CN115484193A - Method, system, storage medium and device for monitoring and analyzing network packet loss flow - Google Patents
Method, system, storage medium and device for monitoring and analyzing network packet loss flow Download PDFInfo
- Publication number
- CN115484193A CN115484193A CN202211004934.3A CN202211004934A CN115484193A CN 115484193 A CN115484193 A CN 115484193A CN 202211004934 A CN202211004934 A CN 202211004934A CN 115484193 A CN115484193 A CN 115484193A
- Authority
- CN
- China
- Prior art keywords
- message
- discarded
- information
- packet
- error
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000012544 monitoring process Methods 0.000 title claims abstract description 47
- 238000003860 storage Methods 0.000 title claims abstract description 11
- 238000012806 monitoring device Methods 0.000 claims description 87
- 238000004458 analytical method Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 11
- 238000007619 statistical method Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 abstract description 2
- 238000005538 encapsulation Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 239000000470 constituent Substances 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
- H04L43/0829—Packet loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本发明是关于网络通信的技术领域,特别是关于一种网络丢包流量的监控和解析方法、系统、存储介质及计算机设备。The invention relates to the technical field of network communication, in particular to a method, system, storage medium and computer equipment for monitoring and analyzing network packet loss flow.
背景技术Background technique
随着网络规模的扩大,网络中的交换设备数量也急剧增加,网络丢包的查找变的复杂,及时获知网络丢包对于故障的发现、分析排查交换设备问题非常重要。网络丢包是在使用ping对目站进行询问时,数据包由于各种原因在信道中丢失的现象。With the expansion of the network scale, the number of switching devices in the network has also increased sharply, and the search for network packet loss has become more complicated. It is very important to know the network packet loss in time for fault discovery, analysis and troubleshooting of switching devices. Network packet loss is the phenomenon that data packets are lost in the channel due to various reasons when using ping to query the destination station.
丢包统计是指在某一个测量时间区间内,根据所有进入网络的流量与离开网络的流量之间的差,获得丢包数量和丢包率数据。目前一般交换芯片只提供基于端口的丢包原因记录和丢包统计,只能确定基于端口的丢包,不能确定具体的流量。Packet loss statistics refers to obtaining packet loss quantity and packet loss rate data according to the difference between all traffic entering the network and traffic leaving the network within a certain measurement time interval. At present, general switching chips only provide port-based packet loss record and packet loss statistics, and can only determine port-based packet loss, but cannot determine specific traffic.
通过ACL(访问控制列表)可以进行ACL匹配项的流量区分。ACL是一种基于包过滤的访问控制技术,它可以根据设定的条件对接口上的数据包进行过滤,允许其通过或丢弃。访问控制列表被广泛地应用于路由器和三层交换机,借助于访问控制列表,可以有效地控制用户对网络的访问,从而最大程度地保障网络安全。但是,ACL支持的区分流量的匹配项(源MAC、目的MAC、VLAN、五元组等)有限,通过ACL区分丢包流量也只能局限于ACL支持的匹配项,不能进行基于深层次的业务的统计;另外ACL属于稀缺资源使用ACL进行基于流量的丢包原因记录和丢包统计需要占用大量的ACL。ACL (Access Control List) can be used to distinguish the traffic of ACL matching items. ACL is an access control technology based on packet filtering. It can filter the data packets on the interface according to the set conditions, allowing them to pass or discard. Access control lists are widely used in routers and
公开于该背景技术部分的信息仅仅旨在增加对本发明的总体背景的理解,而不应当被视为承认或以任何形式暗示该信息构成已为本领域一般技术人员所公知的现有技术。The information disclosed in this Background section is only for enhancing the understanding of the general background of the present invention and should not be taken as an acknowledgment or any form of suggestion that the information constitutes the prior art that is already known to those skilled in the art.
发明内容Contents of the invention
本发明的目的在于提供网络丢包流量的监控和解析方法、系统、存储介质及设备,其通过添加丢弃信息报文头,能够快速读取错误信息,进而能够实现基于流量丢包监控的目的,及时的发现丢包流量对丢包进行基于深层次报文内容的统计。The purpose of the present invention is to provide a method, system, storage medium and equipment for monitoring and analyzing network packet loss traffic, which can quickly read error information by adding a packet loss information header, and then can realize the purpose of packet loss monitoring based on traffic, Timely detection of packet loss traffic statistics based on in-depth packet content.
为实现上述目的,本发明提供了一种网络丢包流量的监控方法,应用于交换机的交换芯片上,所述方法包括以下步骤:In order to achieve the above object, the present invention provides a method for monitoring network packet loss traffic, which is applied to the switching chip of the switch, and the method includes the following steps:
在丢弃报文中添加丢弃信息报文头,得到第一丢弃报文;其中,所述丢弃信息报文头中包括错误信息;Adding a discarding message header to the discarding message to obtain a first discarding message; wherein, the discarding message header includes error information;
对所述第一丢弃报文进行镜像,得到第二丢弃报文;Mirroring the first discarded packet to obtain a second discarded packet;
将所述第二丢弃报文上送监控设备,以使监控设备对所述第二丢弃报文携带的错误信息进行解析,得到所述丢弃报文的丢包原因并进行报文丢弃统计,得到所述丢弃报文的统计信息。Sending the second discarded message to the monitoring device, so that the monitoring device analyzes the error information carried by the second discarded message, obtains the packet loss cause of the discarded message and performs packet discarding statistics, and obtains Statistical information of the discarded packets.
在本发明的一实施方式中,所述错误信息至少包括错误信息标识和用于报文丢弃统计的信息;所述用于报文丢弃统计的信息包括设备编号ID、源端口信息、丢弃报文的长度信息和错误编码;其中,所述错误信息标识用于识别所述丢弃报文,并且用于标识所述错误信息标识后是所述用于报文丢弃统计的信息;In one embodiment of the present invention, the error information includes at least an error message identifier and information used for packet discard statistics; the information used for packet discard statistics includes device number ID, source port information, discarded packet length information and error coding; wherein, the error information identifier is used to identify the discarded message, and is used to identify that the error information identifier is followed by the information used for packet discard statistics;
所述设备编号ID用于确定产生所述丢弃报文的设备;所述源端口信息用于确定产生所述丢弃报文的源端口;所述丢弃报文的长度信息用于确定所述丢弃报文的长度,用于判断所述丢弃报文是否发生报文损坏;所述错误编码用来标识所述丢弃报文的错误类型;通过对所述产生所述丢弃报文的设备、所述产生所述丢弃报文的源端口、所述报文损坏的信息和所述丢弃报文的错误类型进行分析统计,得出各个设备或源端口产生所述丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,用于定位产生所述丢弃报文的设备和源端口。The device number ID is used to determine the device that generated the discarded message; the source port information is used to determine the source port that generated the discarded message; the length information of the discarded message is used to determine the discarded message The length of the message is used to determine whether the discarded message is damaged; the error code is used to identify the error type of the discarded message; The source port of the discarded message, the message damage information and the error type of the discarded message are analyzed and counted to obtain the number of discarded messages generated by each device or source port, and the number of message damages. Statistical information on the number and error types of various discarded packets is used to locate the device and source port that generated the discarded packets.
在本发明的一实施方式中,所述对所述第一丢弃报文进行镜像,得到第二丢弃报文中,具体包括以下步骤:截取所述第一丢弃报文的前预设个字节,得到截取后的丢弃报文,将所述截取后的丢弃报文进行镜像,得到包含所述丢弃信息报文头的第二丢弃报文;其中,所述丢弃信息报文头添加在所述丢弃报文的前预设个字节内。In an embodiment of the present invention, the mirroring of the first discarded message to obtain the second discarded message specifically includes the following steps: intercepting the first preset bytes of the first discarded message , to obtain the intercepted discarded message, and mirror the intercepted discarded message to obtain a second discarded message containing the discarded information header; wherein, the discarded information header is added to the Discard the first preset bytes of the packet.
在本发明的一实施方式中,所述监控设备为交换机CPU和/或远端网络监控设备;In one embodiment of the present invention, the monitoring device is a switch CPU and/or a remote network monitoring device;
当存在远端网络监控设备时,将所述第二丢弃报文发送到所述远端网络监控设备进行错误统计分析,其具体步骤如下:When there is a remote network monitoring device, sending the second discarded message to the remote network monitoring device for statistical analysis of errors, the specific steps are as follows:
根据远端网络监控设备的目的地址和所述交换机的源地址对所述第二丢弃报文进行业务头封装,得到封装的丢弃报文;Encapsulating the second discarded message with a service header according to the destination address of the remote network monitoring device and the source address of the switch, to obtain the encapsulated discarded message;
将所述封装的丢弃报文转发到远端网络监控设备,以使所述远端监控设备解析所述封装的丢弃报文进行错误统计分析;Forwarding the encapsulated discarded message to a remote network monitoring device, so that the remote monitored device parses the encapsulated discarded message for statistical error analysis;
当没有远端网络监控设备时,将所述第二丢弃报文发送到所述交换机CPU进行错误统计分析。When there is no remote network monitoring device, the second discarded packet is sent to the switch CPU for error statistical analysis.
本发明还提供了一种网络丢包流量的解析方法,应用于监控设备上,所述方法包括以下步骤:The present invention also provides a method for analyzing network packet loss traffic, which is applied to monitoring equipment, and the method includes the following steps:
接收交换机芯片发送的由第一丢弃报文镜像得到的第二丢弃报文,其中,所述第一丢弃报文为所述交换机芯片在丢弃报文中添加了丢弃信息报文头的报文,所述丢弃信息报文头中包括错误信息;receiving the second discarded message sent by the switch chip and obtained by mirroring the first discarded message, wherein the first discarded message is a message in which the discarded message header is added by the switch chip, The packet header of the discarding information includes error information;
对所述第二丢弃报文中的错误信息进行解析,得到丢弃报文的丢包原因和统计信息。Analyzing the error information in the second discarded message to obtain the packet loss cause and statistical information of the discarded message.
在本发明的一实施方式中,所述错误信息至少包括错误信息标识和用于报文丢弃统计的信息;所述用于报文丢弃统计的信息包括设备编号ID、源端口信息、丢弃报文的长度信息和错误编码;其中,所述错误信息标识用于识别所述丢弃报文,并且用于标识所述错误信息标识后是所述用于报文丢弃统计的信息;In one embodiment of the present invention, the error information includes at least an error message identifier and information used for packet discard statistics; the information used for packet discard statistics includes device number ID, source port information, discarded packet length information and error coding; wherein, the error information identifier is used to identify the discarded message, and is used to identify that the error information identifier is followed by the information used for packet discard statistics;
所述设备编号ID用于确定产生所述丢弃报文的设备;所述源端口信息用于确定产生所述丢弃报文的源端口;所述丢弃报文的长度信息用于确定所述丢弃报文的长度,用于判断所述丢弃报文是否发生报文损坏;所述错误编码用来标识所述丢弃报文的错误类型;通过对所述产生所述丢弃报文的设备、所述产生所述丢弃报文的源端口、所述报文损坏的信息和所述丢弃报文的错误类型进行分析统计,得出各个设备或源端口产生所述丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,用于定位产生所述丢弃报文的设备和源端口。The device number ID is used to determine the device that generated the discarded message; the source port information is used to determine the source port that generated the discarded message; the length information of the discarded message is used to determine the discarded message The length of the message is used to determine whether the discarded message is damaged; the error code is used to identify the error type of the discarded message; The source port of the discarded message, the message damage information and the error type of the discarded message are analyzed and counted to obtain the number of discarded messages generated by each device or source port, and the number of message damages. Statistical information on the number and error types of various discarded packets is used to locate the device and source port that generated the discarded packets.
在本发明的一实施方式中,所述对所述第二丢弃报文中的错误信息进行解析包括:In an embodiment of the present invention, the parsing the error information in the second discarded message includes:
所述第二丢弃报文为截取所述第一丢弃报文的前预设个字节后镜像得到的报文;其中,所述丢弃信息报文头添加在所述丢弃报文的前预设个字节内。The second discarded message is a message obtained by intercepting the first predetermined bytes of the first discarded message and mirroring it; wherein, the discarded information message header is added to the pre-preset byte of the discarded message within bytes.
在本发明的一实施方式中,所述监控设备为交换机CPU和/或远端网络监控设备;In one embodiment of the present invention, the monitoring device is a switch CPU and/or a remote network monitoring device;
当存在所述远端网络监控设备时,由所述远端网络监控设备接收交换机芯片发送的对第二丢弃报文进行业务台封装后的封装的丢弃报文,并对所述封装的丢弃报文进行解析,得到丢弃报文的丢包原因和统计信息;When there is the remote network monitoring device, the remote network monitoring device receives the encapsulated discarded message sent by the switch chip after the second discarded message is encapsulated by the service station, and the encapsulated discarded message is The packet is analyzed to obtain the packet loss reason and statistical information of the discarded packet;
当没有所述远端网络监控设备时,由所述交换机CPU对所述第二丢弃报文中的错误信息进行解析,得到丢弃报文的丢包原因和统计信息。When there is no remote network monitoring device, the CPU of the switch parses the error information in the second discarded message to obtain a packet loss cause and statistical information of the discarded message.
本发明还提供了一种网络丢包流量的监控系统,包括:The present invention also provides a monitoring system for network packet loss flow, including:
报文头生成模块,用于在丢弃报文中添加丢弃信息报文头,得到第一丢弃报文;其中,所述丢弃信息报文头中包括错误信息;A message header generating module, configured to add a discard information header to the discard message to obtain a first discard message; wherein, the discard information header includes error information;
镜像模块,用于对所述第一丢弃报文进行镜像,得到第二丢弃报文;A mirroring module, configured to mirror the first discarded message to obtain a second discarded message;
发送模块,用于将所述第二丢弃报文上送监控设备,以使监控设备对所述第二丢弃报文携带的错误信息进行解析,得到所述丢弃报文的丢包原因并进行报文丢弃统计。A sending module, configured to send the second discarded message to a monitoring device, so that the monitoring device analyzes the error information carried by the second discarded message, obtains the packet loss cause of the discarded message, and reports Document discard statistics.
本发明还提供了一种存储介质,所述存储介质包括存储的程序,其中,所述程序执行上述的网络丢包流量的监控方法或/和执行上述的网络丢包流量的解析方法。The present invention also provides a storage medium, which includes a stored program, wherein the program executes the above-mentioned method for monitoring network packet loss traffic or/and executes the above-mentioned method for analyzing network packet loss traffic.
本发明还提供了一种计算机设备,其包括处理器、存储器及存储于所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述的网络丢包流量的监控方法或/和实现上述的网络丢包流量的解析方法。The present invention also provides a computer device, which includes a processor, a memory, and a computer program stored on the memory and operable on the processor. When the processor executes the computer program, the above-mentioned network is realized. A method for monitoring packet loss traffic or/and implementing the above-mentioned analysis method for network packet loss traffic.
本发明还提供了一种网络丢包流量的解析系统,包括:解析模块,用于对包含丢弃信息报文头的丢弃报文进行解析,其中,读取所述丢弃报文的第一个协议类型信息之后的信息为所述丢弃报文的错误信息。The present invention also provides an analysis system for network packet loss traffic, including: an analysis module, which is used to analyze the discarded message containing the discarded information message header, wherein the first protocol of the discarded message is read The information after the type information is the error information of the discarded packet.
与现有技术相比,根据本发明的网络丢包流量的监控和解析方法、系统、存储介质及设备,在丢弃报文中添加丢弃信息报文头,该丢弃信息报文头中能够包括一些错误信息,进而在后续的交换机CPU或者远端网络监控设备中直接进行解析和统计;此外,本发明通过在交换芯片上设定丢包镜像目的,将丢包报文镜像到交换机CPU或者远端网络监控设备,由交换机CPU或者网络监控设备进行丢包分析统计。Compared with the prior art, according to the method, system, storage medium and equipment for monitoring and analyzing network packet loss traffic of the present invention, a discarding information header is added to the discarding message, and the discarding information header can include some Error information, and then directly analyze and count in the subsequent switch CPU or remote network monitoring equipment; in addition, the present invention mirrors the packet loss message to the switch CPU or the remote end by setting the packet loss mirroring purpose on the switching chip Network monitoring equipment, the packet loss analysis and statistics are performed by the switch CPU or network monitoring equipment.
附图说明Description of drawings
图1是根据本发明一实施方式的一种网络丢包流量的监控方法的流程图;Fig. 1 is a flow chart of a method for monitoring network packet loss traffic according to an embodiment of the present invention;
图2是根据本发明一实施方式的报文格式的示意图;FIG. 2 is a schematic diagram of a message format according to an embodiment of the present invention;
图3是根据本发明一实施方式的交换芯片丢弃报文镜像流程示意图;Fig. 3 is a schematic flow chart of discarding message mirroring in a switching chip according to an embodiment of the present invention;
图4是根据本发明一实施方式的一种网络丢包流量的解析方法的流程图;4 is a flowchart of a method for analyzing network packet loss traffic according to an embodiment of the present invention;
图5是根据本发明一实施方式的一种网络丢包流量的监控系统的结构示意图。Fig. 5 is a schematic structural diagram of a monitoring system for network packet loss traffic according to an embodiment of the present invention.
具体实施方式detailed description
下面结合附图,对本发明的具体实施方式进行详细描述,但应当理解本发明的保护范围并不受具体实施方式的限制。The specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiments.
除非另有其它明确表示,否则在整个说明书和权利要求书中,术语“包括”或其变换如“包含”或“包括有”等等将被理解为包括所陈述的元件或组成部分,而并未排除其它元件或其它组成部分。Unless expressly stated otherwise, throughout the specification and claims, the term "comprise" or variations thereof such as "includes" or "includes" and the like will be understood to include the stated elements or constituents, and not Other elements or other components are not excluded.
如图1至图3所示,根据本发明优选实施方式的一种网络丢包流量的监控方法,其主要应用在交换机的交换芯片上,具体包括以下步骤:As shown in Figures 1 to 3, a method for monitoring network packet loss traffic according to a preferred embodiment of the present invention is mainly applied on the switching chip of the switch, and specifically includes the following steps:
S1:在丢弃报文中添加丢弃信息报文头,得到第一丢弃报文。S1: Add a discard information packet header to the discard packet to obtain a first discard packet.
该步骤在交换芯片中进行,当交换芯片产生报文丢弃时,在该丢弃报文中添加丢弃信息报文头,具体地,将丢弃信息报文头添加到丢弃报文的源mac地址之后。因为,丢弃报文的源mac地址之后为丢弃报文的具体数据内容,将丢弃信息报文头添加在源mac地址之后,可以将丢弃信息报文头中添加的数据内容和丢弃报文中原有的数据内容融合在一起,进而便于后续对全网的丢包情况进行错误信息统计时,更加方便。This step is carried out in the switch chip. When the switch chip generates a packet discard, a discard information packet header is added to the discard packet, specifically, the discard information packet header is added after the source mac address of the discard packet. Because, after the source mac address of the discarded message is the specific data content of the discarded message, adding the discarded information packet header after the source mac address can combine the data content added in the discarded information packet header with the original data content of the discarded message The data content of the network is fused together, which is more convenient for subsequent error information statistics on the packet loss situation of the entire network.
丢弃报文为以太网协议的报文格式,其包括目的mac地址(DEST_MAC)、源mac地址(SRC_MAC)和协议类型(ETHTYPE),具体地将丢弃信息报文头添加在源mac地址(SRC_MAC)和协议类型(ETHTYPE)之间,如图2所示。The discarded message is the message format of the Ethernet protocol, which includes the destination mac address (DEST_MAC), source mac address (SRC_MAC) and protocol type (ETHTYPE), and specifically adds the discarded information message header to the source mac address (SRC_MAC) and protocol type (ETHTYPE), as shown in Figure 2.
丢弃信息报文头中包括错误信息,该错误信息中包括该丢弃报文的用于对丢包流量进行统计的信息。具体地,错误信息至少包括错误信息标识(如:ETHTYPE(ERRO_CODE))和用于报文丢弃统计的信息,ETHTYPE(ERRO_CODE)为特殊值用来作为丢弃报文进行识别的标记符,标识此后的信息是用于进行报文丢弃统计的信息。The packet header of the discarded information includes error information, and the error information includes the information of the discarded packet for collecting statistics on the packet loss traffic. Specifically, the error information at least includes an error message identifier (such as: ETHTYPE (ERRO_CODE)) and information used for message discarding statistics. ETHTYPE (ERRO_CODE) is a special value used as a marker for identifying discarded messages, and identifies subsequent Information is used for packet discard statistics.
用于报文丢弃统计的信息包括设备编号ID(UNIQUE_ID)、源端口信息(SRC_PORT)、丢弃报文的长度(PACKET_LEN)和错误编码(ERRO_CODE)。The information used for packet discard statistics includes device ID (UNIQUE_ID), source port information (SRC_PORT), length of discarded packets (PACKET_LEN) and error code (ERRO_CODE).
UNIQUE_ID作为交换设备唯一标识,用于确定产生丢弃报文的设备,进而能够依据产生丢弃报文的设备统计各个设备所产生丢弃报文的数量和错误类型等统计信息。SRC_PORT为报文的源端口信息,用于确定产生丢弃报文的源端口,进而能够依据产生丢弃报文的源端口统计各个源端口所产生丢弃报文的数量和错误类型等统计信息。PACKET_LEN用来标识丢弃报文的长度,可以用来判断丢弃报文是否发生字符丢失等报文损坏的信息。ERRO_CODE用来标识丢弃报文的错误类型,进而能够对丢弃报文的具体错误类型进行统计。UNIQUE_ID, as the unique identifier of the switching device, is used to determine the device that generates discarded packets, and then can count statistical information such as the number of discarded packets and error types generated by each device based on the device that generated discarded packets. SRC_PORT is the source port information of the message, which is used to determine the source port that generates the discarded message, and then can count statistical information such as the number of discarded messages generated by each source port and the error type according to the source port that generated the discarded message. PACKET_LEN is used to identify the length of the discarded packet, and can be used to determine whether the discarded packet has character loss and other packet damage information. ERRO_CODE is used to identify the error type of discarded packets, so that statistics can be made on the specific error types of discarded packets.
例如,ETHTYPE(ERRO_CODE)可配置为0x8809,当远端网络监控设备接收到ETHTYPE为0x8809的报文则可标识此报文为交换芯片丢弃的报文,按照图2所示的格式进行报文解析可获得该丢弃报文的设备编号(UNIQUE_ID)、源端口信息(SRC_PORT)、丢弃报文的长度(PACKET_LEN)和错误编码0x8809,进而可以得到该丢弃报文所属的设备、从哪个端口发出以及是否发生字符丢失和错误类型,如果0x8809表示协议转换错误,则确定该丢弃报文在传输过程出现了协议转换错误。据此,远端网络监控设备可以根据收到的所有丢弃报文,统计出丢弃报文的丢弃原因(如:协议转换错误、解析错误、字符丢失等)及相关统计数据(丢弃报文的总数量、不同丢弃原因对应的报文数量,哪个设备发生了报文丢弃以及该设备的报文丢弃数量,哪个源端口发生了报文丢弃以及该源端口的报文丢弃数量等统计信息,以及当前丢弃报文对应的设备和源端口等统计信息)。For example, ETHTYPE (ERRO_CODE) can be configured as 0x8809. When the remote network monitoring device receives a message with an ETHTYPE of 0x8809, it can identify the message as a message discarded by the switching chip, and analyze the message according to the format shown in Figure 2. The device number (UNIQUE_ID), source port information (SRC_PORT), length of the discarded packet (PACKET_LEN) and error code 0x8809 of the discarded packet can be obtained, and then the device to which the discarded packet belongs, which port it is sent from and whether it is Character loss and error type occur. If 0x8809 indicates a protocol conversion error, it is determined that a protocol conversion error occurred during the transmission of the discarded message. Based on this, the remote network monitoring device can count the discarding reasons of the discarded packets (such as: protocol conversion error, parsing error, character loss, etc.) number of packets corresponding to different reasons for discarding, which device discarded packets and the number of packets discarded by the device, which source port received packet discards and the number of packets discarded by the source port Statistical information such as the device and source port corresponding to the discarded packet).
通过丢弃信息报文头中包含的上述错误信息,可以在后续步骤中通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。By discarding the above-mentioned error information contained in the header of the information message, the device, source port, message damage and error type of the discarded message can be obtained through the information used for message discard statistics in subsequent steps, The monitoring equipment analyzes and counts these information, and can obtain statistics of various discarded information, for example, the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets Statistical information in order to locate the device and source port that generated discarded packets, so as to facilitate subsequent optimization of the device and source port based on the number of damaged packets and error types.
如图2所示,添加错误信息的报文格式即为添加了丢弃信息报文头的丢弃报文,其中,ETHTYPE(ERRO_CODE)是用来标识此后的信息为错误信息,ETHTYPE是丢弃报文本身携带自己的ETHTYPE,两者并不相同。As shown in Figure 2, the packet format for adding error information is the discarded packet with the packet header of the discarded information added, where ETHTYPE (ERRO_CODE) is used to identify the subsequent information as error information, and ETHTYPE is the discarded packet itself Bring your own ETHTYPE, the two are not the same.
S2:对第一丢弃报文进行镜像,得到第二丢弃报文。S2: Perform mirroring on the first discarded packet to obtain the second discarded packet.
该步骤中,进行镜像的目的是将第一丢弃报文镜像出交换芯片,便于在后续的交换机CPU或者远端网络监控设备进行分析。In this step, the purpose of mirroring is to mirror the first discarded message out of the switch chip, so as to facilitate analysis by the subsequent switch CPU or remote network monitoring equipment.
在镜像过程中,可选地,为了节约带宽可以对第一丢弃报文进行截取前预设个字节后,得到截取后的丢弃报文,将截取后的丢弃报文进行镜像,其中,截取后的丢弃报文至少包括丢弃信息报文头。预设个字节可以是32、64等个字节。In the mirroring process, optionally, in order to save bandwidth, after preset bytes before intercepting the first discarded message, the discarded message after the interception is obtained, and the discarded message after the interception is mirrored, wherein, the intercepted The subsequent discarded packets include at least the discarded information packet header. The preset number of bytes can be 32, 64, etc. bytes.
由于丢弃信息报文头中包括有丢弃报文的主要信息,因此,通过对丢弃信息报文头进行解析,即可获取丢弃报文的流量信息,而无需读取对整个丢弃报文进行分析。Since the discard information packet header includes the main information of the discarded packet, the flow information of the discarded packet can be obtained by parsing the discarded information packet header without reading and analyzing the entire discarded packet.
S3:将第二丢弃报文上送监控设备,该监控设备可以为交换机CPU和/或远端网络监控设备,其中,在交换机CPU和/或网络监控设备中对丢弃信息报文头中携带的错误信息进行解析,得到丢包原因并进行报文丢弃统计,得到丢弃报文的统计信息。S3: Send the second discarded message to the monitoring device. The monitoring device can be a switch CPU and/or a remote network monitoring device, wherein the discarding information carried in the packet header is checked in the switch CPU and/or the network monitoring device The error information is analyzed to obtain the cause of packet loss and perform packet discard statistics to obtain the statistical information of discarded packets.
如图3所示,示出了芯片丢弃报文镜像流程图,在配置了第二丢弃报文之后,可以根据镜像配置(将镜像配置到本地或配置到远端网络监控设备,即图3中所示的是否为远程镜像)将镜像的丢弃报文选择发送到交换机CPU和/或远端网络监控设备中。As shown in Figure 3, it shows the flow chart of chip discarding message mirroring. After the second discarding message is configured, the mirroring can be configured according to the mirroring configuration (the mirroring is configured locally or configured to the remote network monitoring device, i.e. in Figure 3 Whether the shown is remote mirroring) selects the mirrored discarded message and sends it to the switch CPU and/or the remote network monitoring device.
当存在远端网络监控设备时,可以选择将第二丢弃报文上送到远端网络监控设备进行错误统计分析,以便于进行全网监控。When there is a remote network monitoring device, you can choose to send the second discarded packet to the remote network monitoring device for error statistical analysis, so as to monitor the entire network.
具体地,将第二丢弃报文发送到远端网络监控设备的具体步骤如下:Specifically, the specific steps of sending the second discarded message to the remote network monitoring device are as follows:
S301:根据远端网络监控设备的目的地址和交换机的源地址对第二丢弃报文进行业务头封装,其中,业务头封装由从丢包节点到远端网络监控设备可达的网络通道决定。S301: Perform service header encapsulation on the second discarded packet according to the destination address of the remote network monitoring device and the source address of the switch, wherein the service header encapsulation is determined by the reachable network channel from the packet loss node to the remote network monitoring device.
业务头封装是为了在网络中传输数据时加入远端网络监控设备对应的头部信息,该头部信息的主要作用是用来帮助中间传输系统将数据传输到一个正确的目的地。例如,若普通的L2可达则封装目的mac地址为远端监控设备的mac地址,封装对应的VLAN,若IP可达则封装目的IP地址为远端监控设备的IP地址。The business header encapsulation is to add the header information corresponding to the remote network monitoring equipment when transmitting data in the network. The main function of the header information is to help the intermediate transmission system transmit the data to a correct destination. For example, if the ordinary L2 is reachable, the encapsulated destination mac address is the mac address of the remote monitoring device, and the corresponding VLAN is encapsulated; if the IP is reachable, the encapsulated destination IP address is the IP address of the remote monitoring device.
S302:将业务头封装后的报文转发到远端网络监控设备。S302: Forward the message encapsulated with the service header to the remote network monitoring device.
其中,由远端网络监控设备解析业务头封装后的报文得到丢弃报文来自的交换设备,并且由第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE)。Wherein, the message after the business head encapsulation is parsed by the remote network monitoring device to obtain the switching device from which the discarded message comes, and the discarded message is identified by the first protocol type information (ie ETHTYPE (ERRO_CODE)), and the discarded information The message header is parsed to obtain the source port (SRC_PORT) and error type (ERRO_CODE).
此外,还可以通过对丢弃报文进行基于交换设备端口和五元组、深度报文内容的错误信息统计,通过统计各个错误类型的丢弃报文数量,可以掌控全网的丢包情况。In addition, it is also possible to control the packet loss of the entire network by counting the discarded packets based on the switching device port, quintuple, and in-depth packet content, and by counting the number of discarded packets of each error type.
本步骤中,业务头封装后的报文由入方向查表后进行转发;在报文入方向上,交换机经过查表后确定该报文是否允许进入转发的端口,如果允许进入,则通过该端口转达到远端网络监控设备中。In this step, the message encapsulated by the service header is forwarded after checking the table in the inbound direction; in the inbound direction of the message, the switch determines whether the message is allowed to enter the forwarded port after checking the table. The port is forwarded to the remote network monitoring equipment.
并且,本申请的统计过程可以在远端网络监控设备中完成,也可以在不存在远端网络监控设备时,在交换机CPU中完成。Moreover, the statistical process of the present application can be completed in the remote network monitoring device, or can be completed in the switch CPU when there is no remote network monitoring device.
当没有远端网络监控设备时,可以选择将第二丢弃报文上送到本地交换机CPU进行错误统计分析。其中,交换机CPU由第二丢弃报文携带的第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE),进而可以对丢弃报文进行基于交换设备端口和五元组、深度报文内容进行错误信息统计。通过统计各个错误类型下的丢弃报文数量,可以掌控全网的丢包情况。通过上述步骤,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。When there is no remote network monitoring device, you can choose to send the second discarded packet to the CPU of the local switch for error statistical analysis. Wherein, the switch CPU identifies the discarded message by the first protocol type information (ie ETHTYPE (ERRO_CODE)) carried by the second discarded message, and parses the discarded information message header to obtain the source port (SRC_PORT) and error type (ERRO_CODE), and then can perform error information statistics on discarded packets based on the switching device port, quintuple, and depth packet content. By counting the number of discarded packets under each error type, you can control the packet loss of the entire network. Through the above steps, it is possible to perform error information statistics on packets based on the switching device, switching device port, quintuple, and depth packet content.
监控设备通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。The monitoring device can obtain the device, source port, packet damage, and error type of the discarded packet through the information used for packet discard statistics. The monitoring device can analyze and count these information to obtain various discard information. For example, the statistics of the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets, so as to locate the device and source port that generated the discarded packets, and facilitate Then optimize the device and source port according to the number of damaged packets and error types.
通过上述步骤,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。五元组是由源IP地址,源端口,目的IP地址,目的端口,和传输层协议这五个量组成的一个集合,五元组能够区分不同会话,并且对应的会话是唯一的。基于五元组进行错误信息统计是通过端口号来识别应用类型,该方式就容易导致一些病毒或垃圾应用采用假冒端口号的方式伪装成合法报文,那么就没法检测。因此,本申请还可以对深度报文内容进行检测是对应用层的分析,可以识别到各种应用及其内容,实现对网络流量的精细化控制和分析。Through the above steps, it is possible to perform error information statistics on packets based on the switching device, switching device port, quintuple, and depth packet content. The quintuple is a set of five quantities consisting of source IP address, source port, destination IP address, destination port, and transport layer protocol. The quintuple can distinguish different sessions, and the corresponding session is unique. The error information statistics based on the quintuple is to identify the application type through the port number. This method will easily cause some viruses or junk applications to use fake port numbers to disguise themselves as legitimate packets, so they cannot be detected. Therefore, the present application can also detect the content of the in-depth message, which is the analysis of the application layer, and can identify various applications and their content, and realize the refined control and analysis of network traffic.
本发明的一种网络丢包流量的监控方法,在交换芯片丢报文中添加丢弃信息报文头,当芯片产生报文丢弃时将该报文添加丢弃信息报文头,根据镜像配置上送交换机CPU或者远端网络监控设备,交换机CPU或网络监控设备通过解析丢弃信息报文头可以得到源端口和错误类型。此外,通过对丢弃报文进行解析,能够掌握出丢包原因,并且可以根据丢弃报文的信息按照流量进行报文丢弃统计。A method for monitoring network packet loss traffic according to the present invention adds a discarding information header to the discarding message of a switching chip, and when the chip generates a message discarding, the message is added with a discarding information header, and the message is sent according to the mirroring configuration The switch CPU or the remote network monitoring device can obtain the source port and error type by analyzing the header of the discarded information packet. In addition, by analyzing discarded packets, the cause of packet loss can be grasped, and packet discarding statistics can be performed according to traffic according to the information of discarded packets.
如图4所示,根据本发明优选实施方式的一种网络丢包流量的解析方法,其能够应用在监控设备(交换机CPU或者远端网络监控设备)上,对通过上述的网络丢包流量的监控方法中交换机的交换芯片发送的丢弃报文进行解析。具体地,该方法包括:As shown in Fig. 4, according to a kind of analysis method of network packet loss flow of the preferred embodiment of the present invention, it can be applied on monitoring equipment (switch CPU or remote network monitoring equipment), to the above-mentioned network packet loss flow by above-mentioned In the monitoring method, the discarded message sent by the switching chip of the switch is analyzed. Specifically, the method includes:
S4:接收交换机芯片发送的由第一丢弃报文镜像得到第二丢弃报文,其中,第一丢弃报文为交换机芯片在丢弃报文中添加了丢弃信息报文头的报文,丢弃信息报文头中包括错误信息。S4: Receive the second discarded message sent by the switch chip and obtain the second discarded message by mirroring the first discarded message, wherein the first discarded message is a message in which the switch chip adds a discarded message header to the discarded message, and the discarded message Include error messages in the header.
第一丢弃报文中添加丢弃信息报文头的过程是在交换芯片中进行,具体地,将丢弃信息报文头添加到丢弃报文的源mac地址之后。因为,丢弃报文的源mac地址之后为丢弃报文的具体数据内容,将丢弃信息报文头添加在源mac地址之后,可以将丢弃信息报文头中添加的数据内容和丢弃报文中原有的数据内容融合在一起,进而便于后续对全网的丢包情况进行错误信息统计时,更加方便。The process of adding the discarding information header to the first discarding message is performed in the switch chip, specifically, adding the discarding information header after the source mac address of the discarding message. Because, after the source mac address of the discarded message is the specific data content of the discarded message, adding the discarded information packet header after the source mac address can combine the data content added in the discarded information packet header with the original data content of the discarded message The data content of the network is fused together, which is more convenient for subsequent error information statistics on the packet loss situation of the entire network.
丢弃报文为以太网协议的报文格式,其包括目的mac地址(DEST_MAC)、源mac地址(SRC_MAC)和协议类型(ETHTYPE),具体地将丢弃信息报文头添加在源mac地址(SRC_MAC)和协议类型(ETHTYPE)之间,如图2所示。The discarded message is the message format of the Ethernet protocol, which includes the destination mac address (DEST_MAC), source mac address (SRC_MAC) and protocol type (ETHTYPE), and specifically adds the discarded information message header to the source mac address (SRC_MAC) and protocol type (ETHTYPE), as shown in Figure 2.
丢弃信息报文头中包括错误信息,该错误信息中包括该丢弃报文的用于对丢包流量进行统计的信息。具体地,错误信息至少包括错误信息标识(ETHTYPE(ERRO_CODE))和用于报文丢弃统计的信息,ETHTYPE(ERRO_CODE)为特殊值用来作为丢弃报文进行识别的标记符,标识此后的信息是用于进行报文丢弃统计的信息。The packet header of the discarded information includes error information, and the error information includes the information of the discarded packet for collecting statistics on the packet loss traffic. Specifically, the error information includes at least an error message identifier (ETHTYPE (ERRO_CODE)) and information used for packet discarding statistics. ETHTYPE (ERRO_CODE) is a special value used as a tag for identifying discarded packets, and the information after the identifier is Information used to collect packet discard statistics.
用于报文丢弃统计的信息包括设备编号ID(UNIQUE_ID)、源端口信息(SRC_PORT)、丢弃报文的长度(PACKET_LEN)和错误编码(ERRO_CODE)。The information used for packet discard statistics includes device ID (UNIQUE_ID), source port information (SRC_PORT), length of discarded packets (PACKET_LEN) and error code (ERRO_CODE).
UNIQUE_ID作为交换设备唯一标识,用于确定产生丢弃报文的设备,进而能够依据产生丢弃报文的设备统计各个设备所产生丢弃报文的数量和错误类型等统计信息。SRC_PORT为报文的源端口,用于确定产生丢弃报文的源端口,进而能够依据产生丢弃报文的源端口统计各个源端口所产生丢弃报文的数量和错误类型等统计信息。PACKET_LEN用来标识丢弃报文的长度,可以用来判断丢弃报文是否发生字符丢失等报文损坏的信息。ERRO_CODE用来标识丢弃报文的错误类型,进而能够依据对丢弃报文的具体错误类型进行统计。UNIQUE_ID, as the unique identifier of the switching device, is used to determine the device that generates discarded packets, and then can count statistical information such as the number of discarded packets and error types generated by each device based on the device that generated discarded packets. SRC_PORT is the source port of the message, which is used to determine the source port that generates the discarded message, and then can count statistical information such as the number of discarded messages generated by each source port and the error type according to the source port that generated the discarded message. PACKET_LEN is used to identify the length of the discarded packet, and can be used to determine whether the discarded packet has character loss and other packet damage information. ERRO_CODE is used to identify the error type of discarded packets, and then statistics can be made based on the specific error types of discarded packets.
例如,ETHTYPE(ERRO_CODE)可配置为0x8809,当远端网络监控设备接收到ETHTYPE为0x8809的报文则可标识此报文为芯片丢弃的报文的镜像报文,按照图2所示的格式进行报文解析可以获得丢弃报文所属的设备和源端口以及丢弃原因、丢弃原始报文。For example, ETHTYPE (ERRO_CODE) can be configured as 0x8809. When the remote network monitoring device receives a message with an ETHTYPE of 0x8809, it can identify this message as a mirror message of the message discarded by the chip, and follow the format shown in Figure 2. Packet parsing can obtain the device and source port to which the discarded packet belongs, the reason for discarding, and discard the original packet.
通过丢弃信息报文头中包含的上述错误信息,可以在后续步骤中通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。By discarding the above-mentioned error information contained in the header of the information message, the device, source port, message damage and error type of the discarded message can be obtained through the information used for message discard statistics in subsequent steps, The monitoring equipment analyzes and counts these information, and can obtain statistics of various discarded information, for example, the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets Statistical information in order to locate the device and source port that generated discarded packets, so as to facilitate subsequent optimization of the device and source port based on the number of damaged packets and error types.
如图2所示,添加错误信息的报文格式即为添加了丢弃信息报文头的丢弃报文,其中,ETHTYPE(ERRO_CODE)是用来标识此后的信息为错误信息,ETHTYPE是丢弃报文本身携带自己的ETHTYPE,两者并不相同。As shown in Figure 2, the packet format for adding error information is the discarded packet with the packet header of the discarded information added, where ETHTYPE (ERRO_CODE) is used to identify the subsequent information as error information, and ETHTYPE is the discarded packet itself Bring your own ETHTYPE, the two are not the same.
将第一丢弃报文镜像为第二丢弃报文的过程是在交换芯片中进行,进行镜像的目的是将第一丢弃报文镜像出交换芯片,便于在后续的交换机CPU或者远端网络监控设备进行分析。The process of mirroring the first discarded message to the second discarded message is carried out in the switch chip. The purpose of mirroring is to mirror the first discarded message out of the switch chip, which is convenient for the subsequent switch CPU or remote network monitoring equipment for analysis.
在镜像过程中,可选地,为了节约带宽可以对第一丢弃报文进行截取前预设个字节后,得到截取后的丢弃报文,将截取后的丢弃报文进行镜像,其中,截取后的丢弃报文至少包括丢弃信息报文头。预设个字节可以是32、64等个字节。In the mirroring process, optionally, in order to save bandwidth, after preset bytes before intercepting the first discarded message, the discarded message after the interception is obtained, and the discarded message after the interception is mirrored, wherein, the intercepted The subsequent discarded packets include at least the discarded information packet header. The preset number of bytes can be 32, 64, etc. bytes.
由于丢弃信息报文头中包括有丢弃报文的主要信息,因此,通过对丢弃信息报文头进行解析,即可获取丢弃报文的流量信息,而无需读取对整个丢弃报文进行分析。Since the discard information packet header includes the main information of the discarded packet, the flow information of the discarded packet can be obtained by parsing the discarded information packet header without reading and analyzing the entire discarded packet.
S5:对第二丢弃报文中的错误信息进行解析,得到丢弃报文的丢包原因和统计信息。S5: Analyzing the error information in the second discarded packet to obtain packet loss reasons and statistical information of the discarded packet.
监控设备为交换机CPU和/或远端网络监控设备,可以根据镜像配置(将镜像配置到本地或配置到远端网络监控设备,即图3中所示的是否为远程镜像)将镜像的丢弃报文选择发送到交换机CPU和/或远端网络监控设备中。The monitoring device is a switch CPU and/or a remote network monitoring device, and the discarding report of the mirror image can be reported according to the mirroring configuration (the mirroring is configured locally or configured to the remote network monitoring device, whether it is a remote mirroring as shown in Figure 3). The selected text is sent to the switch CPU and/or the remote network monitoring equipment.
当存在远端网络监控设备时,由所述远端网络监控设备接收交换机芯片发送的对第二丢弃报文进行业务台封装后的封装的丢弃报文,并对所述封装的丢弃报文进行解析,得到丢弃报文的丢包原因和统计信息When there is a remote network monitoring device, the remote network monitoring device receives the encapsulated discarded message sent by the switch chip after the second discarded message is encapsulated by the service station, and performs the encapsulation of the encapsulated discarded message Analyze to get the packet loss reasons and statistical information of discarded packets
其中,业务头封装是为了在网络中传输数据时加入远端网络监控设备对应的头部信息,该头部信息的主要作用是用来帮助中间传输系统将数据传输到一个正确的目的地。例如,若普通的L2可达则封装目的mac地址为远端监控设备的mac地址,封装对应的VLAN,若IP可达则封装目的IP地址为远端监控设备的IP地址。Among them, the business header encapsulation is to add the header information corresponding to the remote network monitoring equipment when transmitting data in the network. The main function of the header information is to help the intermediate transmission system transmit data to a correct destination. For example, if the ordinary L2 is reachable, the encapsulated destination mac address is the mac address of the remote monitoring device, and the corresponding VLAN is encapsulated; if the IP is reachable, the encapsulated destination IP address is the IP address of the remote monitoring device.
由远端网络监控设备解析业务头封装后的报文得到丢弃报文来自的交换设备,并且由第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE)。此外,还可以通过对丢弃报文进行基于交换设备端口和五元组、深度报文内容的错误信息统计,通过统计各个错误类型的丢弃报文数量,可以掌控全网的丢包情况。The remote network monitoring device analyzes the encapsulated message of the service header to obtain the switching device from which the discarded message comes, and identifies the discarded message by the first protocol type information (that is, ETHTYPE (ERRO_CODE)), and discards the information message The header is parsed to get the source port (SRC_PORT) and error type (ERRO_CODE). In addition, it is also possible to control the packet loss of the entire network by counting the discarded packets based on the switching device port, quintuple, and in-depth packet content, and by counting the number of discarded packets of each error type.
并且,本申请的统计过程可以在远端网络监控设备中完成,也可以在不存在远端网络监控设备时,在交换机CPU中完成。Moreover, the statistical process of the present application can be completed in the remote network monitoring device, or can be completed in the switch CPU when there is no remote network monitoring device.
当没有远端网络监控设备时,由所述交换机CPU对所述第二丢弃报文中的错误信息进行解析,得到丢弃报文的丢包原因和统计信息。其中,交换机CPU由第二丢弃报文携带的第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE),进而可以对丢弃报文进行基于交换设备端口和五元组、深度报文内容进行错误信息统计。通过统计各个错误类型下的丢弃报文数量,可以掌控全网的丢包情况。通过上述步骤,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。When there is no remote network monitoring device, the CPU of the switch parses the error information in the second discarded message to obtain the packet loss cause and statistical information of the discarded message. Wherein, the switch CPU identifies the discarded message by the first protocol type information (ie ETHTYPE (ERRO_CODE)) carried by the second discarded message, and parses the discarded information message header to obtain the source port (SRC_PORT) and error type (ERRO_CODE), and then can perform error information statistics on discarded packets based on the switching device port, quintuple, and depth packet content. By counting the number of discarded packets under each error type, you can control the packet loss of the entire network. Through the above steps, it is possible to perform error information statistics on packets based on the switching device, switching device port, quintuple, and depth packet content.
监控设备通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。The monitoring device can obtain the device, source port, packet damage, and error type of the discarded packet through the information used for packet discard statistics. The monitoring device can analyze and count these information to obtain various discard information. For example, the statistics of the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets, so as to locate the device and source port that generated the discarded packets, and facilitate Then optimize the device and source port according to the number of damaged packets and error types.
通过上述步骤,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。五元组是由源IP地址,源端口,目的IP地址,目的端口,和传输层协议这五个量组成的一个集合,五元组能够区分不同会话,并且对应的会话是唯一的。基于五元组进行错误信息统计是通过端口号来识别应用类型,该方式就容易导致一些病毒或垃圾应用采用假冒端口号的方式伪装成合法报文,那么就没法检测。因此,本申请还可以对深度报文内容进行检测是对应用层的分析,可以识别到各种应用及其内容,实现对网络流量的精细化控制和分析。Through the above steps, it is possible to perform error information statistics on packets based on the switching device, switching device port, quintuple, and depth packet content. The quintuple is a set of five quantities consisting of source IP address, source port, destination IP address, destination port, and transport layer protocol. The quintuple can distinguish different sessions, and the corresponding session is unique. The error information statistics based on the quintuple is to identify the application type through the port number. This method will easily cause some viruses or junk applications to use fake port numbers to disguise themselves as legitimate packets, so they cannot be detected. Therefore, the present application can also detect the content of the in-depth message, which is the analysis of the application layer, and can identify various applications and their content, and realize the refined control and analysis of network traffic.
本方法通过对丢弃信息报文头进行解析,即可以读取丢弃报文错误的信息,能够及时的发现丢包流量对丢包进行基于深层次报文内容的统计。By parsing the packet header of the discarded information, the method can read the error information of the discarded packet, and can detect the packet loss flow in time, and perform statistics on the packet loss based on the deep message content.
如图5所示,本发明还提供了一种网络丢包流量的监控系统,包括:As shown in Figure 5, the present invention also provides a monitoring system for network packet loss traffic, including:
报文头生成模块1,用于在丢弃报文中添加丢弃信息报文头,得到第一丢弃报文。A message
该报文头生成模块1设置在交换芯片中,当交换芯片产生报文丢弃时,在该丢弃报文中添加丢弃信息报文头,具体地,将丢弃信息报文头添加到丢弃报文的源MAC地址之后。因为,丢弃报文的源MAC地址之后为丢弃报文的具体数据内容,将丢弃信息报文头添加在源MAC地址之后,可以将丢弃信息报文头中添加的数据内容和丢弃报文中原有的数据内容融合在一起,进而便于后续对全网的丢包情况进行错误信息统计时,更加方便。The message
丢弃报文为以太网协议的报文格式,其包括目的mac地址(DEST_MAC)、源mac地址(SRC_MAC)和协议类型(ETHTYPE),具体地将丢弃信息报文头添加在源mac地址(SRC_MAC)和协议类型(ETHTYPE)之间,如图2所示。The discarded message is the message format of the Ethernet protocol, which includes the destination mac address (DEST_MAC), source mac address (SRC_MAC) and protocol type (ETHTYPE), and specifically adds the discarded information message header to the source mac address (SRC_MAC) and protocol type (ETHTYPE), as shown in Figure 2.
丢弃信息报文头中包括错误信息,该错误信息中包括该丢弃报文的用于对丢包流量进行统计的信息。具体地,错误信息至少包括错误信息标识(ETHTYPE(ERRO_CODE))、设备编号ID(UNIQUE_ID)、源端口信息(SRC_PORT)、丢弃报文的长度(PACKET_LEN)和错误编码(ERRO_CODE)。The packet header of the discarded information includes error information, and the error information includes the information of the discarded packet for collecting statistics on the packet loss traffic. Specifically, the error information includes at least an error message identifier (ETHTYPE(ERRO_CODE)), a device number ID (UNIQUE_ID), source port information (SRC_PORT), a length of discarded packets (PACKET_LEN) and an error code (ERRO_CODE).
UNIQUE_ID作为交换设备唯一标识,用于确定产生丢弃报文的设备,进而能够依据产生丢弃报文的设备统计各个设备所产生丢弃报文的数量和错误类型等统计信息。SRC_PORT为报文的源端口,用于确定产生丢弃报文的源端口,进而能够依据产生丢弃报文的源端口统计各个源端口所产生丢弃报文的数量和错误类型等统计信息。PACKET_LEN用来标识丢弃报文的长度,可以用来判断丢弃报文是否发生字符丢失等报文损坏的信息。ERRO_CODE用来标识丢弃报文的错误类型,进而能够对丢弃报文的具体错误类型进行统计。UNIQUE_ID, as the unique identifier of the switching device, is used to determine the device that generates discarded packets, and then can count statistical information such as the number of discarded packets and error types generated by each device based on the device that generated discarded packets. SRC_PORT is the source port of the message, which is used to determine the source port that generates the discarded message, and then can count statistical information such as the number of discarded messages generated by each source port and the error type according to the source port that generated the discarded message. PACKET_LEN is used to identify the length of the discarded packet, and can be used to determine whether the discarded packet has character loss and other packet damage information. ERRO_CODE is used to identify the error type of discarded packets, so that statistics can be made on the specific error types of discarded packets.
例如,ETHTYPE(ERRO_CODE)可配置为0x8809,当远端网络监控设备接收到ETHTYPE为0x8809的报文则可标识此报文为芯片丢弃的报文的镜像报文,按照图2所示的格式进行报文解析可以获得丢弃报文所属的设备和源端口以及丢弃原因、丢弃原始报文。For example, ETHTYPE (ERRO_CODE) can be configured as 0x8809. When the remote network monitoring device receives a message with an ETHTYPE of 0x8809, it can identify this message as a mirror message of the message discarded by the chip, and follow the format shown in Figure 2. Packet analysis can obtain the device and source port to which the discarded packet belongs, the reason for discarding, and discard the original packet.
通过丢弃信息报文头中包含的上述错误信息,可以在后续步骤中通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。By discarding the above-mentioned error information contained in the header of the information message, the device, source port, message damage and error type of the discarded message can be obtained through the information used for message discard statistics in subsequent steps, The monitoring equipment analyzes and counts these information, and can obtain statistics of various discarded information, for example, the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets Statistical information in order to locate the device and source port that generated discarded packets, so as to facilitate subsequent optimization of the device and source port based on the number of damaged packets and error types.
如图2所示,添加错误信息的报文格式即为添加了丢弃信息报文头的丢弃报文,其中,ETHTYPE(ERRO_CODE)是用来标识此后的信息为错误信息,ETHTYPE是丢弃报文本身携带自己的ETHTYPE,两者并不相同。As shown in Figure 2, the packet format for adding error information is the discarded packet with the packet header of the discarded information added, where ETHTYPE (ERRO_CODE) is used to identify the subsequent information as error information, and ETHTYPE is the discarded packet itself Bring your own ETHTYPE, the two are not the same.
镜像模块2,用于对第一丢弃报文进行镜像,得到第二丢弃报文。The
镜像模块2进行镜像的目的是将第一丢弃报文镜像出交换芯片,便于在后续的交换机CPU或者远端网络监控设备进行分析。The purpose of mirroring by the
在镜像过程中,可选地,为了节约带宽可以对第一丢弃报文进行截取前预设个字节后,得到截取后的丢弃报文,将截取后的丢弃报文进行镜像,其中,截取后的丢弃报文至少包括丢弃信息报文头。预设个字节可以是32、64等个字节。In the mirroring process, optionally, in order to save bandwidth, after preset bytes before intercepting the first discarded message, the discarded message after the interception is obtained, and the discarded message after the interception is mirrored, wherein, the intercepted The subsequent discarded packets include at least the discarded information packet header. The preset number of bytes can be 32, 64, etc. bytes.
由于丢弃信息报文头中包括有丢弃报文的主要信息,因此,通过对丢弃信息报文头进行解析,即可获取丢弃报文的流量信息,而无需读取对整个丢弃报文进行分析。Since the discard information packet header includes the main information of the discarded packet, the flow information of the discarded packet can be obtained by parsing the discarded information packet header without reading and analyzing the entire discarded packet.
发送模块3,用于将第二丢弃报文上送交换机CPU和/或远端网络监控设备,其中,在交换机CPU和/或网络监控设备中对丢弃信息报文头中携带的错误信息解析,得到丢包原因,进行报文丢弃统计,得到丢弃报文的统计信息。The sending
发送模块3可以根据镜像配置(将镜像配置到本地或配置到远端网络监控设备,即图3中所示的是否为远程镜像)将镜像的丢弃报文选择发送到交换机CPU和/或远端网络监控设备中。Sending
当存在远端网络监控设备时,可以选择将第二丢弃报文上送到远端网络监控设备进行错误统计分析,以便于进行全网监控。When there is a remote network monitoring device, you can choose to send the second discarded packet to the remote network monitoring device for error statistical analysis, so as to monitor the entire network.
具体地,将第二丢弃报文发送到远端网络监控设备的具体步骤如下:Specifically, the specific steps of sending the second discarded message to the remote network monitoring device are as follows:
S301:根据远端网络监控设备的目的地址和交换机的源地址对第二丢弃报文进行业务头封装,其中,业务头封装由从丢包节点到远端网络监控设备可达的网络通道决定。S301: Perform service header encapsulation on the second discarded packet according to the destination address of the remote network monitoring device and the source address of the switch, wherein the service header encapsulation is determined by the reachable network channel from the packet loss node to the remote network monitoring device.
业务头封装是为了在网络中传输数据时加入远端网络监控设备对应的头部信息,该头部信息的主要作用是用来帮助中间传输系统将数据传输到一个正确的目的地。例如,若普通的L2可达则封装目的MAC地址为远端监控设备的MAC地址,封装对应的VLAN,若IP可达则封装目的IP地址为远端监控设备的IP地址。The business header encapsulation is to add the header information corresponding to the remote network monitoring equipment when transmitting data in the network. The main function of the header information is to help the intermediate transmission system transmit the data to a correct destination. For example, if the ordinary L2 is reachable, the encapsulated destination MAC address is the MAC address of the remote monitoring device, and the corresponding VLAN is encapsulated; if the IP is reachable, the encapsulated destination IP address is the IP address of the remote monitoring device.
S302:将业务头封装后的报文转发到远端网络监控设备。S302: Forward the message encapsulated with the service header to the remote network monitoring device.
其中,由远端网络监控设备解析业务头封装后的报文得到丢弃报文来自的交换设备,并且由第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE)。此外,还可以通过对丢弃报文进行基于交换设备端口和五元组、深度报文内容的错误信息统计,通过统计各个错误类型的丢弃报文数量,可以掌控全网的丢包情况。Wherein, the message after the business head encapsulation is parsed by the remote network monitoring device to obtain the switching device from which the discarded message comes, and the discarded message is identified by the first protocol type information (ie ETHTYPE (ERRO_CODE)), and the discarded information The message header is parsed to obtain the source port (SRC_PORT) and error type (ERRO_CODE). In addition, it is also possible to control the packet loss of the entire network by counting the discarded packets based on the switching device port, quintuple, and in-depth packet content, and by counting the number of discarded packets of each error type.
本步骤中,业务头封装后的报文由入方向查表后进行转发;在报文入方向上,交换机经过查表后确定该报文是否允许进入转发的端口,如果允许进入,则通过该端口转达到远端网络监控设备中。In this step, the message encapsulated by the service header is forwarded after checking the table in the inbound direction; in the inbound direction of the message, the switch determines whether the message is allowed to enter the forwarded port after checking the table. The port is forwarded to the remote network monitoring equipment.
并且,本申请的统计过程可以在远端网络监控设备中完成,也可以在不存在远端网络监控设备时,在交换机CPU中完成。Moreover, the statistical process of the present application can be completed in the remote network monitoring device, or can be completed in the switch CPU when there is no remote network monitoring device.
当没有远端网络监控设备时,可以选择将第二丢弃报文上送到本地交换机CPU进行错误统计分析。其中,交换机CPU由第二丢弃报文携带的第一个协议类型信息(即ETHTYPE(ERRO_CODE))标识出丢弃报文,并对丢弃信息报文头进行解析,得到源端口(SRC_PORT)和错误类型(ERRO_CODE),进而可以对丢弃报文进行基于交换设备端口和五元组、深度报文内容进行错误信息统计。通过统计各个错误类型下的丢弃报文数量,可以掌控全网的丢包情况。通过上述步骤,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。When there is no remote network monitoring device, you can choose to send the second discarded packet to the CPU of the local switch for error statistical analysis. Wherein, the switch CPU identifies the discarded message by the first protocol type information (ie ETHTYPE (ERRO_CODE)) carried by the second discarded message, and parses the discarded information message header to obtain the source port (SRC_PORT) and error type (ERRO_CODE), and then can perform error information statistics on discarded packets based on the switching device port, quintuple, and depth packet content. By counting the number of discarded packets under each error type, you can control the packet loss of the entire network. Through the above steps, it is possible to perform error information statistics on packets based on the switching device, switching device port, quintuple, and depth packet content.
监控设备通过用于报文丢弃统计的信息能够得到产生丢弃报文的设备、源端口、报文损坏和丢弃报文的错误类型,监控设备对这些信息进行分析统计,可以得出各种丢弃信息的统计,例如,各个设备或各个源端口产生丢弃报文的数量、发生报文损坏的数量和各种丢弃报文的错误类型的统计信息,以便定位产生丢弃报文的设备和源端口,便于后续根据发生报文损坏的数量和错误类型对设备和源端口进行优化。The monitoring device can obtain the device, source port, packet damage, and error type of the discarded packet through the information used for packet discard statistics. The monitoring device can analyze and count these information to obtain various discard information. For example, the statistics of the number of discarded packets generated by each device or each source port, the number of damaged packets, and the error types of various discarded packets, so as to locate the device and source port that generated the discarded packets, and facilitate Then optimize the device and source port according to the number of damaged packets and error types.
通过监控设备,可以对报文进行基于交换设备和交换设备端口及五元组、深度报文内容进行错误信息统计。五元组是由源IP地址,源端口,目的IP地址,目的端口,和传输层协议这五个量组成的一个集合,五元组能够区分不同会话,并且对应的会话是唯一的。基于五元组进行错误信息统计是通过端口号来识别应用类型,该方式就容易导致一些病毒或垃圾应用采用假冒端口号的方式伪装成合法报文,那么就没法检测。因此,本申请还可以对深度报文内容进行检测是对应用层的分析,可以识别到各种应用及其内容,实现对网络流量的精细化控制和分析。Through the monitoring device, it is possible to perform error information statistics on packets based on switching devices, switching device ports, quintuples, and in-depth packet content. The quintuple is a set of five quantities consisting of source IP address, source port, destination IP address, destination port, and transport layer protocol. The quintuple can distinguish different sessions, and the corresponding session is unique. The error information statistics based on the quintuple is to identify the application type through the port number. This method will easily cause some viruses or junk applications to use fake port numbers to disguise themselves as legitimate packets, so they cannot be detected. Therefore, the present application can also detect the content of the in-depth message, which is the analysis of the application layer, and can identify various applications and their content, and realize the refined control and analysis of network traffic.
本发明还包括一种网络丢包流量的解析系统,接收模块,用于接收交换机芯片发送的由第一丢弃报文镜像得到的第二丢弃报文,其中,所述第一丢弃报文为所述交换机芯片在丢弃报文中添加了丢弃信息报文头的报文,所述丢弃信息报文头中包括错误信息;The present invention also includes an analysis system for network packet loss traffic, and a receiving module for receiving the second discarded message sent by the switch chip and obtained by mirroring the first discarded message, wherein the first discarded message is the Said switch chip adds the message of discarding information packet header in discarding message, and said discarding information packet header includes error information;
解析模块,用于对所述第二丢弃报文中的错误信息进行解析,得到丢弃报文的丢包原因和统计信息。The parsing module is configured to parse the error information in the second discarded message, and obtain the packet loss cause and statistical information of the discarded message.
本方法通过对丢弃信息报文头进行解析,即可以读取丢弃报文错误的信息,能够及时的发现丢包流量对丢包进行基于深层次报文内容的统计。By parsing the packet header of the discarded information, the method can read the error information of the discarded packet, and can detect the packet loss flow in time, and perform statistics on the packet loss based on the deep message content.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
前述对本发明的具体示例性实施方案的描述是为了说明和例证的目的。这些描述并非想将本发明限定为所公开的精确形式,并且很显然,根据上述教导,可以进行很多改变和变化。对示例性实施例进行选择和描述的目的在于解释本发明的特定原理及其实际应用,从而使得本领域的技术人员能够实现并利用本发明的各种不同的示例性实施方案以及各种不同的选择和改变。本发明的范围意在由权利要求书及其等同形式所限定。The foregoing descriptions of specific exemplary embodiments of the present invention have been presented for purposes of illustration and description. These descriptions are not intended to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain the specific principles of the invention and its practical application, thereby enabling others skilled in the art to make and use various exemplary embodiments of the invention, as well as various Choose and change. It is intended that the scope of the invention be defined by the claims and their equivalents.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211004934.3A CN115484193A (en) | 2022-08-22 | 2022-08-22 | Method, system, storage medium and device for monitoring and analyzing network packet loss flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211004934.3A CN115484193A (en) | 2022-08-22 | 2022-08-22 | Method, system, storage medium and device for monitoring and analyzing network packet loss flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115484193A true CN115484193A (en) | 2022-12-16 |
Family
ID=84422998
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211004934.3A Pending CN115484193A (en) | 2022-08-22 | 2022-08-22 | Method, system, storage medium and device for monitoring and analyzing network packet loss flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115484193A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117294576A (en) * | 2023-11-27 | 2023-12-26 | 南京华芯科晟技术有限公司 | Abnormal message processing method, device, equipment and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717150A (en) * | 2013-12-13 | 2015-06-17 | 中兴通讯股份有限公司 | Exchange device and packet loss method |
| CN105897511A (en) * | 2016-04-11 | 2016-08-24 | 烽火通信科技股份有限公司 | Analysis method and system for sending packet to CPU for screening based on packet loss reason |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN110324198A (en) * | 2018-03-30 | 2019-10-11 | 华为技术有限公司 | Loss treating method and packet loss processing unit |
| CN111953568A (en) * | 2020-08-19 | 2020-11-17 | 杭州迪普科技股份有限公司 | Method and device for managing packet loss information |
| CN114006806A (en) * | 2021-10-26 | 2022-02-01 | 苏州浪潮智能科技有限公司 | Packet processing method, device, switch device and storage medium |
-
2022
- 2022-08-22 CN CN202211004934.3A patent/CN115484193A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104717150A (en) * | 2013-12-13 | 2015-06-17 | 中兴通讯股份有限公司 | Exchange device and packet loss method |
| CN106559395A (en) * | 2015-09-29 | 2017-04-05 | 北京东土军悦科技有限公司 | A kind of data message detection method and device based on industrial network |
| CN105897511A (en) * | 2016-04-11 | 2016-08-24 | 烽火通信科技股份有限公司 | Analysis method and system for sending packet to CPU for screening based on packet loss reason |
| CN110324198A (en) * | 2018-03-30 | 2019-10-11 | 华为技术有限公司 | Loss treating method and packet loss processing unit |
| CN111953568A (en) * | 2020-08-19 | 2020-11-17 | 杭州迪普科技股份有限公司 | Method and device for managing packet loss information |
| CN114006806A (en) * | 2021-10-26 | 2022-02-01 | 苏州浪潮智能科技有限公司 | Packet processing method, device, switch device and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117294576A (en) * | 2023-11-27 | 2023-12-26 | 南京华芯科晟技术有限公司 | Abnormal message processing method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3958521B1 (en) | Method and apparatus for providing service for service flow | |
| US8520540B1 (en) | Remote traffic monitoring through a network | |
| CN102082690B (en) | Passive finding equipment and method of network topology | |
| EP3082293B1 (en) | Switching device and packet loss method therefor | |
| EP1376934B1 (en) | Method and apparatus for mirroring traffic over a network | |
| CN110557342B (en) | Device for analyzing and mitigating dropped packets | |
| CN105024985A (en) | A message processing method and device | |
| WO2022078293A1 (en) | Method for detecting multicast service flow and related apparatus | |
| CN116508295A (en) | In-band edge-to-edge round-trip time measurement | |
| CN114826646A (en) | Network abnormal behavior detection method and device and electronic equipment | |
| CN115174676A (en) | Convergence and shunt method and related equipment thereof | |
| CN111654474B (en) | Safety detection method and device | |
| US20160248652A1 (en) | System and method for classifying and managing applications over compressed or encrypted traffic | |
| CN101355585B (en) | System and method for protecting information of distributed architecture data communication equipment | |
| Phaal et al. | RFC3176: InMon Corporation's sFlow: A method for monitoring traffic in switched and routed networks | |
| CN115484193A (en) | Method, system, storage medium and device for monitoring and analyzing network packet loss flow | |
| CN110519103A (en) | A kind of Fault Locating Method of heterogeneous network, device and terminal | |
| CN111884871B (en) | Method and equipment for detecting discarded message of switch | |
| CN116319468B (en) | Network telemetry method, device, switch, network, electronic equipment and medium | |
| CN116016391B (en) | Message forwarding method and system based on NAT gateway | |
| WO2023222028A1 (en) | Network programming technology processing method and system, and storage medium | |
| CN117857394A (en) | Network detection method, network detection device, and computer-readable storage medium | |
| CN103731352B (en) | A kind of message processing method and device | |
| JP2012151689A (en) | Traffic information collection device, network control unit, and traffic information collection method | |
| EP4128667B1 (en) | Distributed network flow record |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221216 |
|
| RJ01 | Rejection of invention patent application after publication |