[go: up one dir, main page]

CN108848196B - General service monitoring method based on tcp connection number - Google Patents

General service monitoring method based on tcp connection number Download PDF

Info

Publication number
CN108848196B
CN108848196B CN201811115498.0A CN201811115498A CN108848196B CN 108848196 B CN108848196 B CN 108848196B CN 201811115498 A CN201811115498 A CN 201811115498A CN 108848196 B CN108848196 B CN 108848196B
Authority
CN
China
Prior art keywords
data packets
fin
server
syn
ack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811115498.0A
Other languages
Chinese (zh)
Other versions
CN108848196A (en
Inventor
龚致
王金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201811115498.0A priority Critical patent/CN108848196B/en
Publication of CN108848196A publication Critical patent/CN108848196A/en
Application granted granted Critical
Publication of CN108848196B publication Critical patent/CN108848196B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/1607Details of the supervisory signal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a general service monitoring method based on tcp connection number, wherein a server side of the method runs on a Unix or Linux platform and comprises the steps of calculating QPS and TPS indexes of a target service through a timing task; the invention uses the iptables of the kernel of the Unix or Linux platform to check and monitor the TPS and QPS of the system product without influencing the on-line service, thereby better maintaining the system, adjusting the service index, promoting the stability and high performance of the system, carrying out statistical monitoring without expansion, directly carrying out monitoring from the TCP connection angle and having high performance.

Description

General service monitoring method based on tcp connection number
Technical Field
The invention relates to the technical field of system operation and maintenance, in particular to a general service monitoring method based on tcp connection number.
Background
With the development of the information-based era, the national development enters the network security era, the country has introduced a network security method, many companies in the market are also developing their own system products, the system products are brought online aiming at the existing online services, the TPS (number of transaction processes transmitted per second, i.e., maximum throughput capacity) and the QPS (number of user requests per second) of the server where the system products are located are monitored, and the stability and reliability of the services are of great importance.
Disclosure of Invention
In order to solve the problems in the prior art, the invention aims to provide a general service monitoring method based on TCP connection number, which monitors high performance of a server and a service and is suitable for monitoring related performance indexes aiming at service scenes using TCP.
In order to achieve the purpose, the invention adopts the technical scheme that: a general service monitoring method based on tcp connection number, the server of the method runs on Unix or Linux platform, includes calculating QPS and TPS index of target service by timing task:
(1) calculating a QPS index: on a server where a system product is located, by configuring iptables, respectively counting the number of data packets of SYN and SYN + ACK returned by the server in TCP three-way handshake per second, wherein the number of the counted data packets returned by the iptables per second is the sum of the data packets generated from the counting time to the current time, the increment of the counted number of the SYN and SYN + ACK data packets returned by the iptables per second is taken to obtain the number of the SYN and SYN + ACK data packets in TCP three-way handshake per second, the minimum value of the number of the SYN and SYN + ACK data packets is taken, and the minimum value is the QPS index of the server;
(2) calculating the TPS index: on a server where a system product is located, by configuring iptables, the number of FIN + ACK or FIN data packets sent and received by the server in TCP four-time waving is counted respectively, the counted number of data packets returned by iptables per second is the sum of data packets generated from the counting time to the current time, the increment of the counted number of FIN + ACK or FIN data packets returned by iptables per second is taken to obtain the number of FIN + ACK or FIN data packets in TCP four-time waving per second, the minimum value of the number of data packets of FIN + ACK and FIN is taken to be the TPS index of the server.
As a preferred embodiment, each service on the server corresponds to a respective port, the iptables designates the port, and the corresponding data packets are counted by port, so as to obtain QPS and TPS indexes of each specific service.
The invention has the beneficial effects that: the invention optimizes the low efficiency and low performance of TPS and QPS methods which adopt a service log monitoring system, and is used as a new monitoring server and a new method for monitoring TPS and QPS of services, under the condition of not influencing on-line services, the invention uses the iptables carried by the kernel of the Unix or Linux platform to check and monitor TPS and QPS of system products, thereby better maintaining the system, adjusting service indexes, promoting the stability and high performance of the system, carrying out statistical monitoring without expansion, directly carrying out monitoring from the TCP connection angle, having high performance, and carrying out different types of monitoring aiming at different TCP ports used by different services.
Drawings
FIG. 1 is a schematic diagram of TCP three-way handshake according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a TCP four-hand swing according to an embodiment of the present invention;
FIG. 3 is a block diagram illustrating a QPS index calculation process according to an embodiment of the present invention;
fig. 4 is a block diagram of a process of calculating TPS indicators according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Examples
A general service monitoring method based on tcp connection number, the server of the method runs on Unix or Linux platform, includes calculating QPS and TPS index of target service by timing task:
(1) calculating a QPS index: as shown in fig. 1 and fig. 3, fig. 1 is a schematic diagram of TCP three-way handshake, fig. 3 is a block diagram of a process for calculating a QPS index, where, on a server where a system product is located, iptables is configured to respectively count the number of SYN and SYN + ACK packets returned by the server in TCP three-way handshake, and the number of the counted packets returned by iptables per second is the sum of the packets generated from the counting time to the current time (i.e., pkts-SYN and pkts-SYN + ACK), so as to obtain the number of the packets generated per second, the number of the ACK packets in TCP three-way handshake per second is obtained by taking the increment of the counted number of the SYN and SYN + ACK packets returned by iptables per second (i.e., Δ pkts-SYN and Δ pkts-SYN + ACK), and the number of the ACK packets returned by iptables per second is taken as the minimum value of the SYN and SYN + ACK packets (i.e., Δ pkts-SYN + ACK), the number of redundant request packets can be effectively removed, the QPS of the server can be efficiently obtained, and the QPS of all services on the server can be checked and monitored;
(2) calculating the TPS index: as shown in fig. 2 and 4, fig. 2 is a schematic diagram of TCP four-swing, fig. 4 is a block diagram of a process for calculating TPS index, and the number of packets of FIN + ACK or FIN sent and received by the server per second in TCP four-swing is respectively counted by configuring iptables on the server where the system product is located, the counted number of packets returned by iptables per second is the sum of the packets generated from the counted time to the current time (i.e. pkts-FIN and pkts-FIN '), the increment of the counted number of packets of FIN + ACK or FIN returned by iptables per second (i.e. Δ pkts-FIN and Δ pkts-FIN') is taken, the number of packets of FIN + ACK or FIN in TCP four-swing per second is taken, the minimum of the number of packets of FIN + ACK and FIN (i.e. Δ pkts-FIN, Δ pkts-FIN) is taken, the number of packets of FIN removed per second is taken, i.e. the number of packets removed from redundancy is valid, and the TPS of the server can be efficiently obtained, so that the TPS of all services on the server can be checked and monitored.
In this embodiment, if each service on the server corresponds to its own port, the iptables may specify the port, and count the corresponding data packet according to the port, thereby obtaining QPS and TPS indexes of each specific service, and implementing more accurate monitoring.
The above-mentioned embodiments only express the specific embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.

