[go: up one dir, main page]

CN115733721A - Network management device, network management system, and network management method - Google Patents

Network management device, network management system, and network management method Download PDF

Info

Publication number
CN115733721A
CN115733721A CN202111013086.8A CN202111013086A CN115733721A CN 115733721 A CN115733721 A CN 115733721A CN 202111013086 A CN202111013086 A CN 202111013086A CN 115733721 A CN115733721 A CN 115733721A
Authority
CN
China
Prior art keywords
data packet
packet
network management
determination
responsive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111013086.8A
Other languages
Chinese (zh)
Inventor
邓福铮
黄靖文
沈宥融
胡铭河
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taiwan Lenovo Global Technology Co ltd
Original Assignee
Taiwan Lenovo Global Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiwan Lenovo Global Technology Co ltd filed Critical Taiwan Lenovo Global Technology Co ltd
Priority to CN202111013086.8A priority Critical patent/CN115733721A/en
Publication of CN115733721A publication Critical patent/CN115733721A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请涉及一种网络管理设备,包括逻辑处理器及耦接于所述逻辑处理器的第一通讯接口及第二通讯接口,其中所述第一通讯接口还可耦接于网络交换机且所述第二通讯接口还可耦接于一个或多个计算设备。所述逻辑处理器被设置为通过所述第一通讯接口从所述网络交换机接收数据包,以及判定所述数据包是否须被传送或被阻止。响应于所述数据包须被传送的判定,将所述数据包后续发送至目标计算设备;及响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。本申请还涉及一种对应的网络管理系统以及网络管理方法。

Figure 202111013086

The present application relates to a network management device, including a logic processor and a first communication interface and a second communication interface coupled to the logic processor, wherein the first communication interface can also be coupled to a network switch and the The second communication interface can also be coupled to one or more computing devices. The logical processor is configured to receive a data packet from the network switch via the first communication interface and determine whether the data packet must be forwarded or blocked. Responsive to a determination that the data packet must be delivered, subsequently sending the data packet to a target computing device; and in response to a determination that the data packet must be blocked, preventing subsequent transmission of the data packet to any computing device. The present application also relates to a corresponding network management system and network management method.

Figure 202111013086

Description

网络管理设备、网络管理系统及网络管理方法Network management device, network management system and network management method

技术领域technical field

本申请涉及网络管理,尤其涉及一种网络管理设备、网络管理系统及网络管理方法。The present application relates to network management, in particular to a network management device, a network management system and a network management method.

背景技术Background technique

在诸如服务器网络的计算系统中,多个服务器节点相互连接以形成网络系统。每个服务器节点包括逻辑处理功能、内存存储及用于连接的输入/输出(I/O)接口。需要对服务器网络作管理和控制,优化利用服务器节点资源,以及防止来自外部设备的任何潜在恶意活动。In a computing system such as a server network, multiple server nodes are interconnected to form a network system. Each server node includes logical processing functions, memory storage, and input/output (I/O) interfaces for connectivity. Management and control of the server network is required to optimize utilization of server node resources and prevent any potential malicious activity from external devices.

发明内容Contents of the invention

在一方面,本申请提供一种网络管理设备,所述网络管理设备包括逻辑处理器,以及耦接于所述逻辑处理器的第一通讯接口及第二通讯接口。第一通讯接口可耦接于网络交换机。第二通讯接口可耦接于一个或多个计算设备。所述逻辑处理器被设置为可执行以下操作:通过所述第一通讯接口从所述网络交换机接收数据包,以及判定所述数据包是否须被传送或被阻止。响应于所述数据包须被传送的判定,将所述数据包后续发送至目标计算设备。响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。In one aspect, the present application provides a network management device, which includes a logic processor, and a first communication interface and a second communication interface coupled to the logic processor. The first communication interface can be coupled to the network switch. The second communication interface can be coupled to one or more computing devices. The logic processor is configured to receive a data packet from the network switch through the first communication interface, and determine whether the data packet must be forwarded or blocked. Responsive to a determination that the data packet must be delivered, the data packet is subsequently sent to the target computing device. Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented.

所述逻辑处理器判定所述数据包是否须被传送或被阻止还包括,判定所述数据包是否为单播包或非单播包。响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备。响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。The logical processor determining whether the data packet must be transmitted or blocked also includes determining whether the data packet is a unicast packet or a non-unicast packet. Responsive to a determination that the data packet is a unicast packet, the data packet is transmitted to the target computing device. Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented.

所述逻辑处理器还可以被设置为从外部设备接收查询包,以及响应于接收所述查询包,将存储于数据库中的信息发送至所述外部设备。The logical processor may also be configured to receive a query packet from an external device, and to transmit information stored in a database to the external device in response to receiving the query packet.

所述逻辑处理器还可以被设置为:从所述一个或多个计算设备中的一个计算设备接收第二数据包,以及判定所述第二数据包是否须被传送或被阻止。响应于所述第二数据包须被传送的判定,将所述第二数据包后续传送至网络交换机。响应于所述第二数据包须被阻止的判定,防止将所述第二数据包后续传送至所述网络交换机。The logical processor may also be configured to receive a second data packet from one of the one or more computing devices and determine whether the second data packet must be transmitted or blocked. Responsive to a determination that the second data packet must be transmitted, the second data packet is subsequently transmitted to a network switch. Responsive to a determination that the second data packet must be blocked, subsequent transmission of the second data packet to the network switch is prevented.

所述逻辑处理器判定所述第二数据包是否须被传送或被阻止还包括,判定所述第二数据包是否为非多播包或多播包。响应于所述第二数据包为非多播包的判定,将所述数据包传送至所述网络交换机。响应于所述第二数据包为多播包的判定,防止将所述第二数据包后续传送至所述网络交换机。The logic processor determining whether the second data packet must be transmitted or blocked further includes determining whether the second data packet is a non-multicast packet or a multicast packet. Responsive to a determination that the second data packet is a non-multicast packet, the data packet is transmitted to the network switch. In response to a determination that the second data packet is a multicast packet, subsequent transmission of the second data packet to the network switch is prevented.

所述逻辑处理器还可以被设置为:从所述一个或多个计算设备接收状态包,以及在数据库中存储所述一个或多个计算设备的状态信息。The logical processor may also be configured to receive status packets from the one or more computing devices, and store status information for the one or more computing devices in a database.

根据一个实施例,所述一个或多个计算设备的信息包括地址解析协议(AddressResolution Protocol,ARP)、服务定位协议(Service Location Protocol,SLP)、简单服务发现协议(Simple Service Discovery Protocol,SSDP)及链路层发现协议(Link LayerDiscovery Protocol,LLDP)。According to one embodiment, the information of the one or more computing devices includes Address Resolution Protocol (Address Resolution Protocol, ARP), Service Location Protocol (Service Location Protocol, SLP), Simple Service Discovery Protocol (Simple Service Discovery Protocol, SSDP), and Link Layer Discovery Protocol (Link Layer Discovery Protocol, LLDP).

所述一个或多个计算设备可以包括多个服务器节点。The one or more computing devices may include a plurality of server nodes.

在另一方面,本申请提供一种网络管理系统,所述网络管理系统包括相互耦接的多个根据本公开所述的网络管理设备,其中所述多个网络管理设备中的一个网络管理设备可被设置为机架代理。所述机架代理被设置为执行以下操作:从网络交换机接收数据包,以及判定所述数据包是否须被传送或被阻止。响应于所述数据包须被传送的判定,将所述数据包发送至目标计算设备。响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。In another aspect, the present application provides a network management system, the network management system includes a plurality of network management devices according to the present disclosure coupled to each other, wherein one network management device in the plurality of network management devices Can be set as a rack proxy. The rack agent is configured to receive a data packet from a network switch and determine whether the data packet must be forwarded or blocked. In response to a determination that the data packet must be transmitted, the data packet is sent to the target computing device. Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented.

所述网络管理设备可被设置为机架代理可被进一步设置为判定所述数据包是否为单播包或非单播包。响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备。响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。The network management device may be configured as a rack agent and may be further configured to determine whether the data packet is a unicast packet or a non-unicast packet. Responsive to a determination that the data packet is a unicast packet, the data packet is transmitted to the target computing device. Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented.

根据一个实施例,所述多个网络管理设备被布设为菊花链拓扑设置。According to one embodiment, said plurality of network management devices are arranged in a daisy chain topology arrangement.

优选地,所述多个网络管理设备被设置为与网络交换机形成闭环连接。Preferably, the plurality of network management devices are configured to form a closed-loop connection with a network switch.

优选地,当所述闭环连接发生改变时,所述网络管理设备中的另一台可被设置为第二机架代理。所述第二机架代理被设置为执行以下操作:从所述网络交换机接收第二数据包,以及判定所述第二数据包是否须被传送或被阻止。响应于所述第二数据包为须被传送的判定,将所述第二数据包传送至第二目标计算设备。响应于第二数据包为须被阻止的判定,防止将所述第二数据包后续传送至任何计算设备。Preferably, when the closed-loop connection changes, another one of the network management devices can be set as the second rack agent. The second rack agent is configured to receive a second data packet from the network switch and determine whether the second data packet must be forwarded or blocked. Responsive to a determination that the second data packet is to be transmitted, the second data packet is transmitted to a second target computing device. Responsive to a determination that the second data packet is to be blocked, subsequent transmission of the second data packet to any computing device is prevented.

所述另一台可被设置为第二机架代理的网络管理设备可以被进一步设置为判定所述第二数据包是否为单播包或非单播包。响应于所述第二数据包为单播包的判定,将所述第二数据包传送至所述目标计算设备。响应于所述第二数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。The other network management device that can be set as the second rack agent can be further set to determine whether the second data packet is a unicast packet or a non-unicast packet. Responsive to a determination that the second data packet is a unicast packet, the second data packet is transmitted to the target computing device. Responsive to a determination that the second data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented.

优选地,所述网络管理设备被设置为:确定至少一个候选机架代理,其中所述至少一个候选机架代理中的每一个均为直接连接于所述网络交换机的所述网络管理设备之一,计算每个候选机架代理各自的优先级值,以及基于最小值的优先级值确定所述机架代理。Preferably, the network management device is configured to: determine at least one candidate rack proxy, wherein each of the at least one candidate rack proxy is one of the network management devices directly connected to the network switch , calculating a respective priority value for each candidate rack agent, and determining the rack agent based on the minimum priority value.

在又一方面,本申请提供一种网络管理方法。所述方法包括:通过第一通讯接口从网络交换机接收数据包,以及判定所述数据包是否须被传送或被阻止。响应于所述数据包须被传送的判定,将所述数据包后续发送至目标计算设备。响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。In yet another aspect, the present application provides a network management method. The method includes receiving a data packet from a network switch via a first communication interface, and determining whether the data packet must be transmitted or blocked. Responsive to a determination that the data packet must be delivered, the data packet is subsequently sent to the target computing device. Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented.

所述方法还可以包括,判定所述数据包是否为单播包或非单播包。响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备。响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。The method may further include determining whether the data packet is a unicast packet or a non-unicast packet. Responsive to a determination that the data packet is a unicast packet, the data packet is transmitted to the target computing device. Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented.

所述方法还可以包括,从外部设备接收查询包。响应于接收所述查询包,将存储于数据库中的信息发送至所述外部设备。The method may further include receiving an inquiry packet from an external device. In response to receiving the query packet, the information stored in the database is sent to the external device.

所述方法还可以包括,从一个计算设备或多个计算设备中的一个计算设备接收第二数据包,以及判定所述第二数据包是否须被传送或被阻止。响应于所述第二数据包须被传送的判定,将所述第二数据包后续发送至网络交换机。响应于所述第二数据包须被阻止的判定,防止将所述第二数据包后续发送至所述网络交换机。The method may also include receiving a second data packet from the computing device or one of the plurality of computing devices, and determining whether the second data packet must be transmitted or blocked. Responsive to a determination that the second data packet must be transmitted, the second data packet is subsequently sent to a network switch. Responsive to a determination that the second data packet must be blocked, subsequent transmission of the second data packet to the network switch is prevented.

所述方法还可以包括从所述一个或多个计算设备接收状态包,以及在数据库中存储所述一个或多个计算设备的状态信息。The method may also include receiving a status packet from the one or more computing devices, and storing status information for the one or more computing devices in a database.

附图说明Description of drawings

图1是根据本申请一个实施例的网络管理系统的示意图;FIG. 1 is a schematic diagram of a network management system according to an embodiment of the present application;

图2是图1所示实施例中网络管理设备的示例示意图;Fig. 2 is a schematic diagram of an example of a network management device in the embodiment shown in Fig. 1;

图3是根据图1实施例的网络交换机与网络管理设备之间的连接及数据包发送示意图;Fig. 3 is a schematic diagram of connection and data packet transmission between the network switch and the network management device according to the embodiment of Fig. 1;

图4是图1实施例中网络交换机与网络管理设备的连接示意图及另一数据包发送的示意图;Fig. 4 is a schematic diagram of the connection between the network switch and the network management device in the embodiment of Fig. 1 and a schematic diagram of sending another data packet;

图5是根据本申请另一实施例的与网络交换机形成闭环连接的网络管理系统示意图;5 is a schematic diagram of a network management system forming a closed-loop connection with a network switch according to another embodiment of the present application;

图6是根据图5的网络管理系统确定机架代理的示意图。FIG. 6 is a schematic diagram of determining a rack agent according to the network management system in FIG. 5 .

图7是根据图5实施例的网络管理系统的闭环连接发生改变的示意图;Fig. 7 is a schematic diagram showing that the closed-loop connection of the network management system according to the embodiment of Fig. 5 changes;

图8是根据图7的网络管理系统确定机架代理的示意图。FIG. 8 is a schematic diagram of determining a rack agent according to the network management system in FIG. 7 .

图9是根据图5实施例的网络管理系统的闭环连接发生另一种改变的示意图。FIG. 9 is a schematic diagram of another change in the closed-loop connection of the network management system according to the embodiment of FIG. 5 .

图10是根据图9的网络管理系统确定机架代理的示意图。FIG. 10 is a schematic diagram of determining a rack agent according to the network management system in FIG. 9 .

图11是根据本申请机架代理判定方法一个实施例的示意图;以及Fig. 11 is a schematic diagram according to an embodiment of the rack proxy determination method of the present application; and

图12是根据本申请一个实施例的服务器管理方法示意图。Fig. 12 is a schematic diagram of a server management method according to an embodiment of the present application.

具体实施方式Detailed ways

典型的数据中心网络可以分为数据网络及管理网络。管理网络连接多个物理网络设备,如系统管理模块(System Management Module,SMM)、板管理控制器(BoardManagement Controller,BMC)、服务器节点等。管理员可通过管理网络集中监控及管理这些设备。例如,系统管理模块通过菊花链拓扑设置连接到网络交换机,这有助于减少网络交换机中的接口使用,从而实现网络的可扩展性。A typical data center network can be divided into a data network and a management network. The management network connects multiple physical network devices, such as a system management module (System Management Module, SMM), a board management controller (Board Management Controller, BMC), server nodes, and the like. Administrators can centrally monitor and manage these devices through the management network. For example, the system management module is connected to the network switch through a daisy-chain topology setup, which helps to reduce the interface usage in the network switch, thereby enabling the scalability of the network.

每个网络设备通过网络交换机向网络其他部分发送广播(Broadcast)数据包、未知单播(Unknown unicast)数据包及多播(Multicast)数据包,统称为BUM数据包时,大量数据包在网络中的传送可导致管理网络拥塞。类似地,每个网络设备也均需要处理从网络交换机接收到的BUM数据包,从而导致网络设备的性能下降。此外,来路不明的单播数据包还可能成为网络的安全隐患。When each network device sends broadcast (Broadcast) data packets, unknown unicast (Unknown unicast) data packets and multicast (Multicast) data packets to other parts of the network through the network switch, collectively referred to as BUM data packets, a large number of data packets in the network transmissions can cause congestion on the management network. Similarly, each network device also needs to process the BUM data packets received from the network switch, thus causing performance degradation of the network device. In addition, unicast data packets from unknown sources may also become a security risk to the network.

图1示出根据本申请实施例的一个网络管理系统100。网络管理系统100包括彼此耦接的多个网络管理设备112/122/132/142,及多个与网络管理设备112/122/132/142兼容的其他网络设备,例如计算设备。每个网络管理设备112/122/132/142分别与至少一个计算设备114/124/134/144耦接。作为一个示例,如图1所示,计算设备可以是4组服务器节点阵列114/124/134/144,每组有3个服务器节点。多个网络管理设备112/122/132/142被排布为菊花链拓扑设置耦接,即,多个网络管理设备112/122/132/142串联连接。相应的服务器节点114/124/134/144与各组藕接的相应网络管理设备112/122/132/142串联连接,使得服务器节点114并联连接于服务器节点124,服务器节点134并联连接于服务器节点144等。网络管理系统100被设置为可耦接于架顶式(Top of Rack)网络交换机200或类似设备。Fig. 1 shows a network management system 100 according to an embodiment of the present application. The network management system 100 includes a plurality of network management devices 112/122/132/142 coupled to each other, and a plurality of other network devices, such as computing devices, compatible with the network management devices 112/122/132/142. Each network management device 112/122/132/142 is coupled to at least one computing device 114/124/134/144, respectively. As an example, as shown in FIG. 1, the computing device may be an array of 4 server nodes 114/124/134/144, each having 3 server nodes. The plurality of network management devices 112/122/132/142 are arranged to be coupled in a daisy-chain topology arrangement, ie, the plurality of network management devices 112/122/132/142 are connected in series. Corresponding server nodes 114/124/134/144 are connected in series with corresponding network management devices 112/122/132/142 coupled to each group, so that server nodes 114 are connected in parallel to server nodes 124, and server nodes 134 are connected in parallel to server nodes 144 et al. The network management system 100 is configured to be coupled to a Top of Rack (Top of Rack) network switch 200 or similar devices.

图2示出网络管理系统100中,网络管理设备112的一个示例。网络管理设备112包括逻辑处理器,例如板管理控制器(Board Management Controller,BMC)160、交换芯片170、可编程片上系统(Programmable System on Chip,PSoC)180,及带内管理接口(In-band Management Port,IMP)190。逻辑处理器耦接于数据库150。交换芯片170通过例如串行外设接口耦接于板管理控制器160。可编程片上系统180通过集成电路总线(Inter-Integrated Circuit,I2C)及通用输入/输出(General Purpose Input/Output,GPIO)耦接于板管理控制器160。带内管理接口190设置于交换芯片170上。进一步地,网络管理设备112包括第一通讯接口、第二通讯接口及第三通讯接口。第一通讯接口可以是例如接口“A”172,所述接口“A”172用于耦接于网络交换机200。第二通讯接口可以是例如接口“B”174,所述接口“B”174用于耦接于网络管理设备112/122/132/142中的另一网络管理设备。第三通信接口可以是例如接口“N”176,所述接口“N”176用于耦接于服务器节点114/124/134/144。网络管理设备112的数据库150被设置为存储网络管理设备112/122/132/142的信息以及其他服务器节点114/124/134/144的信息。FIG. 2 shows an example of a network management device 112 in the network management system 100 . The network management device 112 includes a logic processor, such as a board management controller (Board Management Controller, BMC) 160, a switch chip 170, a programmable system on chip (Programmable System on Chip, PSoC) 180, and an in-band management interface (In-band Management Port, IMP) 190. The logical processor is coupled to the database 150 . The switch chip 170 is coupled to the board management controller 160 through, for example, a serial peripheral interface. The programmable SoC 180 is coupled to the board management controller 160 through an Inter-Integrated Circuit (I2C) and a General Purpose Input/Output (GPIO). The in-band management interface 190 is disposed on the switch chip 170 . Further, the network management device 112 includes a first communication interface, a second communication interface and a third communication interface. The first communication interface can be, for example, the interface “A” 172 for coupling to the network switch 200 . The second communication interface may be, for example, the interface "B" 174 for coupling to another network management device among the network management devices 112/122/132/142. The third communication interface may be, for example, interface "N" 176 for coupling to server nodes 114/124/134/144. The database 150 of the network management device 112 is arranged to store information of the network management device 112/122/132/142 as well as information of other server nodes 114/124/134/144.

在图1及图2所示的实施例中,其中一个网络管理设备被设置为机架代理102。作为一个示例,与网络交换机200直接连接的网络管理设备112被设定为机架代理102。机架代理102可以作为网络交换机200与网络管理系统100之间的网关。可替代地,机架代理102的选择或确定可基于其他标准或规则,这些标准或规则将在下文中详细说明。机架代理102被设置为根据所接收到的数据包的特征判定该数据包的处理方式。In the embodiments shown in FIG. 1 and FIG. 2 , one of the network management devices is set as the rack agent 102 . As an example, the network management device 112 directly connected to the network switch 200 is set as the rack proxy 102 . The rack proxy 102 can serve as a gateway between the network switch 200 and the network management system 100 . Alternatively, the selection or determination of the rack agent 102 may be based on other criteria or rules, which will be described in detail below. The rack proxy 102 is configured to determine the processing mode of the received data packet according to the characteristics of the received data packet.

参考图3,当网络管理系统100连接于网络交换机200时,机架代理102从网络交换机200接收数据包410a/420,并判定数据包410a/420的处理方式,即该数据包是否须被传送或被阻止。如果机架代理102判定某数据包(例如数据包410a)须被传送,即,响应于数据包410a须被传送的判定,机架代理102将该数据包410a后续发送至目标计算设备。相反地,如果机架代理102判定某数据包(例如数据包420)须被阻止,即,响应于数据包须被阻止的判定,机架代理102则防止将该数据包420后续发送至任何计算设备。Referring to FIG. 3, when the network management system 100 is connected to the network switch 200, the rack agent 102 receives the data packet 410a/420 from the network switch 200, and determines the processing mode of the data packet 410a/420, that is, whether the data packet must be transmitted or be blocked. If rack agent 102 determines that a data packet (eg, data packet 410a ) must be transmitted, ie, in response to the determination that data packet 410a must be transmitted, rack agent 102 subsequently sends data packet 410a to the target computing device. Conversely, if rack agent 102 determines that a packet (e.g., packet 420) must be blocked, i.e., in response to the determination that the packet must be blocked, rack agent 102 prevents subsequent sending of packet 420 to any computing equipment.

机架代理102还可以被设置为基于数据包410a/420判定目标计算设备。例如,机架代理102基于数据库150中的信息及数据包410a/420判定目标计算设备。如果机架代理不能判定目标计算设备,该数据包将被阻止传送。机架代理102还可以进一步被设置为判定数据包410a/420是否为单播包或非单播包。在判定目标计算设备之后,响应于数据包(例如数据包410a)是单播包的判定,机架代理102将该单播包传送至服务器节点134。相反地,响应于数据包(例如数据包420)是非单播包的判定,机架代理102阻止数据包420的传送。根据上述设置,机架代理102进行目标计算设备的判定、数据包性质的判定,以及传送数据包或阻止传送数据包,而其他的网络管理设备122/132/142则被设置为数据包传送通道。Rack agent 102 may also be configured to determine a target computing device based on data packet 410a/420. For example, rack agent 102 determines the target computing device based on information in database 150 and data packets 410a/420. If the Rack Agent cannot determine the target computing device, the packet will be blocked from delivery. The rack agent 102 may further be configured to determine whether the data packet 410a/420 is a unicast packet or a non-unicast packet. After determining the target computing device, rack agent 102 transmits the unicast packet to server node 134 in response to determining that the data packet (eg, data packet 410a ) is a unicast packet. Conversely, in response to a determination that a data packet (eg, data packet 420 ) is a non-unicast packet, rack agent 102 prevents transmission of data packet 420 . According to the above settings, the rack agent 102 determines the target computing device, determines the nature of the data packet, and transmits the data packet or prevents the transmission of the data packet, while other network management devices 122/132/142 are set as data packet transmission channels .

图4示出另一示例性场景,其中,数据包从其中一个计算设备发送至网络交换机200。在该场景中,机架代理102被设置为可从例如服务器节点134的计算设备接收第二数据包430a/440,并根据所接收到的该第二数据包430a/440的特征,判定该第二数据包430a/440的处理方式,即该数据包是否须被传送或被阻止。如果机架代理102判定某第二数据包(例如第二数据包430a)须被传送,即,响应于第二数据包430a须被传送的判定,机架代理102则将第二数据包430a发送至网络交换机200。相反地,如果机架代理102判定某第二数据包(例如第二数据包440)须被阻止传送,即,响应于第二数据440须被阻止的判定,机架代理102防止第二数据包440向网络交换机200的传送。FIG. 4 illustrates another exemplary scenario in which a data packet is sent from one of the computing devices to the network switch 200 . In this scenario, the rack agent 102 is configured to receive the second data packet 430a/440 from a computing device such as the server node 134, and determine the first The processing mode of the second data packet 430a/440, that is, whether the data packet must be transmitted or blocked. If the rack agent 102 determines that a second data packet (e.g., the second data packet 430a) must be transmitted, that is, in response to the determination that the second data packet 430a must be transmitted, the rack agent 102 sends the second data packet 430a. to the network switch 200. Conversely, if the rack agent 102 determines that a second data packet (e.g., the second data packet 440) must be prevented from being transmitted, that is, in response to the determination that the second data 440 must be prevented, the rack agent 102 prevents the second data packet from being transmitted. 440 transmission to the network switch 200.

机架代理102还可以被设置为判定第二数据包是多播包或是非多播包。如果判定第二数据包为非多播包,例如如图4所示的非多播包430a,即,响应于第二数据包为非多播包的判定,机架代理102将该第二数据包430a发送至网络交换机200。相反地,如果判定第二数据包为多播包,例如如图4所示的多播包440,即,响应于第二数据包440为非多播包的判定,机架代理102防止将该第二数据包440发送至网络交换机200。通过执行上述操作,机架代理102仅允许传送具有特定接收端地址的数据包或特定类型的数据包,即通过机架代理102降低网络饱和的可能性。有益地,上述方案可以减轻网络拥塞并提高了计算设备的性能。此外,上述方案还可以降低由于来路不明的单播数据包所可能导致的安全风险。The rack agent 102 may also be configured to determine whether the second data packet is a multicast packet or a non-multicast packet. If it is determined that the second data packet is a non-multicast packet, such as the non-multicast packet 430a shown in FIG. Packet 430a is sent to network switch 200 . Conversely, if it is determined that the second data packet is a multicast packet, such as the multicast packet 440 shown in FIG. The second data packet 440 is sent to the network switch 200 . By performing the above operations, the rack proxy 102 only allows data packets with specific receiver addresses or specific types of data packets to be transmitted, that is, the rack proxy 102 reduces the possibility of network saturation. Beneficially, the above scheme can reduce network congestion and improve the performance of computing devices. In addition, the above solution can also reduce security risks that may be caused by unicast data packets from unknown sources.

每个网络管理设备112/122/132/142还可以被设置为通过系统管理总线(SystemManagement Bus,SMBus)从与之耦接的相应计算设备(例如,服务器节点114/124/134/144)获取信息。所述信息存储于每个网络管理设备112/122/132/142的数据库150,并可以定期地或在网络管理系统100中的任何状态改变时,进行相应更新。每个网络管理设备122/132/142使用单播状态包将计算设备(例如服务器节点114/124/134/144或网络管理设备122/132/142)的相应状态信息发送至机架代理102。因此,机架代理102直接或间接地从网络管理设备122/132/142接收状态包,并将与所接收的状态包对应的状态信息存储于机架代理102的数据库150中。状态信息可以包括与所有计算设备的操作环境、连接状态、设备正常运行状态、设备运行时间等有关的信息。Each network management device 112/122/132/142 can also be configured to obtain the information. The information is stored in the database 150 of each network management device 112/122/132/142 and may be updated periodically or upon any state change in the network management system 100 accordingly. Each network management device 122/132/142 sends corresponding status information for a computing device (eg, server node 114/124/134/144 or network management device 122/132/142) to rack agent 102 using unicast status packets. Therefore, the rack agent 102 directly or indirectly receives the status packet from the network management device 122 / 132 / 142 , and stores the status information corresponding to the received status packet in the database 150 of the rack agent 102 . Status information may include information about the operating environment, connection status, device health status, device runtime, etc. of all computing devices.

当从外部设备接收到查询请求,诸如接收到外部设备发送的查询包时,机架代理102响应于该查询请求,将存储于数据库150内的信息发送至该外部设备。作为一个示例,外部设备可以是网络交换机200,其中查询包可以是例如地址解析协议(ARP)、服务定位协议(SLP)、简单服务发现协议(SSDP)及链路层发现协议(LLDP)中的一种。这确保机架代理102有效地响应查询请求,提高网络效率并减少资源使用。在另一个示例中,外部设备可以是网络管理系统100以外的其他网络管理设备或服务器节点,其中查询包可以是例如地址解析协议(ARP)、服务定位协议(SLP)、简单服务发现协议(SSDP)及链路层发现协议(LLDP)中的一种。When receiving a query request from an external device, such as a query packet sent by the external device, the rack agent 102 sends the information stored in the database 150 to the external device in response to the query request. As an example, the external device may be a network switch 200, wherein the query packet may be, for example, an address resolution protocol (ARP), a service location protocol (SLP), a simple service discovery protocol (SSDP), and a link layer discovery protocol (LLDP). A sort of. This ensures that rack agents 102 respond to query requests efficiently, increasing network efficiency and reducing resource usage. In another example, the external device may be other network management devices or server nodes other than the network management system 100, where the query packet may be, for example, Address Resolution Protocol (ARP), Service Location Protocol (SLP), Simple Service Discovery Protocol (SSDP) ) and Link Layer Discovery Protocol (LLDP).

在又一示例中,外部设备可以是网络管理员设备300,其中网络管理员向机架代理102查询关于网络管理系统100内所有设备的信息,例如特定服务器节点114/124/134/144的状态及健康状况。根据本示例提供的方案,网络管理员可以直接从机架代理102获取相应设备的所有信息,而无须向每个设备逐一查询访问。网络管理员还可以通过机架代理发送指令包以控制网络管理系统100中的设备。本方案可以有益地提高效率并减少网络管理员的工作量。In yet another example, the external device may be a network administrator device 300, wherein the network administrator queries the rack agent 102 for information about all devices within the network management system 100, such as the status of a particular server node 114/124/134/144 and health status. According to the solution provided in this example, the network administrator can directly obtain all the information of the corresponding equipment from the rack agent 102 without querying and accessing each equipment one by one. The network administrator can also send instruction packets through the rack agent to control the devices in the network management system 100 . The solution can beneficially improve the efficiency and reduce the workload of the network administrator.

表1示出存储于数据库150的信息表的示例,所述信息表与耦接于网络管理设备(网络管理设备#1)的服务器节点1、服务器节点2及服务器节点3相关。表2示出存储于数据库150、与耦接于网络管理设备(网络管理设备#4)的服务器节点10、服务器节点11及服务器节点12相关的信息表的示例。示例信息表存储有并不断更新的每个相应节点的信息,例如IP地址、MAC地址、允许的协议。Table 1 shows an example of information tables stored in the database 150 related to server node 1, server node 2, and server node 3 coupled to the network management device (network management device #1). Table 2 shows an example of an information table stored in the database 150 related to the server node 10, the server node 11, and the server node 12 coupled to the network management device (network management device #4). The example information table stores and constantly updates the information of each corresponding node, such as IP address, MAC address, allowed protocol.

表1Table 1

Figure BDA0003238987820000101
Figure BDA0003238987820000101

表2Table 2

Figure BDA0003238987820000102
Figure BDA0003238987820000102

表3table 3

Figure BDA0003238987820000103
Figure BDA0003238987820000103

所有的信息表,例如以上所示的表1及表2,共同存储于机架代理102的数据库150中。机架代理102通过数据库150并结合信息表及预定规则生成规则表(表3)。表3包括诸如阻止来自网络交换机200的非单播数据包及阻止来自服务器节点114/124/134/144的多播数据包的规则。在接收到数据包时,机架代理102按照规则表确定相应的操作。作为辅助说明的示例,参考表3的规则1为在接口“A”接收数据包时,即,来自网络交换机200的数据包的判定规则。由于MAC地址被确定为未知,该数据包被拒绝并被阻止后续发送。参考规则2及规则3,当接口“A”接收到多播包或广播数据包时,数据包同样被拒绝并被阻止后续发送。当在接口“B”接收到多播数据包时,即,来自另一个网络管理设备或服务器节点的多播数据包时,所述数据包被拒绝并被阻止后续发送。从网络交换机200接收到如SLP、ARP、SSDP查询请求时,机架代理102参照如规则5至7中所示的操作回复查询请求。当在接口“A”或“B”接收到单播数据包并且传送目的地址有效时,该单播数据包被允许通过,并被发送至符合目标地址的目标计算设备。上述示例仅作为说明而不应被理解为本公开限于上述示例。任何与网络有关的,且可适用的其他规则均为在本公开的范围内。All information tables, such as Table 1 and Table 2 shown above, are jointly stored in the database 150 of the rack agent 102 . The rack agent 102 generates a rule table (Table 3) through the database 150 and in combination with the information table and predetermined rules. Table 3 includes rules such as blocking non-unicast packets from network switch 200 and blocking multicast packets from server nodes 114/124/134/144. When receiving a data packet, the rack agent 102 determines the corresponding operation according to the rule table. As an illustrative example, refer to Rule 1 of Table 3 as the decision rule for receiving data packets at the interface “A”, that is, data packets from the network switch 200 . Since the MAC address was determined to be unknown, the packet was rejected and prevented from being sent further. Referring to rule 2 and rule 3, when interface "A" receives a multicast packet or a broadcast packet, the packet is also rejected and prevented from being sent further. When a multicast data packet is received at interface "B", ie, from another network management device or server node, the data packet is rejected and blocked from further transmission. When receiving a query request such as SLP, ARP, SSDP from the network switch 200, the shelf agent 102 replies to the query request with reference to the operations shown in rules 5-7. When a unicast packet is received on interface "A" or "B" and the forwarding destination address is valid, the unicast packet is allowed to pass and sent to the target computing device matching the destination address. The above-mentioned examples are for illustration only and should not be construed that the present disclosure is limited to the above-mentioned examples. Any other rules that are applicable to the network are within the scope of this disclosure.

表4示出相对于前文呈现的表1,藕接于网络管理设备#1的设备发生状态改变的情况。具体而言,节点2的地址被更新,并且节点3允许协议中的SSDP被删除,如表4所示,并在表5中示出了对应于状态改变的规则表(改变前为表3),表5中的规则7及规则8呈现了相应的改变。因此,参考修改后的规则7,应拒绝之前允许关于节点3的SSDP协议。此外,参考修订后的规则8,由于MAC地址不再有效,因此将之前允许的关于节点2的单播数据包修改为拒绝,并阻止后续发送。信息及规则表的动态更新,不需要外部系统介入。因此,网络管理系统100可根据系统的任何动态改变,进行相应的规则表调整。Table 4 shows the state changes of devices coupled to network management device #1 relative to Table 1 presented above. Specifically, the address of node 2 is updated, and node 3 allows the SSDP in the protocol to be deleted, as shown in Table 4, and the rule table corresponding to the state change is shown in Table 5 (Table 3 before the change) , Rule 7 and Rule 8 in Table 5 present corresponding changes. Therefore, referring to the modified rule 7, the previously allowed SSDP protocol on node 3 should be denied. Furthermore, referring to the revised rule 8, since the MAC address is no longer valid, the previously allowed unicast packets about node 2 are modified to be denied, and subsequent transmissions are blocked. The dynamic update of information and rule tables does not require the intervention of external systems. Therefore, the network management system 100 can adjust the corresponding rule table according to any dynamic changes of the system.

表4Table 4

Figure BDA0003238987820000121
Figure BDA0003238987820000121

表5table 5

Figure BDA0003238987820000122
Figure BDA0003238987820000122

图5示出网络管理系统500的另一个实施例,其中省略了服务器节点,以便清楚及直观地呈现。网络交换机200通过第一链路201依次串联连接于网络管理设备112/122/132/142。相比于上述实施例,网络管理系统500还包括将网络交换机200藕接于第一链路201末端的网络管理设备142的第二链路202。通过第一链路201及第二链路202,网络管理设备112/122/132/142与网络交换机200形成闭环连接。FIG. 5 shows another embodiment of a network management system 500 in which server nodes are omitted for clarity and intuitive presentation. The network switch 200 is sequentially connected in series to the network management devices 112/122/132/142 through the first link 201 . Compared with the above embodiments, the network management system 500 further includes a second link 202 coupling the network switch 200 to the network management device 142 at the end of the first link 201 . Through the first link 201 and the second link 202 , the network management device 112 / 122 / 132 / 142 forms a closed-loop connection with the network switch 200 .

图6是图5所示网络管理系统500确定机架代理的示意图。由于网络管理设备112(网络管理设备#1)及网络管理设备142(网络管理设备#4)分别通过第一链路201及第二链路202直接连接于网络交换机200,因此网络管理设备112及142均分别被确定为候选机架代理112a、142a。候选机架代理112a、142a随后计算各自的相应优先级值112p、142p。作为一个示例,优先级值可以根据桥接协议数据单元(Bridge Protocol Data Unit,BPDU)计算,如下所示:FIG. 6 is a schematic diagram of determining the rack agent by the network management system 500 shown in FIG. 5 . Since the network management device 112 (network management device #1) and the network management device 142 (network management device #4) are directly connected to the network switch 200 through the first link 201 and the second link 202 respectively, the network management device 112 and 142 are each determined as candidate rack agents 112a, 142a, respectively. The candidate rack agents 112a, 142a then calculate respective respective priority values 112p, 142p. As an example, a priority value may be calculated from a Bridge Protocol Data Unit (BPDU) as follows:

优先级值(64位)=MAC地址(48位):接口(16位)。Priority value (64 bits) = MAC address (48 bits): interface (16 bits).

各候选机架代理在链路层发现协议(Link Layer Discovery Protocol,LLDP)中加入相应的优先级值112p、142p,即,类型、长度及值(TL),并发送至相邻的网络管理设备。具有最小优先级值的候选机架代理,例如候选机架代理112a,被选定为机架代理102,并且将其被选定为机架代理102的信息“112a=102”发送至网络管理系统500中的所有网络管理设备112、122、132、142。所有网络管理设备112、122、132、142通过单播数据包向机架代理102确认及传输信息。与上述操作类似,机架代理102通过生成的规则表进行操作,从而根据规则表决定允许传送或拒绝传送数据包。此外,例如网络交换机200或网络管理员设备300的外部设备,可直接从机架代理102获得网络管理系统500内所有设备的信息。Each candidate rack agent adds corresponding priority values 112p, 142p, that is, type, length and value (TL) in the Link Layer Discovery Protocol (Link Layer Discovery Protocol, LLDP), and sends to the adjacent network management equipment . The candidate rack agent with the smallest priority value, such as the candidate rack agent 112a, is selected as the rack agent 102, and the information "112a=102" that it is selected as the rack agent 102 is sent to the network management system All network management devices 112 , 122 , 132 , 142 in 500 . All network management devices 112, 122, 132, 142 confirm and transmit information to the rack agent 102 through unicast packets. Similar to the above operations, the rack agent 102 operates through the generated rule table, so as to decide whether to allow or deny the transmission of the data packet according to the rule table. In addition, external devices such as the network switch 200 or the network manager device 300 can directly obtain the information of all devices in the network management system 500 from the rack agent 102 .

图7示出网络管理系统500与网络管理设备112/122/132/142连接的第一链路201发生改变的情况,例如,网络管理设备122与网络管理设备132之间的连接204发生中断的情况。链接中断可能在连接件(例如电缆或连接接口“A”及/或接口“B”)出现故障的情况下发生。在这种情况下,尽管网络管理设备112/122/132/142之间串联连接的第一链路201发生中断,第二链路202仍构成网络交换机200与网络管理设备132及142之间的连接。因此,形成了两个独立的网络管理系统510、520。在连接状态改变时,在每个网络管理系统510、520中自动进行机架代理的确定过程。Fig. 7 shows the situation that the first link 201 connecting the network management system 500 and the network management device 112/122/132/142 changes, for example, the connection 204 between the network management device 122 and the network management device 132 is interrupted Condition. A link interruption may occur in the event of a failure of a connection, such as a cable or connection interface "A" and/or interface "B". In this case, although the first link 201 connected in series between the network management devices 112/122/132/142 is interrupted, the second link 202 still constitutes the link between the network switch 200 and the network management devices 132 and 142. connect. Thus, two independent network management systems 510, 520 are formed. The process of determining the rack proxy is performed automatically in each network management system 510, 520 when the connection status changes.

图8示出进行机架代理确定的网络管理系统510、520。由于各个网络管理系统510、520的候选机架代理112a及142a分别为直接连接于网络交换机200的唯一候选机架代理,因此两个候选机架代理112a、142a被分别确定为独立网络管理系统510、520的相应机架代理102、104,并且将其被确定为机架代理102、104的信息“112a=102”、“114a=104”分别发送至网络管理系统500中的网络管理设备112、122及132、142。。因此,各机架代理102、104通过各自的规则表进行操作,从而根据各自的规则表允许或阻止数据包在各自的网络管理系统510、520中的传送。此外,外部设备可以直接从各个机架代理102、104分别获取网络管理系统510、520内所有设备的信息。Figure 8 shows a network management system 510, 520 performing rack proxy determination. Since the candidate rack agents 112a and 142a of each network management system 510, 520 are respectively the only candidate rack agents directly connected to the network switch 200, the two candidate rack agents 112a, 142a are respectively determined as independent network management systems 510 , 520 of the corresponding rack agent 102, 104, and the information "112a=102", "114a=104" determined to be the rack agent 102, 104 is sent to the network management device 112, 104 in the network management system 500 respectively 122 and 132, 142. . Accordingly, each rack agent 102, 104 operates through a respective rule table to allow or block transmission of data packets in the respective network management system 510, 520 according to the respective rule table. In addition, external devices can directly obtain information about all devices in the network management systems 510 and 520 from the rack agents 102 and 104 respectively.

图9示出本申请的另一个实例,其中网络管理系统500的连接发生改变,即,网络管理设备132本身发生故障,因此导致网络管理设备122与网络管理设备142之间通过第一链路201的连接中断。在这种情况下,第二链路202仍构成网络交换机200与网络管理设备142之间的连接。因此,形成了两个独立的网络管理系统530、540。在连接状态改变时,在每个网络管理系统530/540中自动进行机架代理确定过程。Fig. 9 shows another example of the present application, wherein the connection of the network management system 500 changes, that is, the network management device 132 itself fails, thus causing the connection between the network management device 122 and the network management device 142 to pass through the first link 201 The connection was lost. In this case, the second link 202 still constitutes the connection between the network switch 200 and the network management device 142 . Thus, two independent network management systems 530, 540 are formed. The rack proxy determination process is automatically performed in each network management system 530/540 when the connection state changes.

图10示出进行机架代理确定的网络管理系统530、540。由于各个网络管理系统530、540的候选机架代理112a及142a均分别为直接连接于网络交换机200的唯一候选机架代理,因此两个候选机架代理112a、142a被分别确定为独立网络管理系统530、540的相应机架代理102/104,并且将其被确定为机架代理102、104的信息“112a=102”、“114a=104”分别发送至网络管理系统500中的网络管理设备112、122及142。。因此,机架代理102、104通过各自的规则表进行操作,从而根据各自的规则表允许或阻止数据包在各自的网络管理系统530、540中的发送。此外,外部设备可以直接从各个机架代理102、104分别获取网络管理系统530、540中所有设备的信息。Figure 10 shows a network management system 530, 540 performing rack proxy determination. Since the candidate rack agents 112a and 142a of each network management system 530, 540 are respectively the only candidate rack agents directly connected to the network switch 200, the two candidate rack agents 112a, 142a are respectively determined as independent network management systems 530, 540 the corresponding rack agent 102/104, and the information "112a=102", "114a=104" determined to be the rack agent 102, 104 is sent to the network management device 112 in the network management system 500 respectively , 122 and 142. . Thus, the rack agents 102, 104 operate through the respective rule tables to allow or block the transmission of data packets in the respective network management systems 530, 540 according to the respective rule tables. In addition, external devices can directly obtain information about all devices in the network management systems 530 and 540 from the rack agents 102 and 104 respectively.

图11示出机架代理确定方法700。所述方法700包括:在步骤710中,确定至少一个候选机架代理,所述至少一个候选机架代理中的每一个均直接连接于外部设备。在步骤720中,各个候选机架代理计算各自的优先级值。在步骤730中,基于最小的优先级值确定机架代理。可选地,各候选机架代理基于与外部设备的接口连接及各自的网络地址计算优先级值。方法700还可以包括当服务器管理系统中的连接状态发生改变时,确定一个或多个机架代理的步骤。FIG. 11 illustrates a rack proxy determination method 700 . The method 700 includes: in step 710, determining at least one candidate rack proxy, each of the at least one candidate rack proxy is directly connected to an external device. In step 720, each candidate rack agent calculates a respective priority value. In step 730, a rack proxy is determined based on the lowest priority value. Optionally, each candidate rack agent calculates a priority value based on the interface connection with the external device and its respective network address. Method 700 may also include the step of determining one or more rack agents when a connection status in the server management system changes.

图12示出根据本申请实施例的服务器管理方法。所述方法800包括:在步骤810中,从网络交换机接收数据包。在步骤820中,判定所述数据包是否须被传送或被阻止。在步骤830中,响应于数据包须被传送的判定,将该数据包后续发送至目标计算设备。在步骤840中,响应于数据包须被阻止的判定,防止将该数据包后续发送至任何计算设备。Fig. 12 shows a server management method according to an embodiment of the present application. The method 800 includes: at step 810, receiving a data packet from a network switch. In step 820, it is determined whether the data packet must be transmitted or blocked. In step 830, in response to a determination that the data packet must be transmitted, the data packet is subsequently sent to the target computing device. In step 840, in response to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented.

根据本申请的方法进一步包括,判定所述数据包是否为单播包或非单播包;响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备;以及响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。根据本申请实施例的方法还可以包括从外部设备接收查询包;及响应于接收该查询包,将存储于数据库中的信息发送至该外部设备。根据本申请的方法还可以进一步包括从一个或多个计算设备中的一个计算设备接收第二数据包;判定该第二数据包是否须被传送或被阻止。响应于第二数据包须被传送的判定,将该第二数据包后续发送至网络交换机;以及,响应于第二数据包须被阻止的判定,防止将该第二数据包后续发送至所述网络交换机。根据本申请的方法还可以进一步包括从该一个或多个计算设备接收状态包;及在数据库中存储该一个或多个计算设备的状态信息。The method according to the present application further includes, determining whether the data packet is a unicast packet or a non-unicast packet; in response to the determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and preventing subsequent transmission of the data packet to any computing device in response to a determination that the data packet is a non-unicast packet. The method according to the embodiment of the present application may further include receiving a query packet from an external device; and in response to receiving the query packet, sending the information stored in the database to the external device. A method according to the present application may further include receiving a second data packet from one of the one or more computing devices; determining whether the second data packet must be transmitted or blocked. Responsive to a determination that the second data packet must be transmitted, subsequently sending the second data packet to the network switch; and, in response to a determination that the second data packet must be blocked, preventing subsequent transmission of the second data packet to the network switch. The method according to the present application may further include receiving a status packet from the one or more computing devices; and storing the status information of the one or more computing devices in a database.

如本文中所使用的,除非另外明确指出,否则单数“一”和“一个”可以被解释为包括复数“一个或多个”。As used herein, the singular "a" and "an" may be construed to include the plural "one or more" unless expressly stated otherwise.

以上出于说明及描述的目的呈现本公开,但是并不旨在穷举或限制。许多修改及变化对于本领域普通技术人员来说是显而易见的。选择及描述示例实施例是为了解释原理及实际应用,并且使本领域普通技术人员能够理解本公开的各种实施例,其具有适合于预期的特定用途的各种修改。The foregoing disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limiting. Many modifications and changes will be apparent to those of ordinary skill in the art. The exemplary embodiments were chosen and described in order to explain the principles and practical application, and to enable others of ordinary skill in the art to understand the disclosure for various embodiments with various modifications as are suited to the particular use contemplated.

因此,尽管本文参考附图描述说明性示例实施例,但是应该理解,该描述不是限制性的,并且本领域技术人员可以在其中实现各种其他变化及修改而不脱离本公开的范围、创新构思及技术方案。Accordingly, although illustrative example embodiments are described herein with reference to the accompanying drawings, it should be understood that this description is not limiting and that various other changes and modifications can be effected therein by those skilled in the art without departing from the scope of the present disclosure, the inventive concept and technical solutions.

Claims (20)

1.一种网络管理设备,其特征在于,所述网络管理设备包括:1. A network management device, characterized in that, the network management device comprises: 逻辑处理器,及logical processors, and 耦接于所述逻辑处理器的第一通讯接口及第二通讯接口,其中所述第一通讯接口还可耦接于网络交换机且所述第二通讯接口还可耦接于一个或多个计算设备;The first communication interface and the second communication interface coupled to the logic processor, wherein the first communication interface can also be coupled to a network switch and the second communication interface can also be coupled to one or more computing equipment; 其中,所述逻辑处理器被被设置为:Wherein, the logical processor is set as: 通过所述第一通讯接口从所述网络交换机接收数据包;receiving a data packet from the network switch through the first communication interface; 判定所述数据包是否须被传送或被阻止;determining whether the data packet must be transmitted or blocked; 响应于所述数据包须被传送的判定,将所述数据包后续发送至目标计算设备;及Responsive to a determination that the data packet must be transmitted, subsequently sending the data packet to a target computing device; and 响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented. 2.根据权利要求1所述的设备,其特征在于,所述逻辑处理器判定所述数据包是否须被传送或被阻止还包括,判定所述数据包是否为单播包或非单播包,且2. The device according to claim 1, wherein the logic processor determining whether the data packet must be transmitted or blocked further comprises, determining whether the data packet is a unicast packet or a non-unicast packet ,and 响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备;以及Responsive to a determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and 响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented. 3.根据权利要求1所述的设备,其特征在于,所述逻辑处理器还被设置为:3. The device according to claim 1, wherein the logic processor is further configured to: 从外部设备接收查询包;及receiving query packets from external devices; and 响应于接收所述查询包,将存储于数据库中的信息发送至所述外部设备。In response to receiving the query packet, the information stored in the database is sent to the external device. 4.根据权利要求1所述的设备,其特征在于,所述逻辑处理器还被设置为:4. The device according to claim 1, wherein the logic processor is further configured to: 从所述一个或多个计算设备中的一个计算设备接收第二数据包;receiving a second data packet from a computing device of the one or more computing devices; 判定所述第二数据包是否须被传送或被阻止;determining whether the second data packet must be transmitted or blocked; 响应于所述第二数据包须被传送的判定,将所述第二数据包后续传送至网络交换机;及responsive to a determination that the second data packet must be transmitted, subsequently transmitting the second data packet to a network switch; and 响应于所述第二数据包须被阻止的判定,防止将所述第二数据包后续传送至所述网络交换机。Responsive to a determination that the second data packet must be blocked, subsequent transmission of the second data packet to the network switch is prevented. 5.根据权利要求4所述的设备,其特征在于,所述逻辑处理器判定所述第二数据包是否须被传送或被阻止还包括,判定所述第二数据包是否为非多播包或多播包,且5. The device of claim 4, wherein the logic processor determining whether the second data packet must be transmitted or blocked further comprises determining whether the second data packet is a non-multicast packet or multicast packets, and 响应于所述第二数据包为非多播包的判定,将所述第二数据包传送至所述网络交换机;以及transmitting the second data packet to the network switch in response to a determination that the second data packet is a non-multicast packet; and 响应于所述第二数据包为多播包的判定,防止将所述第二数据包后续传送至所述网络交换机。In response to a determination that the second data packet is a multicast packet, subsequent transmission of the second data packet to the network switch is prevented. 6.根据权利要求1所述的设备,其特征在于,所述逻辑处理器还被设置为:6. The device according to claim 1, wherein the logic processor is further configured to: 从所述一个或多个计算设备接收状态包;及receiving a status packet from the one or more computing devices; and 在数据库中存储所述一个或多个计算设备的状态信息。State information for the one or more computing devices is stored in a database. 7.根据权利要求1所述的设备,其特征在于,所述一个或多个计算设备的信息包括地址解析协议(ARP)、服务定位协议(SLP)、简单服务发现协议(SSDP)及链路层发现协议(LLDP)。7. The device of claim 1, wherein the information of the one or more computing devices includes Address Resolution Protocol (ARP), Service Location Protocol (SLP), Simple Service Discovery Protocol (SSDP), and link Layer Discovery Protocol (LLDP). 8.根据权利要求1所述的设备,其特征在于,所述一个或多个计算设备包括多个服务器节点。8. The device of claim 1, wherein the one or more computing devices comprise a plurality of server nodes. 9.一种网络管理系统,其特征在于,所述网络管理系统包括:9. A network management system, characterized in that the network management system comprises: 相互耦接的多个根据权利要求1所述的网络管理设备;及a plurality of network management devices according to claim 1 coupled to each other; and 与所述多个网络管理设备中的每个网络管理设备耦接的至少一个计算设备;at least one computing device coupled to each network management device of the plurality of network management devices; 其中所述多个网络管理设备中的一个网络管理设备被设置为机架代理,所述机架代理被设置为:Wherein one network management device among the plurality of network management devices is set as a rack proxy, and the rack proxy is set as: 从网络交换机接收数据包;Receive packets from network switches; 判定所述数据包是否须被传送或被阻止;determining whether the data packet must be transmitted or blocked; 响应于所述数据包须被传送的判定,将所述数据包发送至目标计算设备;及Responsive to a determination that the data packet must be transmitted, sending the data packet to a target computing device; and 响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented. 10.根据权利要求9所述的系统,其特征在于,所述网络管理设备可被设置为机架代理可被进一步设置为:10. The system according to claim 9, wherein the network management device can be set as a rack agent and can be further set as: 判定所述数据包是否为单播包或非单播包;且determining whether the data packet is a unicast packet or a non-unicast packet; and 响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备;以及Responsive to a determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and 响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented. 11.根据权利要求9所述的系统,其特征在于,所述多个网络管理设备被排布为菊花链拓扑设置。11. The system of claim 9, wherein the plurality of network management devices are arranged in a daisy chain topology arrangement. 12.根据权利要求11所述的系统,其特征在于,所述多个网络管理设备被布设为与网络交换机形成闭环连接。12. The system of claim 11, wherein the plurality of network management devices are arranged to form a closed-loop connection with a network switch. 13.根据权利要求12所述的系统,其特征在于,当所述闭环连接发生改变时,所述网络管理设备中的另一台可被设置为第二机架代理,所述第二机架代理被设置为:13. The system according to claim 12, wherein when the closed-loop connection changes, another one of the network management devices can be set as a second rack agent, and the second rack The proxy is set to: 从所述网络交换机接收第二数据包;receiving a second data packet from the network switch; 判定所述第二数据包是否须被传送或被阻止;determining whether the second data packet must be transmitted or blocked; 响应于所述第二数据包为须被传送的判定,将所述第二数据包传送至第二目标计算设备;及in response to a determination that the second data packet is to be transmitted, transmitting the second data packet to a second target computing device; and 响应于第二数据包为须被阻止的判定,防止将所述第二数据包后续传送至任何计算设备。Responsive to a determination that the second data packet is to be blocked, subsequent transmission of the second data packet to any computing device is prevented. 14.根据权利要求13所述的系统,其特征在于,所述另一台可被设置为第二机架代理的网络管理设备被进一步设置为:14. The system according to claim 13, wherein the other network management device that can be set as the second rack agent is further set to: 判定所述第二数据包是否为单播包或非单播包,且;determining whether the second data packet is a unicast packet or a non-unicast packet, and; 响应于所述第二数据包为单播包的判定,将所述第二数据包传送至所述目标计算设备;以及transmitting the second data packet to the target computing device in response to a determination that the second data packet is a unicast packet; and 响应于所述第二数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。Responsive to a determination that the second data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented. 15.根据权利要求9所述的系统,其特征在于,所述网络管理设备被设置为:15. The system according to claim 9, wherein the network management device is configured to: 确定至少一个候选机架代理,其中所述至少一个候选机架代理中的每一个均为直接连接于所述网络交换机的所述网络管理设备之一;determining at least one candidate chassis agent, wherein each of the at least one candidate chassis agent is one of the network management devices directly connected to the network switch; 计算每个候选机架代理各自的优先级值;及computing a respective priority value for each candidate rack agent; and 基于最小值的优先级值确定所述机架代理。The rack agent is determined based on a minimum priority value. 16.一种网络管理方法,其特征在于,所述方法包括:16. A network management method, characterized in that the method comprises: 通过第一通讯接口从网络交换机接收数据包;receiving a data packet from a network switch through a first communication interface; 判定所述数据包是否须被传送或被阻止;determining whether the data packet must be transmitted or blocked; 响应于所述数据包须被传送的判定,将所述数据包后续发送至目标计算设备;及Responsive to a determination that the data packet must be transmitted, subsequently sending the data packet to a target computing device; and 响应于所述数据包须被阻止的判定,防止将所述数据包后续发送至任何计算设备。Responsive to a determination that the data packet must be blocked, subsequent transmission of the data packet to any computing device is prevented. 17.根据权利要求16所述的方法,其特征在于,所述方法还包括:17. The method of claim 16, further comprising: 判定所述数据包是否为单播包或非单播包;Determine whether the data packet is a unicast packet or a non-unicast packet; 响应于所述数据包为单播包的判定,将所述数据包传送至所述目标计算设备;以及Responsive to a determination that the data packet is a unicast packet, transmitting the data packet to the target computing device; and 响应于所述数据包为非单播包的判定,防止将所述数据包后续传送至任何计算设备。Responsive to a determination that the data packet is a non-unicast packet, subsequent transmission of the data packet to any computing device is prevented. 18.根据权利要求16所述的方法,其特征在于,所述方法还包括:18. The method of claim 16, further comprising: 从外部设备接收查询包;及receiving query packets from external devices; and 响应于接收所述查询包,将存储于数据库中的信息发送至所述外部设备。In response to receiving the query packet, the information stored in the database is sent to the external device. 19.根据权利要求16所述的方法,其特征在于,所述方法还包括:19. The method of claim 16, further comprising: 从一个计算设备或多个计算设备中的一个计算设备接收第二数据包;receiving a second data packet from a computing device or a computing device of a plurality of computing devices; 判定所述第二数据包是否须被传送或被阻止;determining whether the second data packet must be transmitted or blocked; 响应于所述第二数据包须被传送的判定,将所述第二数据包后续发送至网络交换机;及responsive to a determination that the second data packet must be transmitted, subsequently sending the second data packet to a network switch; and 响应于所述第二数据包须被阻止的判定,防止将所述第二数据包后续发送至所述网络交换机。Responsive to a determination that the second data packet must be blocked, subsequent transmission of the second data packet to the network switch is prevented. 20.根据权利要求16所述的方法,其特征在于,所述方法还包括:20. The method of claim 16, further comprising: 从所述一个或多个计算设备接收状态包;及receiving a status packet from the one or more computing devices; and 在数据库中存储所述一个或多个计算设备的状态信息。State information for the one or more computing devices is stored in a database.
CN202111013086.8A 2021-08-31 2021-08-31 Network management device, network management system, and network management method Pending CN115733721A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111013086.8A CN115733721A (en) 2021-08-31 2021-08-31 Network management device, network management system, and network management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111013086.8A CN115733721A (en) 2021-08-31 2021-08-31 Network management device, network management system, and network management method

Publications (1)

Publication Number Publication Date
CN115733721A true CN115733721A (en) 2023-03-03

Family

ID=85291501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111013086.8A Pending CN115733721A (en) 2021-08-31 2021-08-31 Network management device, network management system, and network management method

Country Status (1)

Country Link
CN (1) CN115733721A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1556633A (en) * 2003-12-30 2004-12-22 港湾网络有限公司 Route exchanger of integrated fire proof wall
CN104769864A (en) * 2012-06-14 2015-07-08 艾诺威网络有限公司 Multicast to Unicast Conversion Technology
CN105187378A (en) * 2006-01-13 2015-12-23 飞塔公司 Computerized System And Method For Handling Network Traffic
CN105827623A (en) * 2016-04-26 2016-08-03 山石网科通信技术有限公司 Data center system
US20190319923A1 (en) * 2018-04-16 2019-10-17 Alibaba Group Holding Limited Network data control method, system and security protection device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1556633A (en) * 2003-12-30 2004-12-22 港湾网络有限公司 Route exchanger of integrated fire proof wall
CN105187378A (en) * 2006-01-13 2015-12-23 飞塔公司 Computerized System And Method For Handling Network Traffic
CN104769864A (en) * 2012-06-14 2015-07-08 艾诺威网络有限公司 Multicast to Unicast Conversion Technology
CN105827623A (en) * 2016-04-26 2016-08-03 山石网科通信技术有限公司 Data center system
US20190319923A1 (en) * 2018-04-16 2019-10-17 Alibaba Group Holding Limited Network data control method, system and security protection device

Similar Documents

Publication Publication Date Title
EP3965377B1 (en) Control method for main master cluster and control node
KR102162730B1 (en) Technologies for distributed routing table lookup
US7197536B2 (en) Primitive communication mechanism for adjacent nodes in a clustered computer system
EP2748992B1 (en) Method for managing network hardware address requests with a controller
JP5381998B2 (en) Cluster control system, cluster control method, and program
US9497080B1 (en) Election and use of configuration manager
US20130051222A1 (en) Implementing redundancy on infiniband (ib) networks
WO2018090386A1 (en) Method, device and system for processing abnormities of nf modules
US11799753B2 (en) Dynamic discovery of service nodes in a network
CN112311674B (en) Message sending method, device and storage medium
US11601360B2 (en) Automated link aggregation group configuration system
US9384102B2 (en) Redundant, fault-tolerant management fabric for multipartition servers
JP2008228150A (en) Switch device, and frame switching method and program thereof
CN111641730A (en) Scalable address resolution
US7783786B1 (en) Replicated service architecture
WO2021109726A1 (en) Bandwidth limitation method, apparatus and system
WO2022161288A1 (en) Traffic sending method and apparatus, and system and storage medium
CN115733721A (en) Network management device, network management system, and network management method
CN115225708B (en) Message forwarding method computer equipment and storage medium
CN113805788B (en) Distributed storage system and exception handling method and related device thereof
US20080120431A1 (en) Communication Network System Of Bus Network Structure And Method For Transmitting And Receiving Data Using The System
US20250260645A1 (en) Providing dual-homed, active-active devices on network fabrics
WO2020063251A1 (en) Communication method and related device
WO2025113091A1 (en) Communication method, and apparatus
TW202412496A (en) A multi-node server and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination