CN113542092A - Openstack-based automatic drainage method - Google Patents
Openstack-based automatic drainage method Download PDFInfo
- Publication number
- CN113542092A CN113542092A CN202110582470.3A CN202110582470A CN113542092A CN 113542092 A CN113542092 A CN 113542092A CN 202110582470 A CN202110582470 A CN 202110582470A CN 113542092 A CN113542092 A CN 113542092A
- Authority
- CN
- China
- Prior art keywords
- traffic
- destination port
- openstack
- virtual
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
- H04L12/4625—Single bridge functionality, e.g. connection of two networks over a single bridge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an automatic drainage method based on openstack, which comprises the following steps: creating and adding a virtual switch bridge, wherein the virtual switch bridge is used for forwarding the acquired flow to a specified destination port; acquiring the virtual network card information of a new virtual machine every time the virtual machine is created; creating a mirror image and appointing a source port and a destination port in the mirror image; adding the obtained virtual network card information list to a source port in the mirror image, and binding the mirror image to a newly created virtual switch network bridge; monitoring the traffic condition of a destination port in real time, and filtering unimportant information in the traffic through a virtual switch bridge when the traffic of the destination port is increased and the performance occupation is higher; and forwarding the traffic under the destination port to physical tap equipment, and receiving the traffic and filtering important information by the tap equipment. The method solves the problems of conflict among a large number of tasks at the same time and monitoring of east-west flow under the condition of reasonably utilizing server resources.
Description
Technical Field
The invention belongs to the technical field of networks, and particularly relates to an automatic drainage method based on openstack.
Background
Early data center traffic was mostly north-south traffic, but now gradually has transitioned to east-west traffic, primarily because: with the arrival of cloud computing, abundant services have great impact on a traffic model of a data center, and a large number of servers are required to form a cluster system to complete work cooperatively, so that traffic among the servers becomes very large. The method brings challenges in aspects of network operation and maintenance monitoring, network operation, network security and the like.
The traditional monitoring or security solution is generally based on monitoring or security protection of a fixed physical boundary, and then corresponds to a cloud computing data center, that is, only the problem of north-south traffic is solved, but the monitoring and security protection of east-west traffic is lacked, for example, traffic between two virtual machines in the same host in openstack cannot be obtained, so that traffic information between them cannot be analyzed, and the disadvantage is that: in the prior art, conflicts between the acquisition strategies issued by the openstack and other service strategies may be influenced, the number of the strategies to be issued is large, and the management difficulty is high. Meanwhile, collecting the forwarded traffic causes a large amount of performance occupation and high bandwidth occupation.
Disclosure of Invention
In view of the above, the first aspect of the present invention aims to provide an openstack-based automated drainage method. Under the condition of reasonably utilizing server resources, the method can solve the conflict among a large number of tasks at the same time, ensure that the correct execution of the tasks cannot be influenced by other tasks, simultaneously can not cause interference to flow acquisition, forwarding and filtering of the whole cloud platform, and solve the problem of monitoring the east-west flow of the openstack cloud platform.
The purpose of the first aspect of the invention is realized by the following technical scheme:
an automatic drainage method based on openstack comprises the following steps:
step S1: creating and adding a virtual switch bridge, wherein the virtual switch bridge is used for forwarding the acquired flow to a specified destination port;
step S2: monitoring the condition that the openstack cloud platform creates the virtual machine in real time, and acquiring the virtual network card information of the virtual machine whenever a new virtual machine is created;
step S3: configuring a port mirror image;
step S4: monitoring the traffic condition of a destination port in real time, and filtering unimportant information in the traffic through a virtual switch bridge when the traffic of the destination port is increased and the performance occupation is higher;
step S5: and forwarding the traffic under the destination port to physical tap equipment, and receiving the traffic and filtering important information by the tap equipment.