Claims (2)

1. A general service monitoring method based on tcp connection number, the server of the method runs on Unix or Linux platform, characterized in that, it includes QPS and TPS index of the target service calculated by timing task:
(1) calculating a QPS index: on a server where a system product is located, by configuring iptables, respectively counting the number of data packets of SYN and SYN + ACK received and sent by the server in TCP three-way handshake each second, wherein the number of the counted data packets returned by the iptables each second is the sum of the data packets generated from the counting time to the current time, the increment of the counted number of the SYN and SYN + ACK data packets returned by the iptables each second is taken to obtain the number of the SYN and SYN + ACK data packets in TCP three-way handshake each second, the minimum value of the number of the SYN and SYN + ACK data packets is taken, and the minimum value is QPS index of the server;
(2) calculating the TPS index: on a server where a system product is located, iptables are configured, the number of data packets of FIN and received FIN + ACK sent by the server in TCP four-time waving is counted respectively, the number of the counted data packets returned by the iptables per second is the sum of the data packets generated from the counting time to the current time, the increment of the counted number of the FIN + ACK or FIN data packets returned by the iptables per second is taken to obtain the number of the FIN + ACK or FIN data packets in TCP four-time waving per second, the minimum value of the number of the FIN + ACK or FIN data packets is taken, and the minimum value is the TPS index of the server.
2. The tcp connection number-based universal service monitoring method according to claim 1, wherein each service on the server corresponds to a respective port, the iptables designates the port, and the corresponding data packet is counted by port, thereby obtaining QPS and TPS indexes of each specific service.
CN201811115498.0A 2018-09-25 2018-09-25 General service monitoring method based on tcp connection number Active CN108848196B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811115498.0A CN108848196B (en) 2018-09-25 2018-09-25 General service monitoring method based on tcp connection number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811115498.0A CN108848196B (en) 2018-09-25 2018-09-25 General service monitoring method based on tcp connection number

