[go: up one dir, main page]

CN102158362B - Network information monitoring realization method, system and device - Google Patents

Network information monitoring realization method, system and device Download PDF

Info

Publication number
CN102158362B
CN102158362B CN201110096488.9A CN201110096488A CN102158362B CN 102158362 B CN102158362 B CN 102158362B CN 201110096488 A CN201110096488 A CN 201110096488A CN 102158362 B CN102158362 B CN 102158362B
Authority
CN
China
Prior art keywords
supervision
monitor
message
path
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110096488.9A
Other languages
Chinese (zh)
Other versions
CN102158362A (en
Inventor
张延显
于同泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110096488.9A priority Critical patent/CN102158362B/en
Publication of CN102158362A publication Critical patent/CN102158362A/en
Priority to PCT/CN2012/071314 priority patent/WO2012142868A1/en
Application granted granted Critical
Publication of CN102158362B publication Critical patent/CN102158362B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results

Landscapes

  • Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种实现网络信息监管的方法、系统及装置,其中方法包括:在运营商边缘路由器PE和监管路由器Monitor之间建立监管标签交换路径LSP通道以及在PE的入接口配置策略路由;PE根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,并根据Monitor反馈的检测结果进行相应动作:如果检测通过,切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理;本发明通过增加监管通道,用策略路由技术在不同的通道之间进行切换,实现对报文转发的控制,完全实现了对有害信息在传播过程中的控制和处理。

The invention discloses a method, system and device for realizing network information supervision, wherein the method includes: establishing a supervision label switching path LSP channel between an operator's edge router PE and a supervision router Monitor, and configuring policy routing on the incoming interface of the PE; According to the configured policy routing, the PE forwards the suspicious packet to the Monitor through the supervisory LSP channel for detection, and takes corresponding actions according to the detection result fed back by the Monitor: if the detection passes, switch to the normal LSP channel to forward the message, otherwise, according to the scheduled forwarding The strategy processes the message accordingly; the present invention uses policy routing technology to switch between different channels by adding supervision channels, so as to realize the control of message forwarding, and fully realizes the control and control of harmful information in the propagation process. deal with.

Description

实现网络信息监管的方法、系统及装置Method, system and device for realizing network information supervision

技术领域 technical field

本发明涉及通信技术领域,尤其涉及一种实现网络信息监管的方法、系统及装置。The present invention relates to the field of communication technology, in particular to a method, system and device for realizing network information supervision.

背景技术 Background technique

随着互联网业务的迅猛发展,网络上各种有害信息也日益泛滥,各个运营商也被要求肩负起网络信息监管的责任。比如通过前一段时间的网络扫黄运动,国内的各种网站目前都要求必须进行实名注册和管理。这种监管方法属于事后监管,无法对信息传播过程进行干预,并且对于租赁境外服务器从事有害信息的途径,无法有效予以监管,因此总体效果十分有限。如何能够通过网络技术,在有害信息传播过程中进行检测和过滤,成为一个亟需解决的问题。With the rapid development of Internet business, all kinds of harmful information on the network are increasingly flooding, and each operator is also required to shoulder the responsibility of network information supervision. For example, through the Internet anti-pornography campaign some time ago, various domestic websites are now required to register and manage real names. This kind of supervision method belongs to post-event supervision, which cannot intervene in the process of information dissemination, and cannot effectively supervise the way of leasing overseas servers to engage in harmful information, so the overall effect is very limited. How to use network technology to detect and filter harmful information in the process of dissemination has become an urgent problem to be solved.

发明内容 Contents of the invention

鉴于上述的分析,本发明旨在提供一种实现网络信息监管的方法、系统及装置,用以解决现有技术中存在的有害信息在传播过程中没有得到有效检测和过滤的问题。In view of the above analysis, the present invention aims to provide a method, system and device for realizing network information supervision, so as to solve the problem in the prior art that harmful information is not effectively detected and filtered during the propagation process.

本发明的目的主要是通过以下技术方案实现的:The purpose of the present invention is mainly achieved through the following technical solutions:

本发明提供了一种实现网络信息监管的方法,包括:The invention provides a method for realizing network information supervision, including:

在运营商边缘路由器PE和监管路由器Monitor之间建立监管标签交换路径LSP通道以及在PE的入接口配置策略路由;Establish a supervisory label switching path LSP channel between the carrier edge router PE and the supervisory router Monitor, and configure policy routing on the incoming interface of the PE;

PE根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,并根据Monitor反馈的检测结果进行相应动作:如果检测通过,切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理。According to the configured policy routing, the PE forwards the suspicious packet to the Monitor through the supervisory LSP channel for detection, and takes corresponding actions according to the detection result fed back by the Monitor: if the detection passes, switch to the normal LSP channel to forward the message, otherwise, according to the predetermined forwarding The policy processes the packet accordingly.

进一步地,建立监管通道后还包括:Further, after the establishment of the supervision channel, it also includes:

PE通过监管LSP通道发送监管实例注册请求给Monitor,并在收到Monitor反馈的实例注册响应后,PE和Monitor之间建立起监管路径。The PE sends a supervision instance registration request to the Monitor through the supervision LSP channel, and after receiving the instance registration response fed back by the Monitor, a supervision path is established between the PE and the Monitor.

进一步地,将可疑报文转发给Monitor进行检测的过程具体包括:Further, the process of forwarding suspicious packets to Monitor for detection specifically includes:

给PE和Monitor之间建立的监管路径分配一个监管标签,PE对接收到的可疑报文的外层转发标签打上监管标签后,通过监管路径转发给Monitor进行检测。Assign a supervision label to the supervision path established between the PE and the Monitor. After the PE adds a supervision label to the outer forwarding label of the received suspicious packet, it forwards it to the Monitor through the supervision path for detection.

进一步地,还包括:当在PE入接口配置的策略路由被删除后,PE发送监管实例撤销请求,并在收到Monitor反馈的实例撤销响应后,撤销PE和Monitor之间建立的监管路径。Further, it also includes: when the policy route configured on the inbound interface of the PE is deleted, the PE sends a supervision instance withdrawal request, and after receiving the instance withdrawal response fed back by the Monitor, cancels the supervision path established between the PE and the Monitor.

其中,所述路由策略至少包括:匹配项规则和设置项转发条目。Wherein, the routing policy includes at least: matching item rules and setting item forwarding entries.

本发明还提供了一种实现网络信息监管的系统,包括:运营商边缘路由器PE和监管路由器Monitor,其中,The present invention also provides a system for realizing network information supervision, including: an operator's edge router PE and a supervisory router Monitor, wherein,

PE,用于和Monitor之间建立监管标签交换路径LSP通道以及在PE的入接口配置策略路由;并根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,以及根据Monitor反馈的检测结果进行相应动作:如果检测通过,切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理;PE, which is used to establish a supervisory label switching path LSP channel with the Monitor and configure policy routing on the inbound interface of the PE; and forward suspicious packets to the Monitor through the supervisory LSP channel for detection according to the configured policy route, and according to the feedback from the Monitor The detection result takes corresponding actions: if the detection is passed, switch to the normal LSP channel to forward the message, otherwise the message will be processed accordingly according to the predetermined forwarding strategy;

Monitor,用于对PE发来的可疑报文进行检测,并将检测结果反馈给对应的PE。Monitor, used to detect suspicious packets sent by PEs, and feed back the detection results to the corresponding PEs.

本发明又提供了一种实现网络信息监管的装置,包括:The present invention further provides a device for realizing network information supervision, including:

通道建立及管理模块,用于在运营商边缘路由器PE和监管路由器Monitor之间建立监管LSP通道;The channel establishment and management module is used to establish a supervisory LSP channel between the operator's edge router PE and the supervisory router Monitor;

策略配置模块,用于在PE的入接口配置策略路由;A policy configuration module, configured to configure policy routing on the incoming interface of the PE;

转发处理模块,用于根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,并根据Monitor反馈的检测结果进行相应动作:如果检测通过,切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理。The forwarding processing module is used to forward the suspicious message to the Monitor through the supervision LSP channel according to the configured policy routing, and perform corresponding actions according to the detection result fed back by the Monitor: if the detection passes, switch to the normal LSP channel to forward the message, Otherwise, the packet is processed accordingly according to a predetermined forwarding strategy.

进一步地,还包括:Further, it also includes:

实例管理模块,用于通过监管LSP通道发送监管实例注册请求给Monitor,并在收到Monitor反馈的实例注册响应后,在PE和Monitor之间建立起监管路径。The instance management module is used to send a supervision instance registration request to the Monitor through the supervision LSP channel, and establish a supervision path between the PE and the Monitor after receiving the instance registration response fed back by the Monitor.

进一步,还包括:Further, it also includes:

标签处理模块,用于给PE和Monitor之间建立的监管路径分配一个监管标签,并对PE接收到的可疑报文的外层转发标签打上监管标签,由转发处理模块通过监管路径转发给Monitor进行检测。The label processing module is used to assign a supervision label to the supervision path established between the PE and the Monitor, and put a supervision label on the outer forwarding label of the suspicious message received by the PE, and the forwarding processing module forwards it to the Monitor through the supervision path for further processing. detection.

进一步地,所述实例管理模块还用于,在PE入接口配置的策略路由被删除后,通过监管LSP通道发送监管实例撤销请求给Monitor,并在收到Monitor反馈的实例撤销响应后,撤销PE和Monitor之间建立的监管路径。Further, the instance management module is further configured to, after the policy routing configured on the inbound interface of the PE is deleted, send a supervision instance revocation request to the Monitor through the supervision LSP channel, and revoke the PE after receiving the instance revocation response fed back by the Monitor. The supervisory path established between Monitor and Monitor.

本发明有益效果如下:The beneficial effects of the present invention are as follows:

本发明通过增加监管通道,用策略路由技术在不同的通道之间进行切换,实现对报文转发的控制,完全实现了对有害信息在传播过程中的控制和处理。The present invention realizes the control of message forwarding by adding supervisory channels and switching between different channels with strategy routing technology, and completely realizes the control and processing of harmful information in the propagation process.

本发明的其他特征和优点将在随后的说明书中阐述,并且,部分的从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明 Description of drawings

图1为本发明实施例的组网示例的结构示意图;FIG. 1 is a schematic structural diagram of a networking example of an embodiment of the present invention;

图2为本发明实施例所述方法的流程示意图;Fig. 2 is a schematic flow chart of the method described in the embodiment of the present invention;

图3为本发明实施例所述系统的结构示意图;Fig. 3 is a schematic structural diagram of the system described in the embodiment of the present invention;

图4为本发明实施例所述装置的结构示意图。Fig. 4 is a schematic structural diagram of the device described in the embodiment of the present invention.

具体实施方式 Detailed ways

下面结合附图来具体描述本发明的优选实施例,其中,附图构成本申请一部分,并与本发明的实施例一起用于阐释本发明的原理。Preferred embodiments of the present invention will be specifically described below in conjunction with the accompanying drawings, wherein the accompanying drawings constitute a part of the application and are used together with the embodiments of the present invention to explain the principles of the present invention.

首先结合附图1和附图2对本发明实施例所述方法进行详细说明。Firstly, the method described in the embodiment of the present invention will be described in detail with reference to accompanying drawings 1 and 2 .

为了便于说明,以下将附图1所示的组网为例对本发明实施例所述方法进行详细说明。For ease of description, the method described in the embodiment of the present invention will be described in detail below by taking the networking shown in FIG. 1 as an example.

如图1所示,CE1(用户边界设备)和CE2位于同一个私网中,PE1(运营商边缘路由器)和PE2之间存在一条正常的LSP转发通道;在本网络中设置一个Monitor(监管路由器),如果需要对经过PE1的报文进行监管,则Monitor与PE1之间需要建立一条监管LSP通道;同理,如果需要对经过PE2的报文进行监管,那么Monitor与PE2之间也需要建立一条监管LSP通道。As shown in Figure 1, CE1 (customer edge device) and CE2 are located in the same private network, and there is a normal LSP forwarding channel between PE1 (operator edge router) and PE2; a Monitor (monitoring router) is set in this network ), if it is necessary to supervise the packets passing through PE1, a supervision LSP channel needs to be established between Monitor and PE1; similarly, if it is necessary to supervise the packets passing through PE2, then a Supervise LSP channels.

如图2所示,图2为本发明实施例所述方法的流程示意图,设定经过PE1的报文需要被监管,则所述方法具体可以包括如下步骤:As shown in Figure 2, Figure 2 is a schematic flow chart of the method described in the embodiment of the present invention. It is set that the message passing through PE1 needs to be supervised, then the method may specifically include the following steps:

步骤201:通过运行监管使能命令,在PE1和Monitor之间建立一条监管LSP通道;Step 201: Establish a supervisory LSP channel between PE1 and Monitor by running a supervisory enable command;

步骤202:在PE1的入接口配置策略路由,该策略路由至少包括Match(匹配)项规则和Set(设置)项转发条目,其中,Match项规则用于对经过PE1的报文进行过滤,确定需要被检测的可疑报文;Set项转发条目用于配置监管路径;Step 202: Configure policy-based routing on the incoming interface of PE1, the policy-based routing at least includes a Match (matching) item rule and a Set (setting) item forwarding entry, wherein the Match item rule is used to filter the packets passing through PE1, and determine the required Detected suspicious packets; the forwarding entry of the Set item is used to configure the monitoring path;

步骤203:PE通过监管LSP通道发送监管实例注册请求给Monitor,并在收到Monitor反馈的实例注册响应后,PE和Monitor之间建立起监管路径,并为该监管路径分配一个监管标签;Step 203: the PE sends a supervision instance registration request to the Monitor through the supervision LSP channel, and after receiving the instance registration response fed back by the Monitor, establishes a supervision path between the PE and the Monitor, and assigns a supervision label to the supervision path;

步骤204:从CE1出发的报文,经过PE1时,如果根据策略路由确定为可疑报文时,则PE1将该可疑报文的转发路径从正常的转发LSP通道切换到监管LSP通道,利用策略标签转发技术将该可疑报文的外层转发标签打上监管标签后通过监管路径发送给Monitor进行检测;Step 204: When a packet from CE1 passes through PE1, if it is determined to be a suspicious packet according to the policy routing, PE1 switches the forwarding path of the suspicious packet from the normal forwarding LSP channel to the supervisory LSP channel, and uses the policy label The forwarding technology marks the outer forwarding label of the suspicious message with a supervisory label and sends it to the Monitor for detection through the supervisory path;

步骤205:Monitor收到该可疑报文时,对其进行检测,并向PE1发送应答消息,将检测结果告知PE1(通过or不通过);Step 205: When the Monitor receives the suspicious message, it detects it, and sends a response message to PE1, and notifies PE1 of the detection result (pass or fail);

步骤206:PE1根据接收到的检测结果进行相应动作:如果检测通过,则PE1将该可疑报文的转发路径重新切换到正常的转发LSP通道,否则根据用户预先配置的转发策略,选择丢弃报文或其他方式处理,具体采取哪种处理方式需要根据运营商的要求而定。Step 206: PE1 takes corresponding actions according to the received detection result: if the detection passes, PE1 switches the forwarding path of the suspicious packet to the normal forwarding LSP channel again, otherwise, chooses to discard the packet according to the forwarding strategy configured in advance by the user or other methods, the specific processing method depends on the requirements of the operator.

接下来,对本发明实施例所述系统进行详细说明。Next, the system described in the embodiment of the present invention will be described in detail.

如图3所示,图3为本发明实施例所述系统的结构示意图,具体可以包括:Monitor和PE,其中,As shown in FIG. 3, FIG. 3 is a schematic structural diagram of the system according to the embodiment of the present invention, which may specifically include: Monitor and PE, wherein,

当经过某个PE的报文需要被监管时,该PE和Monitor之间建立监管标签交换路径LSP通道以及在PE的入接口配置策略路由;根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,并根据Monitor反馈的检测结果进行相应动作:如果检测通过,则切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理。Monitor对PE发来的可疑报文进行检测,并将检测结果反馈给对应的PE。When a packet passing through a PE needs to be supervised, a supervisory label switching path LSP channel is established between the PE and the Monitor, and policy routing is configured on the incoming interface of the PE; suspicious packets are forwarded through the supervision LSP channel according to the configured policy route Detect to the Monitor, and take corresponding actions according to the detection result fed back by the Monitor: if the detection is passed, switch to the normal LSP channel to forward the message, otherwise process the message according to the predetermined forwarding strategy. The Monitor detects suspicious packets sent by PEs and feeds back the detection results to the corresponding PEs.

最后,对本发明实施例所述装置进行详细说明。Finally, the device described in the embodiment of the present invention is described in detail.

如图4所示,图4为本发明实施例所述装置的结构示意图,本发明实施例所述装置可以设置于PE中,具体可以包括:通道建立及管理模块、策略配置模块、转发处理模块、实例管理模块和标签处理模块,其中,As shown in Figure 4, Figure 4 is a schematic structural diagram of the device described in the embodiment of the present invention. The device described in the embodiment of the present invention can be set in a PE, and specifically can include: a channel establishment and management module, a policy configuration module, and a forwarding processing module , the instance management module and the label processing module, wherein,

通道管理模块,在边缘路由器PE和监管路由器Monitor之间建立监管LSP通道;A channel management module, which establishes a supervisory LSP channel between the edge router PE and the supervisory router Monitor;

策略配置模块,在PE的入接口配置策略路由,该策略路由至少包括Match(匹配)项规则和Set(设置)项转发条目,其中,Match项规则用于对经过PE1的报文进行过滤,确定需要被检测的可疑报文;Set项转发条目用于配置监管路径;The policy configuration module configures policy routing on the incoming interface of the PE, and the policy routing includes at least a Match (matching) item rule and a Set (setting) item forwarding entry, wherein the Match item rule is used to filter the packets passing through PE1, and determine Suspicious packets that need to be detected; the forwarding entry of the Set item is used to configure the monitoring path;

转发处理模块,根据配置的策略路由将可疑报文通过监管LSP通道转发给Monitor进行检测,并根据Monitor反馈的检测结果进行相应动作:如果检测通过,则切换到正常LSP通道转发该报文,否则根据预定的转发策略对该报文进行相应处理。The forwarding processing module, according to the configured policy routing, forwards the suspicious message to the Monitor through the supervisory LSP channel for detection, and takes corresponding actions according to the detection result fed back by the Monitor: if the detection passes, switch to the normal LSP channel to forward the message, otherwise The message is processed accordingly according to a predetermined forwarding strategy.

实例管理模块,通过监管LSP通道发送监管实例注册请求给Monitor,并在收到Monitor反馈的实例注册响应后,在PE和Monitor之间建立起监管路径。The instance management module sends a supervision instance registration request to the Monitor through the supervision LSP channel, and establishes a supervision path between the PE and the Monitor after receiving the instance registration response fed back by the Monitor.

标签处理模块,给PE和Monitor之间建立的监管路径分配一个监管标签,并对PE接收到的可疑报文的外层转发标签打上监管标签,由转发处理模块通过监管路径转发给Monitor进行检测。The label processing module assigns a supervision label to the supervision path established between the PE and the Monitor, and puts a supervision label on the outer forwarding label of the suspicious message received by the PE, and the forwarding processing module forwards it to the Monitor through the supervision path for detection.

当在PE入接口配置的策略路由被删除后,实例管理模块通过监管LSP通道发送监管实例撤销请求给Monitor,并在收到Monitor反馈的实例撤销响应后,撤销PE和Monitor之间建立的监管路径。When the policy route configured on the incoming interface of the PE is deleted, the instance management module sends a supervision instance revocation request to the Monitor through the supervision LSP channel, and after receiving the instance revocation response fed back by the Monitor, revokes the supervision path established between the PE and the Monitor .

需要说明的是,对于系统以及装置的具体实现过程,由于上述方法中已有详细说明,故此处不再赘述。It should be noted that, for the specific implementation process of the system and the device, since the above method has been described in detail, it will not be repeated here.

综上所述,本发明实施例提供了一种实现网络信息监管的方法、系统及装置,本发明通过增加监管LSP通道,用策略路由技术在监管LSP通道和正常LSP通道之间进行切换,实现对报文转发的控制,完全实现了对有害信息在传播过程中的控制和处理;比现有的事后监管方法和技术更加有效,实现方法也更加简单,可以满足在当前网络中大规模部署的需要。To sum up, the embodiment of the present invention provides a method, system and device for realizing network information supervision. The present invention adds supervisory LSP channels and uses policy routing technology to switch between supervisory LSP channels and normal LSP channels to realize The control of message forwarding fully realizes the control and processing of harmful information during the propagation process; it is more effective than existing post-event supervision methods and technologies, and the implementation method is simpler, which can meet the needs of large-scale deployment in the current network. need.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (10)

1. realize a method for network information monitoring, it is characterized in that, comprising:
Supervision label switching path LSP passage and the incoming interface collocation strategy route at PE is set up between provider edge router PE and supervision router Monitor;
Suspicious message is transmitted to Monitor by supervision LSP passage according to the policybased routing of configuration and detects by PE, and carry out corresponding actions according to the testing result of Monitor feedback: pass through if detected, be switched to normal LSP passage and forward this message, otherwise according to predetermined forwarding strategy, respective handling is carried out to this message.
2. method according to claim 1, is characterized in that, also comprises after setting up supervision passage:
PE sends supervision example registration request to Monitor by supervision LSP passage, and after the example registration response receiving Monitor feedback, sets up supervision path between PE and Monitor.
3. method according to claim 2, is characterized in that, the process that suspicious message repeating carries out detecting to Monitor is specifically comprised:
To the supervision path allocation set up between PE and Monitor one supervision label, after the outer forwarding label of PE to the suspicious message received stamps supervision label, be transmitted to Monitor by supervision path and detect.
4. according to the method in claim 2 or 3, it is characterized in that, also comprise: after the policybased routing configured at PE incoming interface is deleted, PE sends the request of supervision example revocation, and after the example revocation response receiving Monitor feedback, cancel the supervision path set up between PE and Monitor.
5. method according to claim 1, is characterized in that, described policybased routing at least comprises: occurrence rule and setting option forwarding entry.
6. realize a system for network information monitoring, it is characterized in that, comprising: provider edge router PE and supervision router Monitor, wherein,
PE, for and Monitor between set up supervision label switching path LSP passage and the incoming interface collocation strategy route at PE; And according to the policybased routing of configuration, suspicious message is transmitted to Monitor detects by supervising LSP passage, and carry out corresponding actions according to the testing result of Monitor feedback: pass through if detected, be switched to normal LSP passage and forward this message, otherwise according to predetermined forwarding strategy, respective handling is carried out to this message;
Monitor, detects for the suspicious message sent PE, and testing result is fed back to corresponding PE.
7. realize a device for network information monitoring, it is characterized in that, comprising:
Path Setup and administration module, for setting up supervision LSP passage between provider edge router PE and supervision router Monitor;
Strategy configuration module, for the incoming interface collocation strategy route at PE;
Forward process module, detect for suspicious message being transmitted to Monitor by supervision LSP passage according to the policybased routing of configuration, and carry out corresponding actions according to the testing result of Monitor feedback: pass through if detected, be switched to normal LSP passage and forward this message, otherwise according to predetermined forwarding strategy, respective handling is carried out to this message.
8. device according to claim 7, is characterized in that, also comprises:
Instance management module, for sending supervision example registration request to Monitor by supervision LSP passage, and after the example registration response receiving Monitor feedback, sets up supervision path between PE and Monitor.
9. device according to claim 8, is characterized in that, also comprises:
Label processing module, for giving supervision path allocation one supervision of setting up between PE and Monitor label, and supervision label is stamped to the outer forwarding label of the suspicious message that PE receives, be transmitted to Monitor by forward process module by supervision path and detect.
10. device according to claim 9, it is characterized in that, described instance management module also for, after the policybased routing of PE incoming interface configuration is deleted, the request of supervision example revocation is sent to Monitor by supervision LSP passage, and after the example revocation response receiving Monitor feedback, cancel the supervision path set up between PE and Monitor.
CN201110096488.9A 2011-04-18 2011-04-18 Network information monitoring realization method, system and device Expired - Fee Related CN102158362B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110096488.9A CN102158362B (en) 2011-04-18 2011-04-18 Network information monitoring realization method, system and device
PCT/CN2012/071314 WO2012142868A1 (en) 2011-04-18 2012-02-20 Method, system and device for monitoring network information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110096488.9A CN102158362B (en) 2011-04-18 2011-04-18 Network information monitoring realization method, system and device

Publications (2)

Publication Number Publication Date
CN102158362A CN102158362A (en) 2011-08-17
CN102158362B true CN102158362B (en) 2015-05-06

Family

ID=44439563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110096488.9A Expired - Fee Related CN102158362B (en) 2011-04-18 2011-04-18 Network information monitoring realization method, system and device

Country Status (2)

Country Link
CN (1) CN102158362B (en)
WO (1) WO2012142868A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158362B (en) * 2011-04-18 2015-05-06 中兴通讯股份有限公司 Network information monitoring realization method, system and device
CN102377603B (en) * 2011-10-26 2014-10-29 国家广播电影电视总局广播科学研究院 Policy processing method and policy processing devices

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719829A (en) * 2004-07-09 2006-01-11 北京航空航天大学 Using MPLS explicit routing to implement traffic control and defend against DOS attacks
CN101399749A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method, system and device for packet filtering
CN101820391A (en) * 2010-03-17 2010-09-01 中兴通讯股份有限公司 Route forwarding method used for IP network and network equipment
CN101848222A (en) * 2010-05-28 2010-09-29 武汉烽火网络有限责任公司 Inspection method and device of Internet deep packet

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4542359B2 (en) * 2004-03-30 2010-09-15 株式会社クラウド・スコープ・テクノロジーズ Network monitoring apparatus, monitoring method, and monitoring system
CN1983955A (en) * 2006-05-09 2007-06-20 华为技术有限公司 Method and system for monitoring illegal message
US8250641B2 (en) * 2007-09-17 2012-08-21 Intel Corporation Method and apparatus for dynamic switching and real time security control on virtualized systems
CN101355567B (en) * 2008-09-03 2012-05-09 中兴通讯股份有限公司 A method for safety protection of central processor of switching and routing equipment
CN102158362B (en) * 2011-04-18 2015-05-06 中兴通讯股份有限公司 Network information monitoring realization method, system and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719829A (en) * 2004-07-09 2006-01-11 北京航空航天大学 Using MPLS explicit routing to implement traffic control and defend against DOS attacks
CN101399749A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method, system and device for packet filtering
CN101820391A (en) * 2010-03-17 2010-09-01 中兴通讯股份有限公司 Route forwarding method used for IP network and network equipment
CN101848222A (en) * 2010-05-28 2010-09-29 武汉烽火网络有限责任公司 Inspection method and device of Internet deep packet

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
蔡俊朝,蔡皖东,胡润东.一种网络信息监管系统的设计与实现.《微电子学与计算机》.2010,第27卷(第10期), *

Also Published As

Publication number Publication date
WO2012142868A1 (en) 2012-10-26
CN102158362A (en) 2011-08-17

Similar Documents

Publication Publication Date Title
US9596159B2 (en) Finding latency through a physical network in a virtualized network
Nam et al. A Study on SDN security enhancement using open source IDS/IPS Suricata
KR101488648B1 (en) Bootstrapping fault detection sessions over a p2mp tunnel
CN104144082B (en) The method and controller of detection loop in double layer network
CN104468358A (en) Message forwarding method and device of distributive virtual switch system
CN104541482A (en) Systems and methods for using RVSP HELLO suppression for graceful restart capable neighbors
CN102447639B (en) A kind of policy routing method and device
CN103873379A (en) Distributed route destroy-resistant strategy collocation method and system based on overlay network
CN102137009A (en) Method, system and equipment for processing Dual-layer service in network
CN103747026A (en) Alarm method and alarm device of openflow flow table
CN100563194C (en) How to establish an LSP
US20070133502A1 (en) Method and apparatus for increasing the scalability of ethernet OAM
EP2897328B1 (en) Method, system and apparatus for establishing communication link
CN101572648B (en) Method and device for realizing broadcast in QinQ
CN102984043A (en) Forwarding method and forwarding device of multicast data stream
CN103716169B (en) Point-to-multipoint method of realizing group broadcasting, network node and system
CN102158362B (en) Network information monitoring realization method, system and device
CN101478489B (en) Method and system for controlling default routing notification by IS-IS protocol
CN106559323A (en) A kind of method and apparatus sent on SDN equipment first packet
CN102918807B (en) Method and routing equipment for BFD session establishment
CN101662427B (en) Method, system and device for distributing and scheduling resource
CN103888356B (en) VPLS realization method, system and provider edge
Moser Performance Analysis of an SD-WAN Infrastructure Implemented Using Cisco System Technologies
CN106487751A (en) A kind of data transmission method, relevant apparatus and system
CN105282046A (en) Secure cloud access realization method by means of software defined networking

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150506