Further, the step S3 includes the following sub-steps:
step S31, creating a mirror image and appointing a source port and a destination port in the mirror image;
step S32: adding all the obtained virtual network card information lists to source ports in the mirror images, and binding the mirror images to the newly created virtual switch network bridge;
step S33: and designating a destination port, and forwarding the traffic collected from the source port to the designated destination port.
Further, the tap equipment returns dangerous data information in the flow to the user in an alarm mode.
Further, in step S4, the virtual switch bridge is preset with some types of unimportant information flags for filtering traffic.
Further, in the step S4, the unimportant information includes PING information.
It is another object of the present invention to provide a computer apparatus, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the computer program to implement the method as described above.
It is a further object of the invention to provide a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the method as set forth above.
The invention has the beneficial effects that:
1) the scheme can realize the flow mirror image of network equipment such as tap equipment, a network bridge, a vlan and the like through configuration, and can assign a corresponding monitoring port through configuration, so that the cost is low, and no network equipment is required to be added;
2) fault protection, when the acquisition system or the monitoring port has faults, no influence is caused on the existing network and service;
3) when packet loss may occur due to performance problems, the automatic filtering point does not need important information, so that the collection and forwarding of the key flow data are ensured.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the present invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are illustrative of the invention only and are not limiting upon the scope of the invention.
As shown in the figure, the automatic drainage method based on openstack of the invention comprises the following steps:
step S1, creating and adding a virtual switch bridge, wherein the virtual switch bridge is used for forwarding the collected flow to a specified destination port;
step S2, monitoring the condition that the openstack cloud platform creates the virtual machine in real time, and acquiring the virtual network card information of the virtual machine whenever a new virtual machine is created;
step S3, configuring port mirror image; the method comprises the following specific substeps:
step S31, creating a mirror image and appointing a source port and a destination port in the mirror image;
step S32: adding all the obtained virtual network card information lists to source ports in the mirror images, and binding the mirror images to the newly created virtual switch network bridge;
step S33, appointing the destination port, and transmitting the collected flow from the source port to the appointed destination port;
step S4, monitoring the traffic condition of the destination port in real time, and filtering unimportant information (e.g. ping information) in the traffic through a virtual switch bridge when the traffic of the destination port becomes larger and the performance occupation is higher, wherein the virtual switch bridge is preset with a plurality of types of unimportant information marks for filtering the traffic;
and step S5, forwarding the traffic under the destination port to the physical tap equipment, receiving the traffic by the tap equipment, filtering out important information, and returning dangerous data information in the traffic to the user in an alarm mode.
In step 4, a plurality of classes of unimportant information labels for filtering traffic are preset on the virtual switch bridge.
Under the condition of reasonably utilizing server resources, the method solves the conflict among a large number of tasks at the same time, ensures that the correct execution of the tasks is not influenced by other tasks, does not interfere the flow acquisition, forwarding and filtering of the whole cloud platform, and solves the problem of monitoring the east-west flow of the openstack cloud platform; its advantages include: 1) the scheme can realize the flow mirror image of network equipment such as tap equipment, a network bridge, a vlan and the like through configuration, can appoint a corresponding monitoring port through configuration, has low cost and does not need to add any network equipment. 2) And fault protection, namely when the acquisition system or the monitoring port has faults, the existing network and service are not influenced. 3) When packet loss may occur due to performance problems, the automatic filtering point does not need important information, so that the collection and forwarding of the key flow data are ensured.
Any process or method descriptions in flow charts or otherwise herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, and the program may be stored in a computer readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
Finally, the above embodiments are only intended to illustrate the technical solutions of the present invention and not to limit the present invention, and although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions, and all of them should be covered by the claims of the present invention.
Claims (8)
1. An automatic drainage method based on openstack is characterized in that: the method comprises the following steps:
step S1: creating and adding a virtual switch bridge, wherein the virtual switch bridge is used for forwarding the acquired flow to a specified destination port;
step S2: monitoring the condition that the openstack cloud platform creates the virtual machine in real time, and acquiring the virtual network card information of the virtual machine whenever a new virtual machine is created;
step S3: configuring a port mirror image;
step S4: monitoring the traffic condition of a destination port in real time, and filtering unimportant information in the traffic through a virtual switch bridge when the traffic of the destination port is increased and the performance occupation is higher;
step S5: and forwarding the traffic under the destination port to physical tap equipment, and receiving the traffic and filtering important information by the tap equipment.
2. The openstack-based automatic drainage method according to claim 1, characterized in that: the step S3 includes the following substeps:
step S31, creating a mirror image and appointing a source port and a destination port in the mirror image;
step S32: adding all the obtained virtual network card information lists to source ports in the mirror images;
step S33: and designating a destination port, and forwarding the traffic collected from the source port to the designated destination port.
3. The openstack-based automatic drainage method according to claim 1, characterized in that: and the tap equipment returns the dangerous data information in the flow to the user in an alarm mode.
4. The openstack-based automatic drainage method according to claim 1, characterized in that: in step S4, the virtual switch bridge is pre-configured with a plurality of classes of unimportant information tags for filtering traffic.
5. The openstack-based automatic drainage method according to claim 1, characterized in that: in step S4, the unimportant information includes PING information.
6. The openstack-based automatic drainage method according to claim 2, characterized in that: in step S32, after the source port is added to the image, the method further includes binding the image to the newly created virtual switch bridge.
7. A computer apparatus comprising a memory, a processor, and a computer program stored on the memory and capable of running on the processor, wherein: the processor, when executing the computer program, implements the method of any of claims 1-4.
8. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program, when executed by a processor, implements the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110582470.3A CN113542092A (en) | 2021-05-27 | 2021-05-27 | Openstack-based automatic drainage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110582470.3A CN113542092A (en) | 2021-05-27 | 2021-05-27 | Openstack-based automatic drainage method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113542092A true CN113542092A (en) | 2021-10-22 |
Family
ID=78124409
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110582470.3A Pending CN113542092A (en) | 2021-05-27 | 2021-05-27 | Openstack-based automatic drainage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542092A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143076A (en) * | 2021-11-29 | 2022-03-04 | 全球能源互联网研究院有限公司 | Electric power thing networking safety protection system |
| CN117040933A (en) * | 2023-10-09 | 2023-11-10 | 苏州元脑智能科技有限公司 | Cross-regional network drainage processing method, security processing method, device and equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254176A (en) * | 2016-07-29 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | A kind of traffic mirroring method based on openvswitch |
| CN106982149A (en) * | 2016-12-29 | 2017-07-25 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
| CN107864061A (en) * | 2017-11-15 | 2018-03-30 | 北京易讯通信息技术股份有限公司 | A kind of method of virtual machine port speed constraint and mirror image in private clound |
| CN108494657A (en) * | 2018-04-08 | 2018-09-04 | 苏州云杉世纪网络科技有限公司 | OpenStack cloud platform virtual probe mirror methods based on Open vSwitch |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
| CN109039806A (en) * | 2018-07-13 | 2018-12-18 | 南瑞集团有限公司 | A kind of performance optimization method of message mirror and network monitoring based on SDN |
| US20190280978A1 (en) * | 2018-03-06 | 2019-09-12 | International Business Machines Corporation | Flow management in networks |
| CN111913782A (en) * | 2020-07-29 | 2020-11-10 | 上海云轴信息科技有限公司 | Method and equipment for realizing virtual machine flow mirror image based on tunnel technology |
-
2021
- 2021-05-27 CN CN202110582470.3A patent/CN113542092A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254176A (en) * | 2016-07-29 | 2016-12-21 | 浪潮(北京)电子信息产业有限公司 | A kind of traffic mirroring method based on openvswitch |
| CN106982149A (en) * | 2016-12-29 | 2017-07-25 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
| CN107864061A (en) * | 2017-11-15 | 2018-03-30 | 北京易讯通信息技术股份有限公司 | A kind of method of virtual machine port speed constraint and mirror image in private clound |
| US20190280978A1 (en) * | 2018-03-06 | 2019-09-12 | International Business Machines Corporation | Flow management in networks |
| CN108494657A (en) * | 2018-04-08 | 2018-09-04 | 苏州云杉世纪网络科技有限公司 | OpenStack cloud platform virtual probe mirror methods based on Open vSwitch |
| CN109039806A (en) * | 2018-07-13 | 2018-12-18 | 南瑞集团有限公司 | A kind of performance optimization method of message mirror and network monitoring based on SDN |
| CN108900384A (en) * | 2018-07-20 | 2018-11-27 | 新华三云计算技术有限公司 | Network flow monitoring method, apparatus and system, computer readable storage medium |
| CN111913782A (en) * | 2020-07-29 | 2020-11-10 | 上海云轴信息科技有限公司 | Method and equipment for realizing virtual machine flow mirror image based on tunnel technology |
Non-Patent Citations (1)
| Title |
|---|
| 权武: "TAP分流器和TAP交换机是不是一样的", 《知乎-HTTPS://WWW.ZHIHU.COM/QUESTION/430070190》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143076A (en) * | 2021-11-29 | 2022-03-04 | 全球能源互联网研究院有限公司 | Electric power thing networking safety protection system |
| CN114143076B (en) * | 2021-11-29 | 2024-01-19 | 全球能源互联网研究院有限公司 | Electric power thing networking safety protection system based on virtual switch frame |
| CN117040933A (en) * | 2023-10-09 | 2023-11-10 | 苏州元脑智能科技有限公司 | Cross-regional network drainage processing method, security processing method, device and equipment |
| CN117040933B (en) * | 2023-10-09 | 2024-02-13 | 苏州元脑智能科技有限公司 | Cross-regional network drainage processing method, security processing method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI741505B (en) | Topology processing method, device and system | |
| US20040155899A1 (en) | Method and system for presenting an arrangement of management devices operable in a managed network | |
| CN102420765B (en) | Method and device for determining physical link between switchboard and terminal | |
| CN102387205B (en) | Method and device for locating position of virtual machine | |
| CN109802855B (en) | Fault positioning method and device | |
| CN113542092A (en) | Openstack-based automatic drainage method | |
| WO2015192664A1 (en) | Device monitoring method and apparatus | |
| CN111092752B (en) | Fault positioning method and device spanning multiple network slices | |
| CN113273135B (en) | Network topology discovery in a substation | |
| CN110990110A (en) | Virtual machine creation method and device based on Sriov network card | |
| CN112787853B (en) | Automatic generation method and device of network change scheme and related equipment | |
| US9542200B2 (en) | Dynamic port naming in a chassis | |
| CN109768909A (en) | Message forwarding method and device | |
| CN112448963A (en) | Method, device, equipment and storage medium for analyzing automatic attack industrial assets | |
| CN108089968A (en) | A kind of method of host's machine monitoring virtual-machine data storehouse state | |
| CN106612213A (en) | An equipment test method and apparatus | |
| CN116436790A (en) | Scene target drone network topology detection method and system in network target range | |
| CN108011757A (en) | A kind of Intelligence network management method and device for power industry | |
| CN113992495B (en) | Alarm information processing method and device, computer equipment and storage medium | |
| CN113722256B (en) | Functional control system and method for communication manager based on plug-in | |
| CN110391934A (en) | Network equipment mask method and device | |
| CN109005074A (en) | It is connected to the network two-dimensional code generation method, network failure lookup method and device | |
| CN115134230B (en) | Switch management method, system, equipment and readable storage medium | |
| CN115225545B (en) | Message transmission method and device | |
| CN115202801A (en) | Information updating method, system, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211022 |