Publications (2)

Publication Number Publication Date
CN108848196A CN108848196A (en) 2018-11-20
CN108848196B true CN108848196B (en) 2021-01-26

Family

ID=64187960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811115498.0A Active CN108848196B (en) 2018-09-25 2018-09-25 General service monitoring method based on tcp connection number

Country Status (1)

Country Link
CN (1) CN108848196B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111447113B (en) * 2020-03-25 2021-08-27 中国建设银行股份有限公司 System monitoring method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834833A (en) * 2009-03-13 2010-09-15 丛林网络公司 Server Protection against Distributed Denial of Service Attacks
CN102655509A (en) * 2012-05-07 2012-09-05 福建星网锐捷网络有限公司 Network attack identification method and device
CN107241304A (en) * 2016-03-29 2017-10-10 阿里巴巴集团控股有限公司 A kind of detection method and device of DDos attacks

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7324540B2 (en) * 2002-12-31 2008-01-29 Intel Corporation Network protocol off-load engines
US9473596B2 (en) * 2011-09-27 2016-10-18 International Business Machines Corporation Using transmission control protocol/internet protocol (TCP/IP) to setup high speed out of band data communication connections
CN103227798B (en) * 2013-04-23 2016-09-14 西安电子科技大学 A kind of immunological network system
US8984635B1 (en) * 2014-01-06 2015-03-17 Cloudflare, Inc. Authenticating the identity of initiators of TCP connections
CN104202344B (en) * 2014-09-28 2018-02-27 互联网域名系统北京市工程研究中心有限公司 A kind of method and device for the anti-ddos attack of DNS service
CN105516080B (en) * 2015-11-24 2019-03-15 网宿科技股份有限公司 TCP connection processing method, device and system
CN105323259B (en) * 2015-12-07 2018-07-31 上海斐讯数据通信技术有限公司 A kind of method and apparatus preventing synchronous packet attack
CN106100940A (en) * 2016-08-25 2016-11-09 上海斐讯数据通信技术有限公司 A kind of network message supervising device and monitoring method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101834833A (en) * 2009-03-13 2010-09-15 丛林网络公司 Server Protection against Distributed Denial of Service Attacks
CN102655509A (en) * 2012-05-07 2012-09-05 福建星网锐捷网络有限公司 Network attack identification method and device
CN107241304A (en) * 2016-03-29 2017-10-10 阿里巴巴集团控股有限公司 A kind of detection method and device of DDos attacks

Also Published As

Publication number Publication date
CN108848196A (en) 2018-11-20

Similar Documents

Publication Publication Date Title
CN109617868B (en) DDOS attack detection method and device and detection server
CN107623685B (en) Method and device for rapidly detecting SYN Flood attack
CN110944016B (en) DDoS attack detection method, device, network device and storage medium
CN111788560A (en) Dynamic authorized batch processing in a distributed storage network
CN112600952B (en) Method and system for accelerating distribution of mobile terminal network
JP6220625B2 (en) Delay monitoring system and delay monitoring method
EP4084410A1 (en) Method, apparatus and system for training fault detection model
CN108848196B (en) General service monitoring method based on tcp connection number
CN111181897A (en) Attack detection model training method, attack detection method and system
CN109769029B (en) Communication connection method based on electricity consumption information acquisition system and terminal equipment
CN117692361B (en) Gateway fault monitoring method and system based on network communication
CN106789723B (en) Method and device for limiting forwarding speed of multi-core network
CN106856459A (en) A kind of method for dispatching message and device
CN111030888A (en) Domain name system DNS capacity measuring method, device, equipment and medium
CN105260253A (en) Server failure measurement and calculation method and device
CN114500543A (en) Distributed elastic edge acquisition system and application method thereof
CN102710458A (en) Monitoring method of testing process, test management server and test server
CN118860668B (en) Intelligent ammeter data processing method and system based on regional management
CN111930599A (en) Operation and maintenance data processing method and device of cloud service system and storage medium
CN109286506B (en) A method, system and device for traffic accounting
CN110138684B (en) Traffic monitoring method and system based on DNS log
CN108632394A (en) A kind of web cluster load balancing method of adjustment and device
CN110474787A (en) A kind of node failure detection method and device
CN110049030B (en) Block chain consensus system based on random continuous dispersion
CN110460487B (en) Monitoring method and system for service node, service node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant