CN116170352A - Network traffic processing method and device, electronic equipment and storage medium - Google Patents
Network traffic processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116170352A CN116170352A CN202310109341.1A CN202310109341A CN116170352A CN 116170352 A CN116170352 A CN 116170352A CN 202310109341 A CN202310109341 A CN 202310109341A CN 116170352 A CN116170352 A CN 116170352A
- Authority
- CN
- China
- Prior art keywords
- data
- traffic
- information
- flow
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 65
- 238000003672 processing method Methods 0.000 title description 5
- 238000004458 analytical method Methods 0.000 claims abstract description 115
- 238000000034 method Methods 0.000 claims abstract description 71
- 238000012545 processing Methods 0.000 claims abstract description 54
- 230000015654 memory Effects 0.000 claims description 34
- 238000005206 flow analysis Methods 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 23
- 238000007619 statistical method Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 abstract description 16
- 230000006870 function Effects 0.000 description 23
- 238000009826 distribution Methods 0.000 description 21
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 9
- 238000012544 monitoring process Methods 0.000 description 9
- 238000005192 partition Methods 0.000 description 5
- 230000010354 integration Effects 0.000 description 4
- 230000003139 buffering effect Effects 0.000 description 3
- 238000013480 data collection Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000013079 data visualisation Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Mining & Analysis (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method and device for processing network traffic, electronic equipment and a storage medium. According to the embodiment of the application, the traffic data transmitted in the cloud computing equipment cluster are acquired, the traffic data is matched with the geographic position database to acquire geographic position information, the traffic data is subjected to information matching to determine service information, the geographic position information and the service information are used as analysis results of the traffic data and sent to the distributed storage server to be stored, finally, the analysis results of the traffic data are acquired according to the request, and then the analysis results are added to a traffic analysis page and the page is provided. The method and the system reform and upgrade the processing and analysis modes of the data flow information in the existing network management system, display a plurality of attribute values of the network flow data in a multi-dimensional data form, and overcome the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for processing network traffic, an electronic device, and a storage medium.
Background
With the continuous development of enterprise informatization networks, the network scale of enterprises is expanding, the business of enterprises is increasing, network management faces an increasing challenge, and in order to meet business requirements, enterprises have undergone the processes of ten megabytes, hundred megabytes, gigabytes and ten megabytes in network interface bandwidth rate. In the related art, when the network traffic is processed and analyzed, the processing mode of the data is single, and the reference meaning of the processing result of the data which can be displayed is limited due to the insufficient exploitation and utilization of the data; in addition, with the increase of the speed of the bandwidth rate of the network interface, the processing mode of the network traffic data in the related technology is unfavorable for network management personnel or enterprise users to discover and eliminate hidden dangers in time. In order to overcome the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data, enterprises are urgent to find a new technology with rich, mature and stable functions, and the information acquisition and analysis modes of each attribute value of the data flow in the existing network management system are modified and upgraded.
Disclosure of Invention
The embodiment of the application provides a method, a device, electronic equipment and a storage medium for processing network traffic, so as to solve one or more of the technical problems.
In a first aspect, an embodiment of the present application provides a method for processing network traffic, including:
acquiring traffic data transmitted in a cloud computing device cluster;
matching the flow data with a geographic position database to obtain geographic position information included in the flow data;
performing information matching on the flow data, and determining service information corresponding to the flow data, wherein the service information comprises at least one of equipment information, operator information and service user information corresponding to the flow data;
the geographic position information and the business information are used as analysis results of the flow data and are sent to a distributed storage server for storage;
acquiring the analysis result of the corresponding flow data according to the acquisition request of the analysis result of the flow data;
and adding the analysis result to a flow analysis page, and providing the flow analysis page.
In a second aspect, an embodiment of the present application provides a processing apparatus for network traffic, including:
the flow data acquisition module is used for acquiring flow data transmitted in the cloud computing equipment cluster;
the geographic position matching module is used for matching the flow data with a geographic position database to acquire geographic position information included in the flow data;
The service information matching module is used for carrying out information matching on the flow data and determining service information corresponding to the flow data, wherein the service information comprises at least one of equipment information, operator information and service user information corresponding to the flow data;
the analysis result storage module is used for sending the geographic position information and the business information to a distributed storage server for storage as analysis results of the flow data;
the analysis result acquisition module is used for acquiring the analysis result of the corresponding flow data according to the acquisition request of the analysis result of the flow data;
and the analysis result display module is used for adding the analysis result to a flow analysis page and providing the flow analysis page.
In a third aspect, embodiments of the present application provide a computing device including a memory, a processor, and a computer program stored on the memory, the processor implementing the method of any of the embodiments of the present application when the computer program is executed.
In a fourth aspect, embodiments of the present application provide a computing device readable storage medium having a computer program stored therein, which when executed by a processor, implements a method as described in any of the embodiments of the present application.
Compared with the related art, the method has the following advantages:
the method and the system reconstruct and upgrade the processing and analysis modes of the data traffic information in the existing network management system by constructing a new network traffic data processing system, unify the network traffic data as single primitive elements to form a data image, and display a plurality of attribute values of the network traffic data in a multi-dimensional data form. Therefore, the purposes of processing various results and monitoring the flow data of a plurality of network interfaces can be realized, the processing speed of the network flow data is improved, and the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data is overcome.
According to the embodiment of the application, firstly, traffic data transmitted by a cloud computing device cluster is obtained from the cloud computing device cluster; then, the acquired flow data is matched with a geographic position database of the national authorities, and geographic position information included in the flow data is acquired; performing other information matching on the traffic data after the geographic position matching, and determining service information corresponding to the traffic data, wherein the service information can comprise at least one of equipment information, operator information and service user information corresponding to the traffic data; the geographic position information and the business information after the matching analysis are used as the analysis result of the flow data and are sent to a distributed storage server for storage and standby; acquiring the analysis result of the corresponding flow data according to the acquisition request of the analysis result of the flow data; and finally, adding the analysis result to a flow analysis page, and providing the flow analysis page.
In the processing process of the network traffic data, a new network traffic data processing system is constructed by adopting a new network traffic data processing method, so that the processing of the traffic data is more refined, the network traffic data can be used as a single primitive element union to form a data image, and a plurality of attribute values of the network traffic data are displayed in a multi-dimensional data form. Therefore, the purposes of processing various results and monitoring the flow data of a plurality of network interfaces can be realized, in addition, the method also improves the processing speed of the network flow data, and overcomes the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data.
The foregoing description is merely an overview of the technical solutions of the present application, and in order to make the technical means of the present application more clearly understood, it is possible to implement the present application according to the content of the present specification, and in order to make the above and other objects, features and advantages of the present application more clearly understood, the following detailed description of the present application will be given.
Drawings
In the drawings, the same reference numerals refer to the same or similar parts or elements throughout the several views unless otherwise specified. The figures are not necessarily drawn to scale. It is appreciated that these drawings depict only some embodiments according to the application and are not to be considered limiting of its scope.
FIG. 1 is a schematic diagram of one solution for implementing network traffic handling provided herein;
FIG. 2 is a flow chart of a method for processing network traffic in an embodiment of the present application;
FIG. 3 is a block diagram illustrating a network traffic processing apparatus according to an embodiment of the present application;
FIG. 4 is a block diagram of a computing device electronic device used to implement embodiments of the present application.
Detailed Description
Hereinafter, only certain exemplary embodiments are briefly described. As will be recognized by those of skill in the pertinent art, the described embodiments may be modified in various different ways without departing from the spirit or scope of the present application. Accordingly, the drawings and description are to be regarded as illustrative in nature, and not as restrictive.
In order to facilitate understanding of the technical solutions of the embodiments of the present application, the following describes related technologies of the embodiments of the present application. The following related technologies may be optionally combined with the technical solutions of the embodiments of the present application, which all belong to the protection scope of the embodiments of the present application.
In a related art before the application, when processing and analyzing network traffic, the processing results are relatively single, and only the analysis result (such as IP trend) of a single attribute of the network traffic can be seen; meanwhile, the number of network interfaces which can be monitored simultaneously is limited, and the flow data of one network interface below a certain device can be monitored at the same time; in addition, as the bandwidth rate of the network interface increases, if the mass data of the flow network device is processed, counted and analyzed only by the conventional means, the speed of the flow network device cannot meet the current requirements. In order to overcome the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data, enterprises are urgent to find a new technology with rich, mature and stable functions, and the information acquisition and analysis modes of each attribute value of the data flow in the existing network management system are modified and upgraded.
In view of the foregoing, embodiments of the present application provide a new method, apparatus, electronic device, and storage medium for processing network traffic, so as to solve the above technical problems in whole or in part.
The embodiment of the application relates to a method for processing network traffic, and the traffic source can be a data traffic packet sent by a NetFlow network monitoring system, or can be data traffic packet sent by an SFlow (network monitoring technology) or can be traffic data transmitted in real time and sent in a cloud computing device cluster, which is not limited in any way. The embodiment of the application can be applied to various scenes needing network traffic analysis, and the network traffic analysis results can be displayed through multiple dimensions, for example: dimension one, which may be the customer dimension: customer ingress and egress traffic including, but not limited to, TOP50, national operator traffic distribution, IP attribute-egress operator traffic distribution, egress operator-destination operator traffic distribution, etc. may be demonstrated; dimension two, may be the operator dimension: may be demonstrated including, but not limited to, country-to-destination carrier traffic distribution, customer duty cycle, device interface duty cycle, etc.; dimension three, which may be an interface dimension: including but not limited to device-interface traffic distribution, interface ingress and egress traffic distribution variation, IPTop10& customer duty cycle, egress operator-destination operator-traffic distribution, etc. may be demonstrated. According to the method, a data visualization technology is fully utilized, network flow data is represented as a single primitive element, a large number of data sets form a data image, and meanwhile, each attribute value of the data is displayed in a multi-dimensional data form, so that the data can be observed from different dimensions, and further observation and analysis are carried out on the data. Specific data presentation forms may be rectangular vertical charts, sang Jitu, bar charts, pie charts, line charts, etc., which are not limited in this application.
In order to more clearly show the processing method of the network traffic provided in the embodiment of the present application, a specific application example of the solution of the embodiment of the present application is given below, and fig. 1 is a schematic diagram of one solution for implementing the network traffic processing provided in the present application. Several technical options are involved in the process of the treatment method: PMACCT (network monitoring tool), logtable (open source data collection engine with real-time pipelining capability), KAFKA (distributed streaming platform), file (streaming data processing tool), clikhouse (columnar database management system), SPRINGBOOT (tool for writing interface code).
Firstly, acquiring traffic data transmitted in a cloud computing device cluster: for netflie (a network packet switching technology) traffic data sent by each machine room device router, an AGNET (agent, an autonomously active software or hardware entity) may be deployed in each machine room, and PMACCT is installed to receive the traffic data sent by netfliw. The data collected by NETFLOW may include a source address, a destination address, a source autonomous domain, a destination autonomous domain, an ingress interface number, an egress interface number, a source port, a destination port, a protocol type, a packet number, a byte number, a flow number, and the like. The configuration file in PMACCT forwards the traffic data to the logtable corresponding to the IP by identifying the IP of the acquired traffic data.
Secondly, matching the flow data received by LOGSTASH with a GEOIP library (national geographic position database) to obtain geographic position information included in the flow data: may include IP, longitude, latitude, country, city, or even destination operator, and integrate the matched traffic data and send it to KAFKA;
and performing other information matching on the flow data subjected to LOGSTASH matching integration to determine service information corresponding to the flow data received by KAFKA, wherein the service information can comprise at least one of equipment information, operator information and service user information corresponding to the flow data: the KAFKA may include two topic (data queues), one of which is original data and one of which is data after being subjected to file matching, where file matching data is mainly combined with CMDB (a database, in which service data information for matching may be stored as needed) to match devices, operators corresponding to interfaces, customer names, customer uuid (universal unique identification code, universally Unique Identifier), ip attributes, machine rooms, destination operators, device names, and device port names. The above processing procedure may be that the KAFKA caches the received traffic data with the determined geographic location information as the original data into a first topic (i.e. KAFKA/topic), and the FLINK performs information matching on the received traffic data according to the ordering of the first topic, determines the service information corresponding to the received traffic data, and then caches the traffic data with the determined geographic location information and the service information into a second topic (i.e. KAFKA/topic-ck).
Then, the geographic position information and the business information are used as analysis results of the flow data and are sent to a distributed storage server for storage: using Hangout (a service for configuring and receiving data), the traffic data received from the second topic of KAFKA is sent to the corresponding clikhouse database according to the IP of the traffic data. The clikhouse database corresponds to a total information table, and in this embodiment, the clikhouse database is placed in a plurality of devices in a plurality of machine rooms, and the data is stored in a distributed storage server. Each storage server corresponds to a plurality of data tables, so that data display on a final page is facilitated.
Then, according to the acquisition request of the analysis result of the flow data, acquiring the analysis result of the corresponding flow data: the SPRINGBOOT can be used for configuring a webpage calling interface, a component for connecting data is configured in the interface, information such as IP, ports, user names, passwords and the like is configured in the component to be connected with a CLICKHOUSE database, and acquisition request parameters of analysis results of the flow data by webpage end clients/network managers are transmitted to the CLICKHOUSE database; meanwhile, SQL (structured query language, structure Query Language) can be used for querying data to obtain analysis results of flow data of corresponding parameters;
Finally, adding the analysis result to a flow analysis page, and providing the flow analysis page: an interface in SPRINGBOOT can be called, the analysis result of the acquired flow data is added to a flow analysis page, and the flow analysis page is provided for analysis and display. The dimension of the analysis presentation may be the customer dimension: customer ingress and egress traffic, national operator traffic distribution, IP attribute-egress operator traffic distribution, egress operator-destination operator traffic distribution, etc. for example TOP 50; it may also be the operator dimension: such as country-to-destination carrier traffic distribution, customer duty cycle, device interface duty cycle, etc.; also the interface dimensions: such as device-interface traffic distribution, interface ingress and egress traffic distribution variation, IPTop10& & customer duty cycle, egress operator-destination operator-traffic distribution, etc. The specific data may be displayed in a rectangular vertical drawing, sang Jitu, bar graph, pie chart, line graph, etc., which is not limited in this application.
The scheme can help network management personnel to better, intuitively and rapidly analyze and monitor whether the network equipment has faults, network problems and the like, and can not influence enterprises so as to rapidly respond and process corresponding equipment to repair the faults. Because a new network flow data processing method is adopted, a new network flow data processing system is constructed, so that the processing of the flow data is more refined, the network flow data can be used as a single primitive element union to form a data image, and a plurality of attribute values of the network flow data are displayed in a multi-dimensional data form. Therefore, the purposes of processing results are various and monitoring the flow data of a plurality of network interfaces can be realized, the processing speed of the network flow data is improved, and the limitation of the existing network management system on the analysis function technology of each attribute value and flow direction of the network flow data is overcome.
The execution body of the embodiment of the present application may be an application, a service, an instance, a functional module in a software form, a Virtual Machine (VM), a container, a cloud server, or the like, or a hardware device (such as a server or a terminal device) or a hardware chip (such as a CPU, GPU, FPGA, NPU, AI accelerator card or a DPU) with a data processing function, or the like. The apparatus for implementing network traffic processing may be deployed on a computing device of an application side providing a corresponding service or a cloud computing platform providing computing power, storage and network resources, and a mode of external service provided by the cloud computing platform may be IaaS (Infrastructure as aService ), paaS (Platform as a Service, platform as a service), saaS (Software as aService ) or DaaS (Data as a Service, data as a service). Taking the example that the platform provides SaaS software as a service (Software as a Service), the cloud computing platform can provide training of a network traffic processing model or functional execution of a network traffic processing module by utilizing own computing resources, and a specific application architecture can be built according to service requirements. For example, the platform may provide a build service based on the model to an application or individual using the platform resources, further invoking the model and implementing functions of online or offline network traffic processing based on network traffic processing requests submitted by devices such as relevant clients or servers.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region, and provide corresponding operation entries for the user to select authorization or rejection.
The following describes the technical solution of the present application and how the technical solution of the present application solves the foregoing technical problems in detail with specific embodiments. The specific embodiments illustrated may be combined with one another and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
An embodiment of the present application provides a method for processing network traffic, and fig. 2 is a flowchart of a method for processing network traffic in an embodiment of the present application. As shown in fig. 2, the method includes:
in step S201, traffic data transmitted in a cloud computing device cluster is acquired.
The cloud computing device cluster related to the embodiment of the application may be a cluster of a plurality of cloud virtual servers, or may be a cluster of a plurality of physical servers for cloud computing, which is not limited in this application, as long as the cloud computing device cluster can be connected with the internet and generates network traffic; the cloud computing device can integrate and coordinate various storage devices in the internet through the functions of cluster application, grid technology or a distributed file system and the like, and realize the functions of access and link together, and the cloud computing device is not limited in any way.
The type of the traffic data involved in the transmission may be a flooding traffic, an accurate traffic, or a public domain traffic, a private domain traffic, which is not limited in this application.
In one embodiment of the present application, the manner of acquiring traffic data transmitted in a cloud computing device cluster may be implemented by installing PMACCT, for example: and aiming at NETFLOE flow data sent by each machine room equipment router, one AGNET is deployed in each machine room, and PMACT is installed for receiving the flow data sent by NETFLOW. The configuration file in PMACCT forwards the traffic data to the logtable corresponding to the IP by identifying the IP of the acquired traffic data.
Wherein PMACCT is a passive network monitoring tool that measures account classification, aggregation, and derived IPv4 (internet protocol version 4) and IPv6 (internet protocol version 6,Internet Protocol version,6) traffic. The pluggable architecture in PMACCT makes data collection very flexible, a table or SQL database that can be stored in memory, and the exit protocol of the passing NetFlow or remote collector sFlow. PMACCT supports fully custom historical data crashes, stream sampling, filtering and marking, recovery operations and triggers. The IPv4 is also called as a fourth version of the Internet communication protocol, is a fourth revised version in the development process of the Internet protocol, and is also a widely deployed version of the first protocol; IPv4 is the core of the internet and is also the most widely used version of the internet protocol, and its subsequent version is IPv6, and until 2011, the address of IANA IPv4 is completely used up, and IPv6 is still in the beginning of deployment.
In a possible implementation manner, the acquiring traffic data transmitted in the cloud computing device cluster may acquire the traffic data transmitted in the cloud computing device cluster by accessing traffic monitoring software installed in the cloud computing device cluster, where the traffic monitoring software is configured to acquire the traffic data transmitted by a router connected to the cloud computing device cluster.
The flow monitoring software may be NetFlow network flow monitoring software with a function of continuously monitoring network flow, where NetFlow is used to collect the number and information of IP packets entering and leaving a network interface, and by analyzing the information collected by NetFlow, a network manager can know the source and destination of the packets, the type of network service, and the cause of network congestion; or the method can be a Sflow for random sampling; as long as the traffic monitoring software can obtain traffic data transmitted in the cloud computing device cluster, the application does not limit the traffic data.
In step S202, the traffic data is matched with a geographic location database, and geographic location information included in the traffic data is acquired.
The geographic location database referred to in the embodiments of the present application may be an official geographic location database, for example, a geographic location database GEOIP database in China.
In one embodiment of the present application, a log tash tool is used to match traffic data received by the log tash with a GEOIP library, and obtain geographic location information included in the traffic data. May include IP, longitude, latitude, country, city, or even destination operator, and integrate the matched traffic data and send it to the KAFKA cache. The LOGSTASH tool is an open-source data collection tool with real-time pipeline capability, and can dynamically unify data from different sources and normalize the data to a selected target output.
In step S203, the traffic data is subjected to information matching, and service information corresponding to the traffic data is determined, where the service information includes at least one of equipment information, operator information, and service user information corresponding to the traffic data.
In a possible implementation manner, the step of performing information matching on the traffic data to determine service information corresponding to the traffic data may first buffer the traffic data to a first data queue; and then carrying out information matching on the flow data according to the sequence of the first data queue, and determining the corresponding service information.
In an embodiment, according to the method, the step of performing information matching on the traffic data to determine service information corresponding to the traffic data may further include: caching the determined service information to a second data queue; the method for analyzing the traffic data according to the geographic position information and the traffic information, which are used as the analysis result of the traffic data, is transmitted to a distributed storage server for storage, and further comprises the following steps: and acquiring service information from the second data queue, and sending the geographic position information and the service information to a distributed storage server for storage.
The geographic location information related to the embodiment of the application may include IP, longitude, latitude, country, city, and may also include a destination operator, which is not limited in this application, depending on the information dimensions that can be matched in the geographic location database.
The related service information may include at least one of device information, operator information, and service user information corresponding to the traffic data, for example, a device, an operator corresponding to the interface, a client name, a client UUID (Universally Unique Identifier, a universal unique identifier), an IP attribute, a machine room, a destination operator, a device name, a device port name, and the like.
In one embodiment of the present application, a KAFKA data caching tool is used. For example, other information matching is performed on the traffic data after the matching integration of the LOGSTASH, and service information corresponding to the traffic data received by KAFKA is determined, wherein the service information comprises at least one of equipment information, operator information and service user information corresponding to the traffic data: KAFKA includes two topic, one is original data and the other is data after FLINK matching, and FLINK matching data mainly includes matching equipment, operators corresponding to interfaces, customer names, customer UUIDs, IP attributes, machine rooms, destination operators, equipment names, equipment port names and the like in combination with CMDB databases. The processing procedure may be that KAFKA caches received traffic data with determined geographic location information as original data into a first topic, and the FLINK performs information matching on the received traffic data according to the ordering of the first topic, determines service information corresponding to the received traffic data, and then caches the received traffic data with determined geographic location information and service information into a second topic for caching.
The KAFKA referred to herein may be understood as a distributed streaming platform running on a cluster of one or more servers, and the partitions may be distributed across cluster nodes. It is widely used with various features such as high throughput, persistence, horizontal expansion, support of streaming data processing, etc., and currently, more and more open source distributed processing systems support integration with KAFKA. The KAFKA stored messages come from any number of processes called Producer producers. The data can thus be published to different Partition partitions under different topic topics. Within a partition, these messages are indexed and stored together with a timestamp. Other processes, called Consumer, may subscribe to the message from the partition. topic is understood to mean a queue that sorts messages, the producer and consumer facing the same topic.
The related FLINK original function can process data and manage the data offset. However, in the embodiment of the present application, the application makes a certain improvement on the tool, and applies the FLINK tool to match with other data, which is a usage mode of the FLINK tool that is not easily thought of by those skilled in the art.
The CMDB database is a logical database Configuration Management Database, the chinese name can be called configuration management database, and stores and manages various configuration information of devices in the enterprise IT architecture, and is closely associated with all service support and service delivery flows, so as to support the operation of the flows and exert the value of the configuration information, and meanwhile, ensure the accuracy of data depending on the related flows. CMDB software focuses on the management of information (collection, integration, recording, maintenance, inspection, updating, etc.), and CMDB databases focuses on the physical storage of information, both of which are closely related. However, in the embodiment of the present application, the present application makes a certain improvement on the database, and increases the service information collected by the network manager/enterprise in the present application, including the device, the carrier corresponding to the interface, the client name, the client UUID, the IP attribute, the machine room, the destination carrier, the device name, the device port name, and so on, so that the FLINK tool may perform data matching with the CMDB database.
In step S204, the geographical location information and the service information are transmitted to a distributed storage server as the analysis result of the traffic data and stored.
The distributed storage server according to the embodiment of the present application may be a plurality of physical servers deployed in a plurality of machine rooms, or may be a virtual server in a cloud, which is not limited in this application; the device port number INDEX of each server for storing the data IP and the corresponding data source may be different, so as to facilitate classified storage of the data and subsequent retrieval of the data.
In a possible implementation manner, the sending the geographic location information and the service information as the analysis result of the traffic data to the distributed storage server for storage may include: and calling a data table writing component, and writing the geographic position information and the service information serving as analysis results of the flow data into a data table of the distributed storage server.
In an embodiment of the present application, the geographical location information and the service information are sent to a distributed storage server to be stored as an analysis result of the traffic data, and a Hangout tool may be used to send, according to the IP of the traffic data, the traffic data received from the second topic of the KAFKA to a corresponding clikhouse database. The clikhouse database corresponds to a total information table, and in this embodiment, the clikhouse database is placed in a plurality of devices in a plurality of machine rooms, and the data is stored in a distributed storage server. Each storage server corresponds to a plurality of data tables, so that data display on a final page is facilitated.
The Hangaut tool can configure and receive data sent by KAFKA and then send the data to the corresponding CLICKHOUSE database. The Hangout tool is provided with a configuration file, and can send the flow data received from the second topic of KAFKA to the corresponding CLICKHOUSE database according to the IP of the flow data.
The CLICKHOUSE database is an open-source column database, adopts column storage, can ensure consistent data types, has higher compression performance and high hardware utilization rate, can improve the efficiency and CPU utilization rate of a disk drive, and performs multi-core multi-node parallelization large query.
In step S205, the analysis result of the corresponding flow data is acquired according to the acquisition request of the analysis result of the flow data.
The obtaining request related to the embodiment of the present application may be an obtaining request operated by a web end user or a network manager at a web end, which is not limited in this application.
In one embodiment of the present application, according to an obtaining request for the analysis result of the above flow data, obtaining a corresponding analysis result of the flow data, a SPRINGBOOT tool may be used to configure a web page calling interface, where a component for connecting data may be configured in the interface, and information such as IP, a port, a user name, a password, etc. may be configured in the component to connect to a clikhouse database, and an obtaining request parameter of the web client/network manager for the analysis result of the above flow data is transferred to the clikhouse database; meanwhile, SQL query data can be used to obtain analysis results of flow data of corresponding parameters.
The SPRINGBOOT tool is one tool for writing code and setting interface in JAVA language. Through the configured network interface, the CLICKHOUSE database can be connected, the analysis result of the acquired flow data is added to a flow analysis page, and the flow analysis page is provided for analysis and display.
In step S206, the analysis result is added to the flow analysis page, and the flow analysis page is provided.
In a possible implementation manner, adding the analysis result to the traffic analysis page may include: classifying analysis results of the flow data of the cloud computing equipment cluster according to data dimensions; and adding the classified analysis result to a flow analysis page.
In one embodiment of the present application, the analysis result is added to a flow analysis page and the flow analysis page is provided, an interface in the SPRINGBOOT may be called, and the analysis result of the acquired flow data is added to the flow analysis page and the flow analysis page is provided to perform analysis display. The dimension of the analysis presentation may be the customer dimension: customer ingress and egress traffic, national operator traffic distribution, IP attribute-egress operator traffic distribution, egress operator-destination operator traffic distribution, etc. for example TOP 50; it may also be the operator dimension: such as country-to-destination carrier traffic distribution, customer duty cycle, device interface duty cycle, etc.; also the interface dimensions: such as device-interface traffic distribution, interface ingress and egress traffic distribution variation, IPTop10& customer duty cycle, egress carrier-destination carrier-traffic distribution, etc., which are not intended to be limiting in any way. The specific data may be displayed in a rectangular vertical drawing, sang Jitu, bar graph, pie chart, line graph, etc., which is not limited in this application.
Optionally, before adding the analysis result to the traffic analysis page and providing the traffic analysis page, the method may further include: and carrying out data statistics on the analysis result of the flow data of the cloud computing equipment cluster to obtain a statistical analysis result. In an embodiment, the statistical analysis results may be stored in a cloud computing device cluster.
Corresponding to the application scene and the method of the method provided by the embodiment of the application, the embodiment of the application also provides a device for processing the network traffic. Fig. 3 is a block diagram of a network traffic processing apparatus according to an embodiment of the present application, where the apparatus may include:
the traffic data acquisition module 301 is configured to acquire traffic data transmitted in the cloud computing device cluster.
The geographic position matching module 302 is configured to match the traffic data with a geographic position database, and obtain geographic position information included in the traffic data.
The service information matching module 303 is configured to perform information matching on the traffic data, and determine service information corresponding to the traffic data, where the service information includes at least one of equipment information, operator information, and service user information corresponding to the traffic data.
And the analysis result storage module 304 is configured to send the geographical location information and the service information as analysis results of the traffic data to a distributed storage server for storage.
The analysis result obtaining module 305 is configured to obtain an analysis result of the corresponding flow data according to the request for obtaining the analysis result of the flow data.
The analysis result display module 306 is configured to add the analysis result to the traffic analysis page, and provide the traffic analysis page.
In a possible implementation manner, the flow data obtaining module 301 may include:
the traffic data monitoring sub-module is used for acquiring traffic data transmitted in the cloud computing equipment cluster by accessing traffic monitoring software installed in the cloud computing equipment cluster, and the traffic monitoring software is used for acquiring traffic data transmitted by a router connected with the cloud computing equipment cluster.
In a possible implementation manner, the service information matching module 303 may include:
the first queue buffer sub-module is used for buffering the traffic data to a first data queue;
and the queue data matching sub-module is used for carrying out information matching on the flow data according to the sequence of the first data queue and determining the corresponding service information.
In an embodiment, the service information matching module 303 may further include:
and the second queue buffering sub-module is used for buffering the determined service information to a second data queue.
In an embodiment, the analysis result storage module 304 may further include:
and the queue information sending sub-module is used for acquiring service information from the second data queue and sending the geographic position information and the service information to the distributed storage server for storage.
In one possible implementation, the analysis result storage module 304 may include:
and the analysis result writing sub-module is used for calling a data table writing component and writing the geographical position information and the service information serving as analysis results of the flow data into a data table of the distributed storage server.
In one possible implementation, the analysis result display module 306 may include:
the analysis result classification sub-module is used for classifying the analysis results of the flow data of the cloud computing equipment cluster according to the data dimension;
and the analysis result adding sub-module is used for adding the classified analysis results to the flow analysis page.
In a possible implementation manner, before the adding the analysis result to a traffic analysis page and providing the traffic analysis page, the apparatus may further include:
And the analysis result statistics module is used for carrying out data statistics on the analysis results of the flow data of the cloud computing equipment cluster so as to obtain the statistical analysis results.
The functions of each module in each device of the embodiments of the present application may be referred to the corresponding descriptions in the above methods, and have corresponding beneficial effects, which are not described herein.
Corresponding to the application scenario and the method of the method provided by the embodiment of the application, the embodiment of the application also provides a computing device, which comprises a memory, a processor and a computer program stored on the memory, wherein the processor realizes the method of any embodiment of the application when executing the computer program. FIG. 4 is a block diagram of a computing device electronic device used to implement embodiments of the present application. As shown in fig. 4, the cloud computing electronic device includes:
a memory 401 and a processor 402, the memory 401 stores a computer program executable on the processor 402. The processor 402, when executing the computer program, implements the methods of the above-described embodiments. The number of memories 401 and processors 402 may be one or more.
The electronic device further includes:
and the communication interface 403 is used for communicating with external equipment and carrying out data interaction transmission.
If the memory 401, the processor 402, and the communication interface 403 are implemented independently, the memory 401, the processor 402, and the communication interface 403 may be connected to each other by a bus and perform communication with each other. The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 4, but not only one bus or one type of bus.
Alternatively, in a specific implementation, if the memory 401, the processor 402, and the communication interface 403 are integrated on a chip, the memory 401, the processor 402, and the communication interface 403 may complete communication with each other through internal interfaces.
Embodiments of the present application also provide a computer device readable storage medium storing a computer program which, when executed by a processor, implements the method provided in any of the embodiments of the present application.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements the method described in any of the embodiments of the present application.
The embodiment of the application also provides a chip, which comprises a processor and is used for calling the instructions stored in the memory from the memory and running the instructions stored in the memory, so that the communication device provided with the chip executes the method provided by the embodiment of the application.
The embodiment of the application also provides a chip, which comprises: the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the processor is used for executing the method provided by the application embodiment.
It should be appreciated that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Srocessing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field Programmable gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an advanced reduced instruction set machine (Advanced RISC Machines, ARM) architecture.
Further, optionally, the memory may include a read-only memory and a random access memory, and may further include a nonvolatile random access memory. The memory may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), programmable ROM (PROM), erasable Programmable ROM (EPROM), electrically Erasable EPROM (EEPROM), or flash Memory, among others. Volatile memory can include random access memory (Random Access Memory, RAM), which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available. For example, static RAM (SRAM), dynamic RAM (Dynamic Random Access Memory, DRAM), synchronous DRAM (SDRAM), double Data Rate Synchronous DRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and Direct RAM (DR RAM).
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. Furthermore, embodiments of the present application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The computer program product includes one or more computer instructions. The processes or functions in accordance with the present application result, in whole or in part, when the computer program instructions are loaded and executed on a computing device/computer. The computing device/computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. Computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present specification, reference to the terms "one embodiment," "an embodiment," "some embodiments," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
Any process or method description in a flowchart or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process. And the scope of the preferred embodiments of the present application includes additional implementations in which functions may be performed in a substantially simultaneous manner or in an opposite order from that shown or discussed, including in accordance with the functions that are involved.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. All or part of the steps of the methods of the embodiments described above may be performed by a program that, when executed, comprises one or a combination of the steps of the method embodiments, instructs the associated hardware to perform the method.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules described above, if implemented in the form of software functional modules and sold or used as a stand-alone product, may also be stored in a computer-readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
While the preferred embodiments of the present embodiments have been described, those skilled in the art will recognize that additional changes and modifications can be made to these embodiments, once the basic inventive concepts are known, and that the scope of the present application is not limited to the embodiments, and that the principles and embodiments of the present application have been set forth in this specification and are intended to be illustrative only of the principles and implementations of the present application. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all alterations and modifications as fall within the scope of the embodiments of the present application; also, various modifications and substitutions will occur to those skilled in the art, which, in light of the teachings of this application, are intended to be within the scope of this application. In view of the foregoing, the disclosure should not be construed as limiting the application, which is set forth in the following claims.
Claims (10)
1. A method for processing network traffic, comprising:
acquiring traffic data transmitted in a cloud computing device cluster;
matching the flow data with a geographic position database to obtain geographic position information included in the flow data;
performing information matching on the flow data, and determining service information corresponding to the flow data, wherein the service information comprises at least one of equipment information, operator information and service user information corresponding to the flow data;
the geographic position information and the business information are used as analysis results of the flow data and are sent to a distributed storage server for storage;
acquiring the analysis result of the corresponding flow data according to the acquisition request of the analysis result of the flow data;
and adding the analysis result to a flow analysis page, and providing the flow analysis page.
2. The method of claim 1, wherein the obtaining traffic data transmitted in the cloud computing device cluster comprises:
the traffic monitoring software installed in the cloud computing device cluster is accessed to obtain traffic data transmitted in the cloud computing device cluster, and the traffic monitoring software is used for obtaining traffic data transmitted with a router connected in the cloud computing device cluster.
3. The method of claim 1, wherein the performing information matching on the traffic data, and determining service information corresponding to the traffic data comprises:
caching the traffic data to a first data queue;
and carrying out information matching on the flow data according to the ordering of the first data queue, and determining the corresponding service information.
4. The method of claim 3, wherein the performing information matching on the traffic data, and determining service information corresponding to the traffic data further comprises:
caching the determined service information to a second data queue;
the sending the geographic position information and the service information to the distributed storage server as the analysis result of the flow data for storage comprises the following steps:
and acquiring the service information from the second data queue, and sending the geographic position information and the service information to a distributed storage server for storage.
5. The method of claim 1, wherein sending the geographic location information and the traffic information to a distributed storage server for storage as a result of the analysis of the traffic data comprises:
And calling a data table writing component, and writing the geographic position information and the service information serving as analysis results of the flow data into a data table of the distributed storage server.
6. The method of claim 1, wherein the adding the analysis result to a traffic analysis page comprises:
classifying analysis results of flow data of the cloud computing device cluster according to data dimensions;
and adding the classified analysis result to a flow analysis page.
7. The method of claim 1, wherein prior to said adding the analysis result to a traffic analysis page and providing the traffic analysis page, the method further comprises:
and carrying out data statistics on the analysis result of the flow data of the cloud computing equipment cluster to obtain a statistical analysis result.
8. A processing apparatus for network traffic, comprising:
the flow data acquisition module is used for acquiring flow data transmitted in the cloud computing equipment cluster;
the geographic position matching module is used for matching the flow data with a geographic position database to acquire geographic position information included in the flow data;
The service information matching module is used for carrying out information matching on the flow data and determining service information corresponding to the flow data, wherein the service information comprises at least one of equipment information, operator information and service user information corresponding to the flow data;
the analysis result storage module is used for sending the geographic position information and the business information to a distributed storage server for storage as analysis results of the flow data;
the analysis result acquisition module is used for acquiring the analysis result of the corresponding flow data according to the acquisition request of the analysis result of the flow data;
and the analysis result display module is used for adding the analysis result to a flow analysis page and providing the flow analysis page.
9. A computing device comprising a memory, a processor and a computer program stored on the memory, the processor implementing the method of any one of claims 1-7 when the computer program is executed.
10. A computing device readable storage medium having stored therein a computer program which, when executed by a processor, implements the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310109341.1A CN116170352A (en) | 2023-02-01 | 2023-02-01 | Network traffic processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310109341.1A CN116170352A (en) | 2023-02-01 | 2023-02-01 | Network traffic processing method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116170352A true CN116170352A (en) | 2023-05-26 |
Family
ID=86415907
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310109341.1A Pending CN116170352A (en) | 2023-02-01 | 2023-02-01 | Network traffic processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116170352A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117896284A (en) * | 2024-01-17 | 2024-04-16 | 北京奇虎科技有限公司 | Performance fluctuation positioning method, device, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546326A (en) * | 2013-11-04 | 2014-01-29 | 北京中搜网络技术股份有限公司 | Website traffic statistic method |
| CN107104852A (en) * | 2017-03-28 | 2017-08-29 | 深圳市神云科技有限公司 | Monitor the method and device of cloud platform virtual network environment |
| US20180287903A1 (en) * | 2017-03-29 | 2018-10-04 | Ca, Inc. | Adjusting monitoring based on inspection of network traffic |
| US20180375740A1 (en) * | 2016-03-02 | 2018-12-27 | Huawei Technologies Co., Ltd. | Network device management method and apparatus |
| CN111181799A (en) * | 2019-10-14 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Network traffic monitoring method and equipment |
| CN112714118A (en) * | 2020-12-24 | 2021-04-27 | 新浪网技术(中国)有限公司 | Network flow detection method and device |
| CN112751835A (en) * | 2020-12-23 | 2021-05-04 | 石溪信息科技(上海)有限公司 | Traffic early warning method, system, equipment and storage device |
| CN113162818A (en) * | 2021-02-01 | 2021-07-23 | 国家计算机网络与信息安全管理中心 | Method and system for realizing distributed flow acquisition and analysis |
| CN114465741A (en) * | 2020-11-09 | 2022-05-10 | 腾讯科技(深圳)有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| CN114598512A (en) * | 2022-02-24 | 2022-06-07 | 烽台科技(北京)有限公司 | Honeypot-based network security guarantee method and device and terminal equipment |
| US11489780B1 (en) * | 2020-11-30 | 2022-11-01 | Amazon Technologies, Inc. | Traffic estimations for backbone networks |
-
2023
- 2023-02-01 CN CN202310109341.1A patent/CN116170352A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546326A (en) * | 2013-11-04 | 2014-01-29 | 北京中搜网络技术股份有限公司 | Website traffic statistic method |
| US20180375740A1 (en) * | 2016-03-02 | 2018-12-27 | Huawei Technologies Co., Ltd. | Network device management method and apparatus |
| CN107104852A (en) * | 2017-03-28 | 2017-08-29 | 深圳市神云科技有限公司 | Monitor the method and device of cloud platform virtual network environment |
| US20180287903A1 (en) * | 2017-03-29 | 2018-10-04 | Ca, Inc. | Adjusting monitoring based on inspection of network traffic |
| CN111181799A (en) * | 2019-10-14 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Network traffic monitoring method and equipment |
| CN114465741A (en) * | 2020-11-09 | 2022-05-10 | 腾讯科技(深圳)有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| US11489780B1 (en) * | 2020-11-30 | 2022-11-01 | Amazon Technologies, Inc. | Traffic estimations for backbone networks |
| CN112751835A (en) * | 2020-12-23 | 2021-05-04 | 石溪信息科技(上海)有限公司 | Traffic early warning method, system, equipment and storage device |
| CN112714118A (en) * | 2020-12-24 | 2021-04-27 | 新浪网技术(中国)有限公司 | Network flow detection method and device |
| CN113162818A (en) * | 2021-02-01 | 2021-07-23 | 国家计算机网络与信息安全管理中心 | Method and system for realizing distributed flow acquisition and analysis |
| CN114598512A (en) * | 2022-02-24 | 2022-06-07 | 烽台科技(北京)有限公司 | Honeypot-based network security guarantee method and device and terminal equipment |
Non-Patent Citations (1)
| Title |
|---|
| 张绍华,潘蓉,宗宇伟: "《大数据技术与应用 大数据治理与服务》", 上海科学技术出版社, pages: 154 - 155 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117896284A (en) * | 2024-01-17 | 2024-04-16 | 北京奇虎科技有限公司 | Performance fluctuation positioning method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10693734B2 (en) | Traffic pattern detection and presentation in container-based cloud computing architecture | |
| CN104365058B (en) | For the system and method in multinuclear and group system high speed caching SNMP data | |
| CN104620539B (en) | System and method for supporting SNMP requests by cluster | |
| CN110659109B (en) | System and method for monitoring openstack virtual machine | |
| US20180287920A1 (en) | Intercepting application traffic monitor and analyzer | |
| CN108900374B (en) | Data processing method and device applied to DPI equipment | |
| US11188443B2 (en) | Method, apparatus and system for processing log data | |
| US20120026914A1 (en) | Analyzing Network Activity by Presenting Topology Information with Application Traffic Quantity | |
| CN112632129A (en) | Code stream data management method, device and storage medium | |
| US20140337471A1 (en) | Migration assist system and migration assist method | |
| CN114389792B (en) | WEB log NAT (network Address translation) front-back association method and system | |
| WO2020258982A1 (en) | Method and system for analyzing security log of base station, and computer-readable storage medium | |
| CN117389830A (en) | Cluster log acquisition method and device, computer equipment and storage medium | |
| CN110633195A (en) | Performance data display method and device, electronic equipment and storage medium | |
| IL268670A (en) | Automatic server cluster discovery | |
| CN116170352A (en) | Network traffic processing method and device, electronic equipment and storage medium | |
| CN113596078A (en) | Service problem positioning method and device | |
| US11665078B1 (en) | Discovery and tracing of external services | |
| US9882868B1 (en) | Domain name system network traffic management | |
| CN109560940B (en) | Charging method and device for content delivery network CDN service | |
| CN106156258B (en) | Method, device and system for counting data in distributed storage system | |
| US9893945B2 (en) | Process system for constructing network structure deployment diagram and method thereof and computer program product storing analysis program of network structure deployment | |
| CN108347465B (en) | Method and device for selecting network data center | |
| CN112671949B (en) | Method and system for associating NAT front-back session according to syslog log | |
| WO2022152230A1 (en) | Information flow identification method, network chip, and network device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230526 |
|
| RJ01 | Rejection of invention patent application after publication |