first data set. At the moment, the system generates a first data statistical instruction which is used for carrying out statistics on the obtained various resource information, so that the data target is clear and the readability is strong. After the first data statistical instruction is obtained, the system merges and sorts the original data of various resource information, statistics is carried out on the first data set according to the preset specification threshold value, the resource data obtained by calling the API are counted, automatic collection and statistics of various specifications of the software SDN are achieved through the method, the overall handling degree of operation and maintenance personnel on the software SDN is improved, and operation and maintenance efficiency is improved.
TABLE 1 query subnet related data information
Figure BDA0003712427420000071
Table 2 query port (port) related data information
Figure BDA0003712427420000072
Figure BDA0003712427420000081
Table 3 queries VPC Peer (VPC peering) related data information
Figure BDA0003712427420000082
Further, in the obtaining of the first API interface type of the first cloud computing management platform, step S100 in the embodiment of the present application further includes:
step S110: acquiring first account information, and acquiring a first field from the first account information;
step S120: acquiring first API service authorization information;
step S130: and acquiring the first API interface type according to the first API service authorization information.
Specifically, the first account information refers to user information for acquiring required data, such as parameter names, parameter locations, parameter types, and other feature descriptions. The first field indicates that in the first account information, data recorded in the database of the first account information does not have a special record name, so that the number of lines where the field is usually used to indicate is the number of records. The first API service authorization information includes the first field, which is a "key" used to obtain the first account information. The system firstly obtains the first account information to obtain a first field, and then obtains first API service authorization information, in OpenStack, message headers of call requests of various APIs all need to contain an X-Auth-Token field, and the field needs to be obtained by using a predefined account and belongs to the first field. Constructing a RESTful request to inquire a subnet (subnet), a port (port) and a VPC peer (VPC peering), constructing a RESTful request to inquire a virtual firewall (vfw), a virtual firewall policy (vfw policy) and a virtual firewall rule (vfw rule), constructing a RESTful request to inquire elastic load balance, and further obtaining the first API interface type. A first data set is acquired. With the idea of layering, SDN separates data from control. The control layer comprises a logic centralized and programmable controller, global network information can be mastered, and operators and scientific research personnel can manage and configure the network and deploy new protocols conveniently.
Further, step S200 in the embodiment of the present application further includes:
step S210: the first data set has a first data structure that is a three-tier data structure.
Specifically, the original data is merged and arranged to form a three-layer data structure with the model of region- > project- > vpc/vfw/elb. Layering is the grouping that represents ordering functions: application specific functions are located at an upper level, functions spanning the application domain are located at a middle level, and configuration environment specific functions are located at a lower level. The hierarchy logically divides the subsystems into many sets, and the formation of the inter-layer relationships follows certain rules. By layering, dependencies between subsystems can be limited, allowing systems to be coupled in a looser manner, and thus easier to maintain. The grouping criteria for a subsystem include the following rules visibility. Each subsystem can only have a dependency relationship with the subsystems of the same layer and the next layer. With the idea of layering, SDN separates data from control. The control layer comprises a logic centralized and programmable controller, global network information can be mastered, and operators and scientific research personnel can manage and configure the network and deploy new protocols conveniently. In the data layer, a dumb switch (different from a traditional two-layer switch, the dumb switch is specially used for forwarding data) is included, only a simple data forwarding function is provided, matched data packets can be quickly processed, and the requirement of increasing flow is met. The two layers interact with each other by adopting an open unified interface (such as OpenFlow and the like). The controller sends the uniform standard rules to the switch through the standard interface, and the switch only needs to execute corresponding actions according to the rules. The application program with the three-layer structure puts the work of business rules, data access, validity check and the like to the middle layer for processing. Under the normal condition, the client does not directly interact with the database, but establishes connection with the intermediate layer through COM/DCOM communication, and interacts with the database through the intermediate layer, so that the safety of the system is greatly improved. The application program with the three-layer structure can better adapt to the increasing requirements of complexity and flexibility of enterprise-level application, and the requirements of expansion, maintenance and reuse are realized through the principle of high cohesion and low coupling of software layering, so that the development efficiency can be greatly improved.
Further, after acquiring the data of each category of the first API interface type according to the first data request and acquiring the first data set, the embodiment of the present application further includes:
step S220: acquiring a second data set, wherein the second data set is original data acquired according to the first data acquisition instruction;
step S230: acquiring a first data structure model;
step S240: and storing the second data set into the first data structure model to obtain the first data set.
In particular, the raw data is data in a user database, or various data stored for use by the end user, unprocessed or reduced, which may or may not be in machine-readable form. It constitutes physically present data. There are typically several basic data types in a database. The system first obtains the collected data information obtained by the first data collection instruction, namely the original data information, and records the original data information as a second data set. And obtaining a first data structure model, wherein the first data structure model is a three-layer data structure which is formed by merging and sorting original data and takes region- > project- > vpc/vfw/elb as a model. The method comprises the steps of taking a second data set as training data, constructing a first data structure model, taking the first data structure model as a neural network model, having the characteristics of continuously learning and acquiring experience to process data, inputting the first data structure model by taking the second data set as an input data set, continuously correcting and optimizing the neural network model by the training data, improving the accuracy of the neural network model in processing the data by a supervised learning process, and further enabling the first data set to be more accurate.
Further, as shown in fig. 2, the embodiment of the present application further specifically includes:
step S510: defining a preset specification threshold value;
step S520: judging whether each data set of each specification category in the first data set is within the preset specification threshold value or not;
step S530: if the data sets are not in the preset specification threshold value, acquiring a third data set which is not in the preset specification threshold value;
step S540: and acquiring a first marking instruction, and marking the third data set according to the first marking instruction.
Specifically, the system firstly defines various specification thresholds, and defines the alert threshold of the corresponding resource according to the carrying capacity of the OpenStack software. For example, the VPC-Peering number in the VPC: 50; number of Subnet within VPC: 150; number of ports in VPC: 5000, and the like. And counting the resource data acquired by calling the API, comparing the resource data with various preset thresholds, and judging whether each data set of each specification category in the first data set is in the preset specification threshold. If the data sets are in the preset specification threshold value, indicating that the various data resources do not exceed the warning value; if the data sets are not in the preset specification threshold value, the fact that various data resources exceed the warning value is indicated, a third data set which is not in the preset specification threshold value can be obtained, the third data set is marked, and therefore the third data set is highlighted in a report, a first marking instruction is obtained, the third data set is marked, and the statistical report is more accurate in data.
Further, as shown in fig. 3, the embodiment of the present application further specifically includes:
step S610: obtaining a first specification category of the third data set;
step S620: generating a first early warning report form according to the third data set and the first specification type;
step S630: and sending the first early warning report to the first cloud computing management platform.
Specifically, the early warning means that in an OpenStack-based software SDN network, there are limitations on specifications such as the number of subnets, the number of ports, elastic load balancing entries, and virtual firewall entries. With the increase of the network scale, the above specification has the risk of exceeding the threshold value, which can cause the OpenStack system to operate unstably, and therefore, the existence of the risk item of exceeding the threshold value is warned. The first specification type refers to the specific category of data in the third data set, such as the specifications of the number of subnets, the number of ports, the elastic load balancing items, the virtual firewall items, and the like. The first early warning report form is a form that data of the third data set is sorted and summarized according to the first specification category, and the data is counted according to the data classification characteristics to generate a table.
Further, after the system obtains the data sets of the specification categories in the first data set, the system compares the data sets of the specification categories in the first data set with the preset specification threshold value, and determines whether the data sets of the specification categories in the first data set are within the preset specification threshold value. And if the data sets are not in the preset specification threshold value, obtaining a third data set which is not in the preset specification threshold value. After the third data set is obtained, the system generates a first marking instruction, and marks the third data set according to the first marking instruction, so that the third data set is more prominent and clear in a report. And forming an early warning report for the resources exceeding the warning value. The first early warning information means that the system can count the first data set after the first early warning information instruction is obtained. For example, the warning thresholds of the various classes in the VPC are VPC-pending numbers: 50; number of sunets: 150; the Port number is: 5000. if the number of each category in the VPC is counted, the VPC-Peering number is as follows: 56; number of Subnet: 135 of the total weight of the raw materials; the Port number is: 4000. at the moment, if the VPC-Peer number exceeds the warning threshold value, marking and highlighting the data, rearranging the data exceeding the threshold value to generate an early warning report, and further sending the early warning report to the platform to improve the operation and maintenance efficiency.
Further, the embodiment of the present application further includes:
the first data acquisition instruction is fetched with a first cycle.
In particular, in an OpenStack-based software SDN network, there are limitations on specifications such as the number of subnets, the number of ports, elastic load balancing entries, virtual firewall entries, and the like. As the network size increases, the above specification carries a risk of exceeding a threshold value, which may cause the OpenStack system to operate unstably. Therefore, the tool is required to periodically collect and display the network specification data. And only if the first data acquisition instruction has periodicity, the first cloud computing management platform system can stably operate. The network specification data can be periodically collected, and further, warning can be given to various types of data with the risk exceeding the threshold value, and the operation and maintenance efficiency is improved.
Based on the same inventive concept as the software SDN network specification statistical method in the foregoing embodiment, the present invention further provides a software SDN network specification statistical system, as shown in fig. 4, the system includes:
a first obtaining unit 11, where the first obtaining unit 11 is configured to obtain a first API interface type of a first cloud computing management platform;
a second obtaining unit 12, where the second obtaining unit 12 is configured to obtain a first data request, and according to the first data request, perform collection of data of each category on the first API interface type to obtain a first data set, where the data of each category includes: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
a third obtaining unit 13, where the third obtaining unit 13 is configured to obtain a first data statistics instruction;
a fourth obtaining unit 14, where the fourth obtaining unit 14 is configured to count the first data set according to the first data counting instruction, and obtain a first statistical form.
Further, the system further comprises:
a fifth acquiring unit, configured to acquire first account information, and acquire a first field from the first account information;
a sixth obtaining unit, configured to obtain the first API service authorization information;
a seventh obtaining unit, configured to obtain the first API interface type according to the first API service authorization information.
Further, the system further comprises:
an eighth obtaining unit, configured to enable the first data set to have a first data structure, where the first data structure is a three-layer data structure.
Further, the system further comprises:
a ninth obtaining unit, configured to obtain a second data set, where the second data set is original data obtained according to the first data acquisition instruction;
a tenth acquiring unit, configured to acquire the first data structure model;
an eleventh obtaining unit, configured to store the second data set in the first data structure model, and obtain the first data set.
Further, the system further comprises:
a first defining unit for defining a preset specification threshold;
a first judging unit, configured to judge whether each data set of each specification category in the first data set is within the preset specification threshold;
a twelfth obtaining unit, configured to obtain a third data set that is not within the preset specification threshold if each data set is not within the preset specification threshold;
a thirteenth obtaining unit, configured to obtain a first marking instruction, and mark the third data set according to the first marking instruction.
Further, the system further comprises:
a fourteenth acquiring unit, configured to acquire the first specification category of the third data set;
a first generating unit, configured to generate a first early warning report from the third data set and the first specification type;
the first sending unit is used for sending the first early warning report to the first cloud computing management platform.
Further, the system further comprises:
a fifteenth acquisition unit for acquisition of the first data acquisition instruction having a first period.
Various changes and specific examples of the software SDN network specification statistical method in the first embodiment of fig. 1 are also applicable to a software SDN network specification statistical system in this embodiment, and through the foregoing detailed description of a software SDN network specification statistical method, those skilled in the art can clearly know the implementation method of a software SDN network specification statistical system in this embodiment, so for the brevity of the description, detailed descriptions are omitted here.
In an embodiment herein, as shown in fig. 5, there is also provided a computer device, the computer device 1002 may include one or more processors 1004, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 1002 may also include any memory 1006 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the memory 1006 may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information, and the memory 1006 has stored thereon a computer program that is executable on the processor 1004, and when the computer program is executed by the processor 1004, the method according to any of the preceding embodiments is implemented. Further, any memory may represent fixed or removable components of computer device 1002. In one case, when the processor 1004 executes the associated instructions, which are stored in any memory or combination of memories, the computer device 1002 can perform any of the operations of the associated instructions. The computer device 1002 also includes one or more drive mechanisms 1008, such as a hard disk drive mechanism, an optical disk drive mechanism, or the like, for interacting with any memory.
Computer device 1002 may also include an input/output module 1010(I/O) for receiving various inputs (via input device 1012) and for providing various outputs (via output device 1014)). One particular output mechanism may include a presentation device 1016 and an associated Graphical User Interface (GUI) 1018. In other embodiments, input/output module 1010(I/O), input device 1012, and output device 1014 may also be excluded, as only one computer device in a network. Computer device 1002 can also include one or more network interfaces 1020 for exchanging data with other devices via one or more communication links 1022. One or more communication buses 1024 couple the above-described components together.
Communication link 1022 may be implemented in any manner, such as over a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communications link 1022 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
Embodiments herein also provide a computer-readable storage medium, on which a computer program is stored, and when executed by a processor, the computer program performs a software SDN network specification statistical method according to any one of the above embodiments.
Embodiments herein also provide a computer readable instruction, wherein when executed by a processor, a program causes the processor to perform a software SDN network specification statistical method as in any of the above examples.
The application provides a software SDN specification statistical method, which solves the technical problems that with the increase of the scale of an SDN, each specification has a risk exceeding a threshold value, the collection and statistics of risk data cannot be automatically carried out, and the network security monitoring efficiency is low. The software SDN management system has the advantages that the network specification data are periodically collected by the tool, so that stable operation of the system is realized, the specification data are acquired in real time, statistics is carried out according to data categories, reports are generated, the data are viewed more visually, the overall control degree of operation and maintenance personnel on the software SDN is improved, and the operation and maintenance efficiency is improved.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
It should also be understood that, in the embodiment of the present invention, the term "and/or" is only one kind of association relation describing an associated object, and means that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A software SDN network specification statistical method is characterized by comprising the following steps:
acquiring a first API (application program interface) type of a first cloud computing management platform;
acquiring a first data request, and acquiring various types of data of the first API interface type according to the first data request to acquire a first data set, wherein the various types of data comprise: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
acquiring a first data statistical instruction;
and counting the first data set according to the first data counting instruction to obtain a first statistical report.
2. The method of claim 1, wherein the obtaining the first API interface type for the first cloud computing management platform, the method further comprises:
acquiring first account information, and acquiring a first field from the first account information;
acquiring first API service authorization information;
and acquiring the first API interface type according to the first API service authorization information.
3. The method of claim 1, wherein the first data set has a first data structure that is a three-tier data structure.
4. The method of claim 3, wherein the collecting of each category of data for the first API interface type in accordance with the first data request obtains a first data set, the method further comprising:
acquiring a second data set, wherein the second data set is original data acquired according to the first data acquisition instruction;
acquiring a first data structure model;
and storing the second data set into the first data structure model to obtain the first data set.
5. The method of claim 1, wherein the method further comprises:
defining a preset specification threshold value;
judging whether each data set of each specification category in the first data set is within the preset specification threshold value or not;
if the data sets are not in the preset specification threshold value, acquiring a third data set which is not in the preset specification threshold value;
and acquiring a first marking instruction, and marking the third data set according to the first marking instruction.
6. The method of claim 5, wherein the method further comprises:
obtaining a first specification category of the third data set;
generating a first early warning report form according to the third data set and the first specification type;
and sending the first early warning report to the first cloud computing management platform.
7. The method of claim 1, wherein the obtaining of the first data request has a first periodicity.
8. A software SDN network specification statistics system, the system comprising:
the first obtaining unit is used for obtaining a first API (application program interface) type of a first cloud computing management platform;
a second obtaining unit, configured to obtain a first data request, and according to the first data request, collect data of each category for the first API interface type to obtain a first data set, where the data of each category includes: the number of subnets, the number of ports, the elastic load balancing items and the virtual firewall item specification data;
a third obtaining unit, configured to obtain a first data statistics instruction;
and the fourth acquisition unit is used for counting the first data set according to the first data counting instruction to acquire a first statistical report.
9. A software SDN network specification statistics system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method of any one of claims 1-7 when executing the program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 7.
CN202210723280.3A 2022-06-24 2022-06-24 Software SDN network specification statistical method and system Pending CN115118611A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210723280.3A CN115118611A (en) 2022-06-24 2022-06-24 Software SDN network specification statistical method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210723280.3A CN115118611A (en) 2022-06-24 2022-06-24 Software SDN network specification statistical method and system

Publications (1)

Publication Number Publication Date
CN115118611A true CN115118611A (en) 2022-09-27

Family

ID=83328464

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210723280.3A Pending CN115118611A (en) 2022-06-24 2022-06-24 Software SDN network specification statistical method and system

Country Status (1)

Country Link
CN (1) CN115118611A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713332A (en) * 2016-12-30 2017-05-24 山石网科通信技术有限公司 Network data processing method, device and system
US20170180213A1 (en) * 2014-09-05 2017-06-22 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Implementing Software-Defined Network SDN
CN108234211A (en) * 2017-12-30 2018-06-29 上海陆家嘴国际金融资产交易市场股份有限公司 Network control method, system and storage medium
CN111538731A (en) * 2020-05-14 2020-08-14 山东慧泰智能科技有限公司 Industrial data automatic generation report system
CN112698820A (en) * 2020-12-30 2021-04-23 平安证券股份有限公司 Unified monitoring and management method and device for memory and switch and computer equipment
CN114547521A (en) * 2022-02-28 2022-05-27 北京有竹居网络技术有限公司 Authority-based interactive interface publishing method and device and electronic equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170180213A1 (en) * 2014-09-05 2017-06-22 Huawei Technologies Co., Ltd. Method, Apparatus, and System for Implementing Software-Defined Network SDN
CN106713332A (en) * 2016-12-30 2017-05-24 山石网科通信技术有限公司 Network data processing method, device and system
CN108234211A (en) * 2017-12-30 2018-06-29 上海陆家嘴国际金融资产交易市场股份有限公司 Network control method, system and storage medium
CN111538731A (en) * 2020-05-14 2020-08-14 山东慧泰智能科技有限公司 Industrial data automatic generation report system
CN112698820A (en) * 2020-12-30 2021-04-23 平安证券股份有限公司 Unified monitoring and management method and device for memory and switch and computer equipment
CN114547521A (en) * 2022-02-28 2022-05-27 北京有竹居网络技术有限公司 Authority-based interactive interface publishing method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US12063126B2 (en) Building data graph including application programming interface calls
CN111787073B (en) Current limiting fusing platform for unified service and method thereof
CN111752795A (en) Full-process monitoring alarm platform and method thereof
CN107294764A (en) Intelligent supervision method and intelligent monitoring system
US9886445B1 (en) Datacenter entity information system
US10318333B2 (en) Optimizing allocation of virtual machines in cloud computing environment
CN105765556A (en) Customer-directed networking limits in distributed systems
CN107104894A (en) Controller in network control system
US9923782B1 (en) Computer network virtual entity pathway visualization system
CN109636307B (en) River chang APP system
CN102148712A (en) Cloud computing-based service management system
CN109997337A (en) Network health information visuallization
CN108268549A (en) Data auditing system and method
CN102045186B (en) Event analysis method and system
CN116389486B (en) Method and system for realizing operation analysis of multiple cloud resources
CN115118611A (en) Software SDN network specification statistical method and system
CN113504996A (en) Load balance detection method, device, equipment and storage medium
US10466984B2 (en) Identifying and associating computer assets impacted by potential change to a particular computer asset
CN116136801B (en) Cloud platform data processing method and device, electronic equipment and storage medium
CN113220545B (en) Method and device for distributing work orders and electronic equipment
CN109522349A (en) Across categorical data calculating and sharing method, system, equipment
CN109873708A (en) A kind of assets portrait method clustered based on traffic characteristic and kmeans
US20240048495A1 (en) Systems and methods for networked microservices flow control
CN117938768A (en) Network flow control method and device, electronic equipment and storage medium
WO2024030980A1 (en) Systems and methods for networked microservices flow control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination