CN104618128B - A kind of system and method for the meshed network detection analysis based on multithreading - Google Patents
A kind of system and method for the meshed network detection analysis based on multithreading Download PDFInfo
- Publication number
- CN104618128B CN104618128B CN201410305575.4A CN201410305575A CN104618128B CN 104618128 B CN104618128 B CN 104618128B CN 201410305575 A CN201410305575 A CN 201410305575A CN 104618128 B CN104618128 B CN 104618128B
- Authority
- CN
- China
- Prior art keywords
- network
- packet
- unionreadbat
- detection
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 65
- 238000001514 detection method Methods 0.000 title claims abstract description 65
- 238000000034 method Methods 0.000 title claims description 17
- 239000000523 sample Substances 0.000 claims description 27
- 238000012545 processing Methods 0.000 claims description 20
- 239000011159 matrix material Substances 0.000 claims description 14
- 230000000737 periodic effect Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000000151 deposition Methods 0.000 claims description 3
- 235000013399 edible fruits Nutrition 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 24
- 238000005070 sampling Methods 0.000 description 10
- 238000012423 maintenance Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 9
- 230000003139 buffering effect Effects 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 239000003795 chemical substances by application Substances 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 102000006479 Heterogeneous-Nuclear Ribonucleoproteins Human genes 0.000 description 1
- 108010019372 Heterogeneous-Nuclear Ribonucleoproteins Proteins 0.000 description 1
- 235000012364 Peperomia pellucida Nutrition 0.000 description 1
- 240000007711 Peperomia pellucida Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000003862 health status Effects 0.000 description 1
- 238000010348 incorporation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of system of the meshed network detection analysis based on multithreading, including:The Unionreadbat service ends are mainly used in that the node in meshed network is detected and analyzed, and form result of detection;The central server is mainly used in interacting the result of detection with the Unionreadbat service ends;The management client is mainly used in the management of the central server.By the detecting function for the invention provides the interface between each network, realizing the data traffic to a network segment or even whole network.It can be realized by the present invention and safety precaution management is carried out to network, it allows that central server is more effective, more positive ground detection network, central server keeper can failure that quickly tracking network, the network segment or equipment occur, then the precautionary measures are used, it is ensured that network can continue, provide the statistics and result of calculation of service and network document.
Description
Technical field
The present invention relates to computer multiple thread technical field, is detected more particularly, to a kind of meshed network based on multithreading
The system and method for analysis.
Background technology
Content distributing network is established and is covered on bearer network, is made up of the node server group for being distributed in different zones
Distributed network, source contents are published to by fringe node closest to user by certain rule, user is taken nearby
Required content is obtained, solves Internet network congestion condition, improves the response speed that user accesses.Content distributing network is being patrolled
On volume by Content Management System, source server, NMS, global duty equalization server, nodal cache and local
Weigh the part such as server (being collectively referred to as node system) composition, and wherein node system is in final and provides service layer, towards end user
Website is provided and accelerates content.Each node is in system architecture by caching server cluster, load balancing, monitoring of tools, node pipe
The part such as reason system is formed, and each several part is shared out the work and helped one another, user oriented, realizes that user accesses the quick response of content.From content point
Hairnet network acceleration effect is analyzed, and the health status of each node device and network directly influences the effect of content distribution.Therefore, net
The collection of network resource situation is a very important task, and it is detection available bandwidth, finds congested node, realizes and effectively bear
Carry balanced basis.Once node device or network break down, it is necessary to find out in time and use corresponding remedial measure, so as to
Recover content as early as possible and accelerate service.
At present in content distributing network field, central server is to rely on to gather for the usual way of network detection
Various information in network, specifically communicated using SNMP (Simple Network Management Protocol) and each network equipment,
The network resource information of each node is obtained, and the information to collecting is analyzed, while complete the collection of network condition information.
Wherein SNMP is specially designed in IP network management network node (server, work station, router, interchanger and HUBS
Deng) a kind of standard agreement, it is a kind of application layer protocol.SNMP enables network manager to manage network efficiency, finds simultaneously
Solve network problem and planning network increases.Random message (event report) is received by SNMP, NMS is known
Network goes wrong.
Network management model based on snmp protocol is mainly based upon polling mechanism realization, by central server periodic polling
Each node device in content distributing network, obtains corresponding network resource information, then by obtaining net to these information
The situation of network.NMS whole realization based on SNMP includes Topology Discovery, performance monitoring, Stateful Inspection, Trap
Various network resource management functions including reception, alert analysis etc..The shortcomings that this mechanism is:SNMP is based purely on, is managed
Unit is individual equipment, and SNMP agent can only provide the Information Statistics for being addressed to its own, and the information communication between SNMP agent is then
It can not count, be managed because this mechanism is not based on whole network, so as to lack to network entirety flow information
Statistics.
The content of the invention
It is an object of the invention to design a kind of system and method for the meshed network detection analysis based on multithreading, solve
Above mentioned problem.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of system of the meshed network detection analysis based on multithreading, including:
Unionreadbat service ends, central server and management client;The Unionreadbat service ends and institute
State central server network connection;The central server passes through network connection with management client;
The Unionreadbat service ends are mainly used in that the node in meshed network is detected and analyzed, and are formed and visited
Survey result;Detection includes the transmission time of the node with analysis and packet loss is analyzed;
The central server is mainly used in interacting the result of detection with the Unionreadbat service ends;
The management client is mainly used in the management of the central server;The management includes setting the node of detection
Title, detection cycle and the node protocol of detection type.
The system of meshed network detection analysis according to claim 1 based on multithreading, it is characterised in that:It is described
Unionreadbat service ends are connected by SNMP/I CMP with the central server.
Preferably, the Unionreadbat service ends include:
Snmp protocol handles thread;It is mainly used in the agency of snmp protocol;
Packet capture thread;It is mainly used in the capture of the packet to node described in network, described in capturing
Packet is put into data packet buffer;
Processing data packets thread;It is mainly used in being analyzed the packet in data packet buffer, forms analysis
As a result A;And according to analysis result A, counted, form analysis result;
MIB storehouses;It is mainly used in depositing the analysis result;
Event alarm thread;It is mainly used according to the default cycle, inquires about default sensitive amount, form warning watch;Also use
Warning information is issued in the analysis result in the MIB storehouses and the threshold values information in the warning watch.
Preferably, the MIB storehouses include such as lower component:
History group:Periodic samples statistics is carried out to the packet;
Statistics group:The packet detected is subjected to statistic of classification;
System group:System information is provided for MIB storehouses;The system information includes zone name, the fortune that the node is located at
Seek business's title, Hostname, the type of the packet, the type protocol of the packet, packet drop and warning information;
Interface group:It is connected for the Unionreadbat service ends with the meshed network and interface is provided;
Alarm group:The threshold values of network performance is defined, and is alerted according to the threshold values;The network performance includes network
The time delay of bandwidth availability ratio, the packet loss of the packet and the packet;
Capture group:The packet is detected and cached;
Protocol directory:Put the snmp protocol catalogue of agency;
Protocol issuance:Counted for flow caused by the detection node;
Address of cache:For the node network address to the MAC Address of the node matching;For the node
Network address to the port of the node matching;Physical address for the node is to the address of the meshed network
Match somebody with somebody;
Network layer host:For the traffic statistics between the network layer address main frame pair in the meshed network;
Network layer matrix;For the traffic statistics between the main frame pair of the network layer address in the meshed network;
Application layer host:Main frame for the application layer address in the meshed network enters the statistics of outflow;
Using layer matrix:Statistics for flow between the main frame pair of the application layer address in the meshed network;
User's history set:Data record for user's operation;
Proxy configurations:Thread, which is handled, for snmp protocol acts on behalf of the configuration parameter that offer standard defines;
Event group:When record predefines condition, caused event;The record includes recording time, the institute of the event
State the title, IP address and event type of node.
A kind of method of the meshed network detection analysis based on multithreading, comprises the following steps:
Transmission administration order of the management client to the central server;The administration order includes probe node
System information;
The central server sends probe command according to the administration order to the Unionreadbat service ends;Institute
Stating probe command includes nodename, detection cycle and the detection protocol type of detection;
The Unionreadbat service ends are detected and right according to the probe command to the packet of meshed network
The packet is analyzed, and forms result of detection.
Preferably, the Unionreadbat service ends are visited according to the probe command to the packet of meshed network
Survey and the packet is analyzed, the specific method for forming result of detection is:
The packet capture thread of the Unionreadbat service ends is according to the probe command in the meshed network
On capture packet, and the packet of capture is put into data packet buffer;
The processing data packets thread of the Unionreadbat service ends obtains the number by the data packet buffer
Counted according to bag, and to the information of the packet, form analysis result;The information of the packet includes the class of packet
Type, size, protocol type, source address and destination address;
The Unionreadbat service ends MIB storehouses obtain the analysis result;
The Unionreadbat service ends event alarm thread inquires about default sensitive amount, shape according to the default cycle
Into warning watch;And the analysis result in the MIB storehouses and the threshold values information in the warning watch alert to issue
Information.
CDN full name is Content Delivery Network, i.e. content distributing network.
SNMP:Snmp protocol is SNMP, and SNMP is the network management standard based on TCP/IP protocol suite, and its predecessor is letter
Single gateway monitoring protocol (SGMP), for being managed to communication line.
ICMP is (Internet Control Message Protocol) Internet Control Message Protocol.It is
One sub-protocol of TCP/IP protocol suite, for transmitting control message between IP main frames, router.
MIB (management information bank):Refer to the set of the managed object in the webmaster framework of internet, managed object must maintain
It is available for some controls and status information that management program is read and write.These managed objects constitute a virtual information-storing device,
Referred to as management information bank MIB.
Beneficial effects of the present invention can be summarized as follows:
By the invention provides the interface between each network, realizing the data flow to a network segment or even whole network
The detecting function of amount.It can be realized by the present invention and safety precaution management is carried out to network, it allows central server more to have
Effect, more positive ground detection network, central server keeper can quickly tracking network, the network segment or equipment appearance event
Barrier, then using the precautionary measures, it is ensured that network can continue, provide service document;Provide the statistical number of a network
According to and result of calculation.
Brief description of the drawings
Fig. 1 is schematic structural view of the invention;
Fig. 2 is the information in MIB storehouses and maintenance process schematic diagram in the present invention;
Fig. 3 is the schematic flow sheet of the method for the meshed network detection analysis based on multithreading in the present invention.
Embodiment
In order that technical problem solved by the invention, technical scheme and beneficial effect are more clearly understood, below in conjunction with
Drawings and Examples, the present invention will be described in further detail.It should be appreciated that specific embodiment described herein is only used
To explain the present invention, it is not intended to limit the present invention.
It is to make in view of the shortcomings of the prior art and the characteristics of CDN node network system architecture in the present embodiment
, each functional module of CDN node network system is relatively complete, and each intermodule relation is relatively clear, therefore we have invented one kind
The system and method for meshed network detection analysis based on multithreading, a kind of Unionreadbat skills are invented in our invention
Art, technological incorporation snmp protocol processing thread, packet capture thread, processing data packets thread, event alarm thread etc. 4
Thread, and MIB storehouses are combined, the common detection for completing CDN node overall network resource and analysis work.The network signal of the present invention
As shown in figure 1, Unionreadbat service ends handle thread, packet capture thread, processing data packets line by snmp protocol
The detection and analysis to meshed network are realized in 4 threads such as journey, event alarm thread and MIB storehouses;Central server passes through
SNMP/I CMP (Internet Control Message Protocol, i.e. Internet Control Message Protocol), realize to section
The configuration of spot net detection rule;
Central server by SNMP/I CMP (realize and interacted with detection information between Unionreadbat service ends,
And warning information is submitted into central server;
Management client is managed by web modes (http protocol).
The thread introduction being related in the present invention:
1) snmp protocol processing thread:This thread mainly completes the function of SNMP agent, central server and each node
Between information exchange mainly realized in this thread.Snmp protocol processing thread provides Unionreadbat service ends and the external world
Interactive interface, snmp protocol processing function is completed, realize SNMP access interfaces, received SNMP requests, it is carried out at analysis
Reason, and as requested, Unionreadba MIB storehouses are accessed, the mib object value therefrom needed simultaneously returns to requestor.
2) packet capture thread:It is responsible for providing the Unionreadbat sources of service client information, completes to institute on network
There is the capture of packet, the packet captured is put into packet buffering pond.This thread accurately completes network packet
Capturing function is the basis of other thread Correct Analysis.
For the bag in Ethernet, obtain corresponding relation angle from sender and recipient and consider, can summarize and be divided into three kinds:
Unicast packet, multicast packets and broadcast packet.Unicast packet refers to the sender of bag and recipient is man-to-man relation, and recipient is its physics
Unique main frame in the network of address mark;The recipient of multicast packets is all members in the same multicast masses with sender;
The recipient of broadcast packet is then the total All hosts of network.According to the classification for the bag that can be received, the mode of operation of network interface card is divided into 4
Kind:Broadcast, multicast, directly and mix.The network interface card of work in a broadcast mode can receive all broadcast packets to be circulated in network;
It is multicast pattern by Network card setup, it can receive all multicast packets, no matter it is group member;It is operated in Direct Model
Under network interface card can only receive the bag that destination address is the address of oneself;The network interface card being operated under promiscuous mode receives and flows through network interface card
Bag.The default operating mode of network interface card includes broadcast mode and Direct Model, i.e., it only receives the broadcast packet in network and is sent to
The bag of oneself.In the present invention, we make connecing in broadcast type network by the way that the mode of operation of network interface card is arranged into promiscuous mode
Mouth can receive all packets flowed through on network.
3) processing data packets thread:It is responsible for analyzing the data taken out in data packet buffer, and according to bag
The analysis result of the information such as type, size, protocol type, source/destination address, analytic statistics is carried out, in time update MIB storehouses
Corresponding information, realize the renewal of Unionreadbat service client informations, safeguard.Realized because this thread is layered, add new association
View type analysis is easier to complete, and the flexibility of system is bigger.
The thread gradually takes out packet from Data buffer and analyzed, and is changed accordingly according to analysis result
Information in MIB storehouses.The realization in MIB storehouses is mainly completed in this thread, mainly include statstics groups, history groups,
Protocal Dir groups, protocal Dist groups etc..Layering feature and all multi-protocols of the processing data packets thread according to network bag
Between correlation, gradually hierarchical design complete.The structure wrapped for each packet captured, foundation, from outer layer successively
Layer analysis inwards;The package informatin obtained for each layer, according to its pass with the respective sets in Unionreadbat service ends MIB
System, realizes the modification and maintenance for these group informations.
4) event alarm thread:Event alarm thread was responsible for according to the default cycle, inquired about default sensitive amount, according to
Corresponding threshold values information, decides whether to send a warning message to central server in statistical information and warning watch in MIB storehouses.
When some customizing messages are above or below specified threshold, for analyzing obtained special event, the thread will be according to default
Strategy, send warning information to central server in time.
Producing alarming mechanism has two states:The upper limit alerts and lower limit alarm.During the upper limit alerts, this mechanism is being observed
The value of variable can produce the upper limit alarm when exceeding upper limit threshold values, in this state, the mechanism for producing lower limit alarm is closed.
Once upper limit alarm produces, mechanism be put into offline alarm status and be always maintained at the state until the variable being observed reaches or
Drop to below lower limit threshold values.Equally, during lower limit alarm status, when the value for being observed variable reaches or less than lower limit valve
During value, mechanism can produce lower limit alarm, and in this condition, the mechanism for producing upper limit alarm is closed.
Alarm groups, event group functions in MIB storehouses (its information will be introduced later with maintenance process) exist
Realized in this thread.Alarm groups are closely related with event groups, and their logical Trap targets groups are together, common to complete
The Trap alarms of Unionreadbat service ends.First, keeper determines some events that will trigger alarm, by these events
Gradually it is written in event Table marks, for each alarm event, state-event is recorded respectively in event Table tables
Description, event type, the management station's common body for receiving alarm event, event caused by this class alarm event the last time etc.;So
Determined that the bound threshold values of the alarm, alarm sampling interval, sampled value and threshold values will be triggered according to specific alarm feature afterwards
The information such as the method being compared, it is respectively written into corresponding alarmTable.Because Unionreadbat service ends MIB is base
In the assurance of Global Information, the integral status of network has been reacted in the selection of its alarm threshold value information well.
Introduce in the MIB storehouses being related in the present invention
MIB storehouses can be that remote probe define a series of function, it can group well using meshed network as detection unit
Knit and record the network performance and fault history of institute's probe node, effectively record some network events, event can also be provided
And alarm function.
Unionreadbat service ends MIB provides the statistics and result of calculation of a meshed network.Therefore, in
Central server can be obtained to network by the value of the customizing messages to Unionreadbat service end MIB specific groups, analysis
The overall assurance of respective performances.
Unionreadbat service ends MIB is realization and safeguards the core of the system, and forming all threads of system is all
Realized around the access of Unionreadbat service end mib informations, renewal, maintenance, analytic function.Snmp protocol handles thread
The interface that Unionreadbat service ends MIB interacts with the external world is provided;Packet capture thread is responsible for providing Unionreadbat
The source of service end mib information;Processing data packets thread is realized the renewal of Unionreadbat service end mib informations, safeguarded;Thing
Part alerts thread according to the setting of warning information in Unionreadbat service ends MIB, completes the judgement to network failure.
Unionreadbat service ends, which sample, count, analyze obtained all-network information is all stored in
In Unionreadbat service ends MIB, the group information in Unionreadbat service ends MIB includes:
History (history group):Periodic sampling statistics are carried out to network;
Statistics (statistics group):Statistic of classification (including the difference of packet is preserved for the node of each detection
The classification of size, erroneous packets etc.);
System (system group):Offer system Global Information;
Interface (interface group):Each information from system to subnet interface is provided;
Alarm (alarm group):A series of threshold values of network performance are defined, if threshold values crosses the border, can be alerted;
Event (event group):Record all events as caused by Unionreadbat service ends;
Capture (capture group):Packet is cached;
Protocol Dir (protocol directory, Protocol directory):The catalogue of all construable agreements of agency
Record;
Protocol Dist (protocol distribution, protocol issuance):On each agreement production of each node
The statistical information of raw flow;
AddressMap (address map, address of cache):Network address is to MAC Address and port and physical address
Matched to the address of the meshed network;
Nl Host (network-layer matrix, network layer host):Flowed between main frame pair based on network layer address
The statistical information of amount;
Nl Maxtrix (network-layer matrix, network layer matrix);Based on network into address main frame to it
Between strength statistical information;
Al host (application-layer host, application layer host):Main frame disengaging stream based on application layer address
The statistical information of amount;
Al Matrix (application-layer matrix, using layer matrix):Main frame pair based on application layer address
Between flow statistical information;
UsrHistory (user history collection, user's history set):Periodically to user's setting
Variable samples and is based on the user-defined reference record data);
Probeconfig (probe configuration, proxy configurations):For Unionreadbat service ends, agency is fixed
The configuration parameter of adopted standard.
A kind of system of involved meshed network detection analysis based on multithreading, is specifically included in the present invention:
Unionreadbat service ends, central server and management client;Unionreadbat service ends are genuinely convinced with
Business device network connection;Central server passes through network connection with management client;
Unionreadbat service ends are mainly used in that the node in meshed network is detected and analyzed, and form detection knot
Fruit;Detection includes the transmission time of node with analysis and packet loss is analyzed;
Central server is mainly used in interacting result of detection with Unionreadbat service ends;
Management client is mainly used in the management of central server;Management includes setting the nodename of detection, detection week
Phase and the node protocol type of detection.Unionreadbat service ends are connected by SNMP/ICMP with central server.
Unionreadbat service ends include:
Snmp protocol handles thread;It is mainly used in the agency of snmp protocol;
Packet capture thread;It is mainly used in the capture to the packet of nodes, the packet captured is put
Enter data packet buffer;
Processing data packets thread;It is mainly used in being analyzed the packet in data packet buffer, forms analysis result
A;And according to analysis result A, counted, form analysis result;
MIB storehouses;It is mainly used in depositing analysis result;
Event alarm thread;It is mainly used according to the default cycle, inquires about default sensitive amount, form warning watch;Also use
Warning information is issued in the analysis result in MIB storehouses and the threshold values information in warning watch.
MIB storehouses include such as lower component:
History group:Periodic samples statistics is carried out to packet;
Statistics group:The packet detected is subjected to statistic of classification;
System group:System information is provided for MIB storehouses;System information include node be located at zone name, operator name,
Hostname, the type of packet, the type protocol of packet, packet drop and warning information;
Interface group:It is connected for Unionreadbat service ends with meshed network and interface is provided;
Alarm group:The threshold values of network performance is defined, and is alerted according to threshold values;Network performance utilizes including network bandwidth
The time delay of rate, the packet loss of packet and packet;
Capture group:Packet is detected and cached;
Protocol directory:Put the snmp protocol catalogue of agency;
Protocol issuance:Counted for flow caused by probe node;
Address of cache:For node network address to the MAC Address of node matching;Network address for node arrives
The matching of the port of node;Physical address for node matches to the address of meshed network;
Network layer host:For the traffic statistics between the network layer address main frame pair in meshed network;
Network layer matrix;For the traffic statistics between the main frame pair of the network layer address in meshed network;
Application layer host:Main frame for the application layer address in meshed network enters the statistics of outflow;
Using layer matrix:Statistics for flow between the main frame pair of the application layer address in meshed network;
User's history set:Data record for user's operation;
Proxy configurations:Thread, which is handled, for snmp protocol acts on behalf of the configuration parameter that offer standard defines;
Event group:When record predefines condition, caused event;Record include time of record event, node title,
IP address and event type.
Unionreadbat service ends MIB provides the ability being monitored based on MAC layer to network traffics, provides simultaneously
To the monitoring capacity of Internet:
1) statistics, history, alarm and the realization of time group function can be based on MAC layer to network continuous real-time monitoring, system
Meter historical traffic, make timely alarm.
2) Protocol directory group, agreement distribution group, network layer host group, Internet matrix group, the reality of proxy configurations group function
It is existing, it is possible to based on Internet to being measured in network between network packet point agreement statistics, each network host flow and main frame pair
Carry out comprehensive statistics.
3) system combine interface components you can well imagine for the Global Information on system and on each from system to
The information of subnet interface.
The information in MIB storehouses and maintenance process are as shown in Figure 2
1) due to the relevant information of history group control table setting periodic samples, such as sampling type, sampling period, for side
Just loop control.Controlling of sampling chained list, each chained list are generated by control information set in advance in history group control table first
Node represents a kind of history group sample types, and such as section periodic sampling, long period sample.
2) after the generation of controlling of sampling chained list, correspond to each sampling node and corresponding sample clock generator is respectively started, remember
Between recording at the beginning of all kinds sampling.
3) for the packet taken out from packet buffering pond, according to the structure of packet, gradually analyzed, then
According to the result of analysis, the group information in Unionreadbat service ends is carried out to safeguard and change accordingly:
● judgement of the maintenance of history group information based on the sampling period, sample clock generator information sampled to all kinds;
● the type (such as broadcast packet, multicast packets, unicast packet, erroneous packets) of bag, the type protocol of bag (such as IP, ARP,
RARP etc.) directly it can analyze to obtain by pack arrangement, group information is distributed to statistics group, Protocol directory group, agreement so as to realize
Modification and maintenance;
● network host combinational network matrix group be on the basis of analyzing packet address, further combined with other conditions,
The relation between each table in consideration group between group, comprehensive analysis are completed;
● maintenance, the modification of alarm group and event group formation, and the generation of alarm event, are divided to packet
On the basis of analysis, some specific network events are analyzed, judge to obtain;
● realization, renewal and the maintenance of information mainly handle thread in network packet in the invention network detection information bank
Completed with event alarm thread, wherein event alarm processing thread is responsible for completing information gathering and the dimension of alarm group and event group
Shield.
4) analysis of data above bag is completed and group information is changed after completing, and extracts next packet successively,
Repeat above-mentioned data packet analysis work.
As shown in figure 3, a kind of method of the meshed network detection analysis based on multithreading, comprises the following steps:
Transmission administration order of the management client to central server;Administration order includes the system information of probe node;
Central server sends probe command according to administration order to Unionreadbat service ends;Probe command includes visiting
Nodename, detection cycle and the detection protocol type of survey;
Unionreadbat service ends are detected to the packet of meshed network according to probe command and packet are entered
Row analysis, forms result of detection.
Unionreadbat service ends are detected to the packet of meshed network according to probe command and packet are entered
Row analysis, the specific method for forming result of detection are:
Capture data of the packet capture thread of Unionreadbat service ends according to probe command on meshed network
Bag, and the packet of capture is put into data packet buffer;
The processing data packets thread of Unionreadbat service ends obtains packet by data packet buffer, and to data
The information of bag is counted, and forms analysis result;The type of the information of packet including packet, size, protocol type, source
Location and destination address;
Unionreadbat service end MIB storehouses obtain analysis result;
Unionreadbat service end event alarm threads inquire about default sensitive amount, are formed and accused according to the default cycle
Alert table;And the analysis result in MIB storehouses and the threshold values information in warning watch issue warning information.
1) central server keeper signs in system interface by web modes, carries out system setting, including set detection
Nodename, detection cycle, protocol type etc., and detecting function is come into force.
2) all packets flowed through on network packet trapping module load capture CDN node network, and will capture
Packet be put into and set in data packet buffer.This is the processing basis of other modules.
3) network data packet handing module is responsible for analyzing the packet taken out in data packet buffer, and according to right
The analysis result of the information such as the type (such as unicast packet, broadcast packet) of bag, size, protocol type, source/destination address, is divided
Class counts, the corresponding information in time update Unionreadbat service ends MIB.
4) snmp protocol processing module, which loads, realizes SNMP access interfaces, reception SNMP requests (including Get, Get
Request, Set etc. are operated), it is analyzed and processed, and as requested, MIB storehouses are accessed, therefrom obtain MIB pairs of needs
As being worth and returning to requestor (for Get, Get Request), or relevant mib object value is set (to Set operations
Speech).
5) event alarm module is responsible for when particular network event occurs, and actively sends a warning message to genuinely convinced in predetermined
Business device.
6) according to the setting of threshold values information in Unionreadbat service end MIB warning watchs, when some customizing messages exceed
Or during less than formulating threshold values, for analyzing obtained special event, this module will be according to default strategy, in time to center service
Device sends a warning message.
7) two data storage areas have been used in system:Network packet buffering area and Unionreadbat service ends MIB.
8) network packet buffering area is used for the temporary packet captured.In the larger meshed network of network traffics,
The speed moment of capture packet is likely larger than the speed of processing data packets, it is therefore desirable to such a buffering area.Network data
The packet captured is sequentially placed into this buffering area by Packet capturing module, and processing data packets module then gradually takes from buffering area
Packet is obtained to be analyzed and processed.Bag buffering area is logically designed as the queue of a first in first out.
9) MIB storehouses are used for preserving various Unionreadbat service ends mib objects, and these objects are according to Unionreadbat
Service end MIB rules carry out tissue.
Interface between CDN central server and each meshed network is provided by patent of the present invention, realized to one
The detecting function of the data traffic of the individual network segment or even whole network.Unionreadbat service ends can be realized real to meshed network
Row safety precaution management, it allows, and central server is more effective, more positive ground probe node network, central server pipe
Reason person can failure that quickly tracking network, the network segment or equipment occur, then using the precautionary measures, it is ensured that meshed network can
Continue, provide service document.
Unionreadbat service ends MIB provides the statistics and result of calculation of a meshed network.Therefore, in
Central server can by the value of the customizing messages of specific group in Unionreadbat service end MIB meshed networks, analysis,
So as to which the entirety obtained to network respective performances is held.
The present invention is described in detail above by specific and preferred embodiment, but those skilled in the art should be bright
In vain, the invention is not limited in embodiment described above, within the spirit and principles of the invention, any modification for being made,
Equivalent substitution etc., should be included in the scope of the protection.
Claims (5)
- A kind of 1. system of the meshed network detection analysis based on multithreading, it is characterised in that including:Unionreadbat service ends, central server and management client;The Unionreadbat service ends with it is described in Central server passes through network connection;The central server passes through network connection with management client;The Unionreadbat service ends are mainly used in that the node in meshed network is detected and analyzed, and form detection knot Fruit;Detection includes the transmission time of the node with analysis and packet loss is analyzed;The central server is mainly used in interacting the result of detection with the Unionreadbat service ends;The management client is mainly used in the management of the central server;The management includes the node name for setting detection Title, detection cycle and the node protocol type of detection;The Unionreadbat service ends include:Snmp protocol handles thread;It is mainly used in the agency of snmp protocol;Packet capture thread;It is mainly used in the capture of the packet to node described in network, the data that will be captured Bag is put into data packet buffer;Processing data packets thread;It is mainly used in being analyzed the packet in data packet buffer, forms analysis result A;And according to analysis result A, counted, form analysis result;MIB storehouses;It is mainly used in depositing the analysis result;Event alarm thread;It is mainly used according to the default cycle, inquires about default sensitive amount, form warning watch;It is additionally operable to root Warning information is issued according to the analysis result in the MIB storehouses and the threshold values information in the warning watch.
- 2. the system of the meshed network detection analysis according to claim 1 based on multithreading, it is characterised in that:It is described Unionreadbat service ends are connected by SNMP/ICMP with the central server.
- 3. the system of the meshed network detection analysis according to claim 1 based on multithreading, it is characterised in that described MIB storehouses include such as lower component:1) history group:Periodic samples statistics is carried out to the packet;2) statistics group:The packet detected is subjected to statistic of classification;3) system group:System information is provided for MIB storehouses;The system information includes zone name, the operation that the node is located at Business's title, Hostname, the type of the packet, the type protocol of the packet, packet drop and warning information;4) interface group:It is connected for the Unionreadbat service ends with the meshed network and interface is provided;5) alarm group:The threshold values of network performance is defined, and is alerted according to the threshold values;The network performance includes Netowrk tape The time delay of wide utilization rate, the packet loss of the packet and the packet;6) capture group:The packet is detected and cached;7) Protocol directory:Put the snmp protocol catalogue of agency;8) protocol issuance:Counted for flow caused by the detection node;9) address of cache:For the node network address to the MAC Address of the node matching;For the node Matching of the network address to the port of the node;Physical address for the node is to the address of the meshed network Match somebody with somebody;10) network layer host:For the traffic statistics between the network layer address main frame pair in the meshed network;11) network layer matrix;For the traffic statistics between the main frame pair of the network layer address in the meshed network;12) application layer host:Main frame for the application layer address in the meshed network enters the statistics of outflow;13) layer matrix is applied:Statistics for flow between the main frame pair of the application layer address in the meshed network;14) user's history set:Data record for user's operation;15) proxy configurations:Thread, which is handled, for snmp protocol acts on behalf of the configuration parameter that offer standard defines;16) event group:When record predefines condition, caused event;The record includes recording time, described of the event Title, IP address and the event type of node.
- A kind of 4. section based on multithreading based on the system of the meshed network detection analysis based on multithreading described in claim 1 The method of spot net detection analysis, it is characterised in that comprise the following steps:Transmission administration order of the management client to the central server;The administration order includes probe node System information;The central server sends probe command according to the administration order to the Unionreadbat service ends;The spy Surveying order includes nodename, detection cycle and the detection protocol type of detection;The Unionreadbat service ends are detected according to the probe command to the packet of meshed network and to described Packet is analyzed, and forms result of detection.
- 5. the method for the meshed network detection analysis according to claim 4 based on multithreading, it is characterised in that described Unionreadbat service ends are detected to the packet of meshed network according to the probe command and the packet are entered Row analysis, the specific method for forming result of detection are:The packet capture thread of the Unionreadbat service ends is according to the probe command on the meshed network Packet is captured, and the packet of capture is put into data packet buffer;The processing data packets thread of the Unionreadbat service ends obtains the packet by the data packet buffer, And the information of the packet is counted, form analysis result;It is the type of the information of the packet including packet, big Small, protocol type, source address and destination address;The MIB storehouses of the Unionreadbat service ends obtain the analysis result;The event alarm thread of the Unionreadbat service ends is inquired about default sensitive amount, formed according to the default cycle Warning watch;And the analysis result in the MIB storehouses and the threshold values information in the warning watch are believed to issue alarm Breath.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410305575.4A CN104618128B (en) | 2014-06-30 | 2014-06-30 | A kind of system and method for the meshed network detection analysis based on multithreading |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410305575.4A CN104618128B (en) | 2014-06-30 | 2014-06-30 | A kind of system and method for the meshed network detection analysis based on multithreading |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104618128A CN104618128A (en) | 2015-05-13 |
| CN104618128B true CN104618128B (en) | 2017-11-21 |
Family
ID=53152419
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410305575.4A Active CN104618128B (en) | 2014-06-30 | 2014-06-30 | A kind of system and method for the meshed network detection analysis based on multithreading |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104618128B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320283B (en) * | 2014-11-03 | 2017-11-28 | 中国人民解放军空军装备研究院雷达与电子对抗研究所 | Supervision system and method in an air-to-air shooting management system |
| CN108763029A (en) * | 2018-06-11 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of server monitoring platform type adaptive device and method |
| CN110535694A (en) * | 2019-08-19 | 2019-12-03 | 杭州迪普科技股份有限公司 | Method for discovering network topology and device |
| CN111177153A (en) * | 2019-12-27 | 2020-05-19 | 北京华环电子股份有限公司 | Net-SNMP based management method for Mib table |
| CN114257486B (en) * | 2020-11-29 | 2024-06-04 | 赣南师范大学 | Implementation method of network performance management measurement probe for Internet of things |
| CN114546748A (en) * | 2022-02-25 | 2022-05-27 | 浪潮云信息技术股份公司 | A method and system for dynamic analysis of health degree based on application simulation dial test |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101056217A (en) * | 2006-04-14 | 2007-10-17 | 华为技术有限公司 | A network performance measurement method and system |
| CN101083557A (en) * | 2007-06-29 | 2007-12-05 | 中兴通讯股份有限公司 | SNMP based IP network cluster managerial approach |
| CN102958088A (en) * | 2012-12-03 | 2013-03-06 | 大唐电信科技股份有限公司 | Monitoring and evaluating system of WLAN (Wireless Local Area Network) wireless network |
| CN103227781A (en) * | 2013-03-28 | 2013-07-31 | 深圳市共进电子股份有限公司 | Network diagnose and performance evaluation system and method based on user datagram protocol |
-
2014
- 2014-06-30 CN CN201410305575.4A patent/CN104618128B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101056217A (en) * | 2006-04-14 | 2007-10-17 | 华为技术有限公司 | A network performance measurement method and system |
| CN101083557A (en) * | 2007-06-29 | 2007-12-05 | 中兴通讯股份有限公司 | SNMP based IP network cluster managerial approach |
| CN102958088A (en) * | 2012-12-03 | 2013-03-06 | 大唐电信科技股份有限公司 | Monitoring and evaluating system of WLAN (Wireless Local Area Network) wireless network |
| CN103227781A (en) * | 2013-03-28 | 2013-07-31 | 深圳市共进电子股份有限公司 | Network diagnose and performance evaluation system and method based on user datagram protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104618128A (en) | 2015-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104618128B (en) | A kind of system and method for the meshed network detection analysis based on multithreading | |
| Chowdhury et al. | Payless: A low cost network monitoring framework for software defined networks | |
| EP2429128B1 (en) | Flow statistics aggregation | |
| CN106100999B (en) | Image network flow control methods in a kind of virtualized network environment | |
| CN104365058B (en) | For the system and method in multinuclear and group system high speed caching SNMP data | |
| JP4727275B2 (en) | High-speed traffic measurement and analysis methodologies and protocols | |
| EP1418705A2 (en) | Network monitoring system using packet sequence numbers | |
| US20020013849A1 (en) | System, method and computer program product for policy-based billing in a network architecture | |
| CN107404421A (en) | Flow monitoring, monitoring and managing method and system | |
| CN104717150B (en) | Switching device and packet loss method | |
| CN106998263A (en) | For keeping the other system and method for network service level | |
| Jang et al. | Rflow+: An sdn-based wlan monitoring and management framework | |
| US7889644B2 (en) | Multi-time scale adaptive internet protocol routing system and method | |
| CN102065142A (en) | File downloading based scheduling method and system for content delivery network (CDN) | |
| CN113242208B (en) | Network Situation Analysis System Based on Network Flow | |
| CN101277303B (en) | A control method for trusted and controllable network architecture | |
| CN109547257B (en) | Network flow control method, device, device, system and storage medium | |
| CN104104548B (en) | A kind of network safety situation Information Acquisition System and method based on SFLOW and OWAMP | |
| Waldbusser et al. | Introduction to the remote monitoring (RMON) family of MIB modules | |
| CN111800311B (en) | Real-time sensing method for decentralized computing state | |
| Ciuffoletti et al. | Architecture of a network monitoring element | |
| Cisco | NetFlow Services Solutions Guide | |
| Wang et al. | SCSCDaylight: Network Monitoring Tools for Software-Defined Networks Based on Opendaylight | |
| Subramoni et al. | Visualize and Analyze your Network Activities using OSU INAM | |
| Lan et al. | A real-time network traffic analysis and QoS management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180523 Address after: 100010 Beijing Dongcheng District Xianghe garden 5 North Building 2 Gate 506. Patentee after: Peng Yang Address before: 100088 Room 408, 4 floor, 83 building, Desheng Gate Street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING YUELIAN INFORMATION TECHNOLOGY CO., LTD. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211101 Address after: 214104 room 301-59, block a, Xidong chuangrong building, No. 78, Danshan Road, anzhen street, Xishan District, Wuxi City, Jiangsu Province Patentee after: Jiangsu YOUPU Information Technology Co.,Ltd. Address before: 100010 Beijing Dongcheng District Xianghe garden 5 North Building 2 Gate 506. Patentee before: Peng Yang |