CN115914043A - A method and device for analyzing customer scheduling behavior based on BGP routing and DNS - Google Patents
A method and device for analyzing customer scheduling behavior based on BGP routing and DNS Download PDFInfo
- Publication number
- CN115914043A CN115914043A CN202211522565.7A CN202211522565A CN115914043A CN 115914043 A CN115914043 A CN 115914043A CN 202211522565 A CN202211522565 A CN 202211522565A CN 115914043 A CN115914043 A CN 115914043A
- Authority
- CN
- China
- Prior art keywords
- address
- dns
- information
- bgp routing
- customer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000008859 change Effects 0.000 claims abstract description 12
- 230000006399 behavior Effects 0.000 claims description 28
- 238000004458 analytical method Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开一种基于BGP路由和DNS的客户调度行为分析方法及装置,其中,该方法包括:对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围,则进一步分析并找出变动的IP地址,再结合NetFlow信息,获取调度流量的大小。该方法及装置将BGP路由、Netflow以及DNS日志结合,并分析出客户在各个省份之间的调度行为,为运营商的运营及制定相关策略提供数据支持,提升运营商的营收。
The invention discloses a method and device for analyzing customer scheduling behavior based on BGP routing and DNS, wherein the method includes: collecting NetFlow information of provincial export equipment, national BGP routing information, DNS logs and customer domain name information; The AsPath attribute in the BGP routing information obtains the corresponding address segment range of each province; monitors the DNS log according to the customer's domain name information, and when it is found that the corresponding customer address segment in the DNS log has changed, and the range of change exceeds the address segment of the province range, further analyze and find out the changed IP address, and then combine the NetFlow information to obtain the size of the dispatched traffic. The method and device combine BGP routing, Netflow and DNS logs, and analyze the dispatching behavior of customers in various provinces, provide data support for operators' operations and formulate relevant strategies, and increase operators' revenue.
Description
技术领域technical field
本发明涉及客户调度行为监控领域,尤其是一种基于BGP路由和DNS的客户调度行为分析方法及装置。The invention relates to the field of customer scheduling behavior monitoring, in particular to a method and device for analyzing customer scheduling behavior based on BGP routing and DNS.
背景技术Background technique
在运营商的省公司实际经营中,经常会涉及到大客户的定价策略,例如计费机制的95计费原则,运营商的大客户往往会利用各个省份之间的价格差距,使用相关的调度,将流量在不同省份之间进行调度以达到降低成本的目的;而运营商方面因缺乏有效的手段,无法对客户的调度进行有效的监控,更无法进行分析,从而不能制定出针对性的策略来提高收入。In the actual operation of the operator's provincial company, the pricing strategy of major customers is often involved, such as the 95 billing principle of the billing mechanism. The operator's major customers often take advantage of the price gap between provinces and use related scheduling , to dispatch traffic between different provinces to achieve the purpose of reducing costs; due to the lack of effective means, operators cannot effectively monitor and analyze customer dispatch, so they cannot formulate targeted strategies to increase income.
发明内容Contents of the invention
为了解决现有技术存在的上述问题,本发明提供一种基于BGP路由和DNS的客户调度行为分析方法及装置,将BGP路由、Netflow以及DNS日志结合,并分析出客户在各个省份之间的调度行为,为运营商的运营以及制定相关策略提供数据支持,提升运营商的营收。In order to solve the above-mentioned problems in the prior art, the present invention provides a method and device for analyzing customer scheduling behavior based on BGP routing and DNS, which combines BGP routing, Netflow and DNS logs, and analyzes customer scheduling between provinces Behavior, provide data support for operators' operations and formulate relevant strategies, and increase operators' revenue.
为实现上述目的,本发明采用下述技术方案:To achieve the above object, the present invention adopts the following technical solutions:
在本发明一实施例中,提出了一种基于BGP路由和DNS的客户调度行为分析方法,该方法包括:In one embodiment of the present invention, a kind of customer scheduling behavior analysis method based on BGP route and DNS is proposed, and this method comprises:
对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;Collect NetFlow information of provincial export equipment, national BGP routing information, DNS logs and customer domain name information;
根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;According to the AsPath attribute in the BGP routing information, obtain the corresponding address segment range of each province;
根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围,则进一步分析并找出变动的IP地址,再结合NetFlow信息,获取调度流量的大小。According to the domain name information of the customer, the DNS log is monitored. When it is found that the corresponding customer address segment in the DNS log has changed, and the range of the change exceeds the range of the address segment of the province, it will further analyze and find out the changed IP address, and then combine it with NetFlow information to obtain the size of the scheduled traffic.
进一步地,NetFlow信息中的源IP字段与DNS日志中的IP地址对应,并与BGP路由信息关联形成省信息。Further, the source IP field in the NetFlow information corresponds to the IP address in the DNS log, and is associated with the BGP routing information to form the province information.
进一步地,当调度流量大于既定阈值,则判断变动的IP地址是新增的IP地址还是减少的IP地址,若变动的IP地址是新增的IP地址,则新增该IP地址分布的省以及对应的流量;若变动的IP地址是减少的IP地址,则减少该IP地址分布的省以及对应的流量。Further, when the scheduling traffic is greater than the predetermined threshold, it is judged whether the changed IP address is a newly added IP address or a reduced IP address, and if the changed IP address is a newly added IP address, the province and province where the IP address is distributed are newly added. Corresponding traffic; if the changed IP address is a reduced IP address, then reduce the distribution province of the IP address and the corresponding traffic.
在本发明一实施例中,还提出了一种基于BGP路由和DNS的客户调度行为分析装置,该装置包括:In one embodiment of the present invention, also propose a kind of client scheduling behavior analysis device based on BGP route and DNS, this device comprises:
信息采集模块,用于对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;The information collection module is used to collect NetFlow information of provincial export equipment, national BGP routing information, DNS logs and customer domain name information;
调度分析模块,用于根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围,则进一步分析并找出变动的IP地址,再结合NetFlow信息,获取调度流量的大小。The scheduling analysis module is used to obtain the range of address segments corresponding to each province according to the AsPath attribute in the BGP routing information; monitor the DNS logs according to the domain name information of the customer, and when it is found that the corresponding customer address segment in the DNS log has changed, and the change If the range of the IP address exceeds the range of the province, further analyze and find out the changed IP address, and then combine the NetFlow information to obtain the size of the dispatched traffic.
进一步地,NetFlow信息中的源IP字段与DNS日志中的IP地址对应,并与BGP路由信息关联形成省信息。Further, the source IP field in the NetFlow information corresponds to the IP address in the DNS log, and is associated with the BGP routing information to form the province information.
进一步地,当调度流量大于既定阈值,则判断变动的IP地址是新增的IP地址还是减少的IP地址,若变动的IP地址是新增的IP地址,则新增该IP地址分布的省以及对应的流量;若变动的IP地址是减少的IP地址,则减少该IP地址分布的省以及对应的流量。Further, when the scheduling traffic is greater than the predetermined threshold, it is judged whether the changed IP address is a newly added IP address or a reduced IP address, and if the changed IP address is a newly added IP address, the province and province where the IP address is distributed are newly added. Corresponding traffic; if the changed IP address is a reduced IP address, then reduce the distribution province of the IP address and the corresponding traffic.
在本发明一实施例中,还提出了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现前述基于BGP路由和DNS的客户调度行为分析。In an embodiment of the present invention, a computer device is also proposed, including a memory, a processor, and a computer program stored on the memory and operable on the processor. When the processor executes the computer program, the aforementioned BGP routing and DNS-based Customer scheduling behavior analysis.
在本发明一实施例中,还提出了一种计算机可读存储介质,计算机可读存储介质存储有执行基于BGP路由和DNS的客户调度行为分析计算机程序。In an embodiment of the present invention, a computer-readable storage medium is also provided, and the computer-readable storage medium stores a computer program for performing analysis of customer scheduling behavior based on BGP routing and DNS.
有益效果:Beneficial effect:
1、本发明通过BGP路由信息和DNS日志结合,准确确定省维度的调度。1. The present invention accurately determines the scheduling of the provincial dimension through the combination of BGP routing information and DNS logs.
2、本发明通过Netflow信息结合BGP路由信息和DNS日志,形成调度流量大小,从而准确监控调度的行为和调度流量大小。2. The present invention combines the Netflow information with the BGP routing information and the DNS log to form the size of the scheduling traffic, thereby accurately monitoring the behavior of scheduling and the size of the scheduling traffic.
附图说明Description of drawings
图1是本发明基于BGP路由和DNS的客户调度行为分析方法流程示意图;Fig. 1 is the schematic flow chart of the customer scheduling behavior analysis method based on BGP routing and DNS in the present invention;
图2是本发明基于BGP路由和DNS的客户调度行为分析装置结构示意图;Fig. 2 is the structural representation of the client scheduling behavior analysis device based on BGP routing and DNS of the present invention;
图3是本发明计算机设备结构示意图。Fig. 3 is a schematic structural diagram of the computer equipment of the present invention.
具体实施方式Detailed ways
下面将参考若干示例性实施方式来描述本发明的原理和精神,应当理解,给出这些实施方式仅仅是为了使本领域技术人员能够更好地理解进而实现本发明,而并非以任何方式限制本发明的范围。相反,提供这些实施方式是为了使本公开更加透彻和完整,并且能够将本公开的范围完整地传达给本领域的技术人员。The principle and spirit of the present invention will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are provided only to enable those skilled in the art to better understand and realize the present invention, but not to limit the present invention in any way. the scope of the invention. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
本领域技术人员知道,本发明的实施方式可以实现为一种装置、装置、节点、方法或计算机程序产品。因此,本公开可以具体实现为以下形式,即:完全的硬件、完全的软件(包括固件、驻留软件、微代码等),或者硬件和软件结合的形式。Those skilled in the art know that the embodiments of the present invention can be realized as a device, device, node, method or computer program product. Therefore, the present disclosure may be embodied in the form of complete hardware, complete software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.
本发明的实施方式,提出了一种基于BGP路由和DNS的客户调度行为分析方法及装置,将BGP路由数据、Netflow数据以及DNS日志数据结合,并分析出客户在各个省份之间的调度行为,为运营商的运营以及制定相关策略提供数据支持,提升运营商的营收。The embodiment of the present invention proposes a method and device for analyzing customer scheduling behavior based on BGP routing and DNS, combining BGP routing data, Netflow data and DNS log data, and analyzing the scheduling behavior of customers in various provinces, Provide data support for operators' operations and formulate relevant strategies, and increase operators' revenue.
下面参考本发明的若干代表性实施方式,详细阐释本发明的原理和精神。The principle and spirit of the present invention will be explained in detail below with reference to several representative embodiments of the present invention.
图1是本发明基于BGP路由和DNS的客户调度行为分析方法流程示意图。如图1所示,该方法包括:FIG. 1 is a schematic flow chart of the method for analyzing customer scheduling behavior based on BGP routing and DNS in the present invention. As shown in Figure 1, the method includes:
1、对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;1. Collect the NetFlow information of provincial export equipment, national BGP routing information, DNS logs and customer domain name information;
(1)BGP路由信息,运营商会按As来划分不同地市。路由条目信息中,本方法需要用到的是Aspath(自治系统路由主要记录路由从起始自治域到达当前自治域所经过的自治域信息)字段,prefix字段代表地址段范围,主要代表了路由的As传播路径,其中as2代表了路由的播出域即地市,地市再归结为省,本方法用的就是As来区分地址段的省份信息。(1) For BGP routing information, operators will divide different cities by As. In the routing entry information, this method needs to use the Aspath (autonomous system routing mainly records the autonomous domain information that the route passes through from the initial autonomous domain to the current autonomous domain) field, and the prefix field represents the range of the address segment, mainly representing the route’s As propagation path, where as2 represents the broadcast domain of the route, that is, the prefecture and city, and the prefecture and city are then attributed to the province. This method uses As to distinguish the province information of the address segment.
(2)DNS日志,在用户访问不同的网址时,计算机会先将客户的域名转换成IP地址,这个过程是通过DNS服务器实现,并记录成DNS日志。(2) DNS log. When a user visits a different website, the computer will first convert the customer's domain name into an IP address. This process is realized through the DNS server and recorded as a DNS log.
本方法中主要使用其中的A记录(一种DNS记录类型,主要是将域名指向一个IPv4地址如:100.100.100.100的记录)和CName记录(将域名指向一个域名),A记录直接获取域名和IP地址的关系,CName记录通过迭代最终也形成了A记录。This method mainly uses the A record (a type of DNS record, which mainly points the domain name to an IPv4 address such as: 100.100.100.100 record) and the CName record (points the domain name to a domain name), and the A record directly obtains the domain name and IP The address relationship, the CName record eventually forms an A record through iteration.
(3)NetFlow信息,客户获取从设备上流经的流量成分。本方法中需要使用骨干边缘设备中NetFlow信息的源IP地址以及流量大小,源IP地址主要用于和DNS日志中的IP地址相对应,并和BGP路由信息相关联形成省信息。需要说明的是Netflow信息中的源IP地址涉及到的多条Netflow记录需要合并累加形成流量大小。(3) NetFlow information, the client obtains the flow components passing through the device. In this method, the source IP address and flow size of the NetFlow information in the backbone edge device need to be used. The source IP address is mainly used to correspond to the IP address in the DNS log, and is associated with the BGP routing information to form provincial information. It should be noted that multiple Netflow records related to the source IP address in the Netflow information need to be combined and accumulated to form the traffic size.
(4)客户的域名信息,作为本方法的技术数据,需要进行基础配置。(4) The customer's domain name information, as the technical data of this method, requires basic configuration.
2、根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;2. According to the AsPath attribute in the BGP routing information, obtain the corresponding address segment range of each province;
3、根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围(跨省),则进一步分析并找出变动的IP地址(通过DNS日志,定时比对),再结合NetFlow信息,获取调度流量的大小。当调度流量大于既定阀值时,具体分为以下几种情况:3. According to the customer's domain name information, monitor the DNS log. When it is found that the corresponding customer address segment in the DNS log has changed, and the range of the change exceeds the range of the address segment of the province (cross-province), then further analysis and find out the change. IP address (via DNS log, regular comparison), combined with NetFlow information, to obtain the size of the dispatched traffic. When the scheduling traffic is greater than the predetermined threshold, it can be divided into the following situations:
(1)新增IP时,新增IP分布的省以及对应的流量。(1) When adding an IP, add the province where the IP is distributed and the corresponding traffic.
(2)减少IP时,减少IP对应的省以及对应的流量。(2) When reducing the IP, reduce the province corresponding to the IP and the corresponding traffic.
需要说明的是,尽管在上述实施例及附图中以特定顺序描述了本发明方法的操作,但是,这并非要求或者暗示必须按照该特定顺序来执行这些操作,或是必须执行全部所示的操作才能实现期望的结果。附加地或备选地,可以省略某些步骤,将多个步骤合并为一个步骤执行,和/或将一个步骤分解为多个步骤执行。It should be noted that although the operations of the method of the present invention are described in a specific order in the above-mentioned embodiments and accompanying drawings, this does not require or imply that these operations must be performed in this specific order, or that all shown operations must be performed. operation to achieve the desired result. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution.
为了对上述基于BGP路由和DNS的客户调度行为分析方法进行更为清楚的解释,下面结合一个具体的实施例来进行说明,然而值得注意的是该实施例仅是为了更好地说明本发明,并不构成对本发明不当的限定。In order to explain more clearly the above-mentioned customer scheduling behavior analysis method based on BGP routing and DNS, the following will be described in conjunction with a specific embodiment, but it is worth noting that this embodiment is only to better illustrate the present invention. It does not constitute an improper limitation of the present invention.
实施例:Example:
1、对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;1. Collect the NetFlow information of provincial export equipment, national BGP routing information, DNS logs and customer domain name information;
(1)BGP路由信息,运营商会按As来划分不同地市。路由条目信息概要格式如下表1,其中本方法需要用到的是Aspath字段,prefix字段代表地址段范围,主要代表了路由的As传播路径,其中as2代表了路由的播出域即地市,地市再归结为省,本实施例用的就是As来区分地址段的省份信息。(1) For BGP routing information, operators will divide different cities by As. The summary format of routing entry information is shown in Table 1. This method needs to use the Aspath field, and the prefix field represents the range of the address segment. It mainly represents the AS propagation path of the route. The city is further attributed to the province. In this embodiment, As is used to distinguish the province information of the address segment.
表1Table 1
(2)DNS日志,在用户访问不同的网址时,计算机会先将客户的域名转换成IP地址,这个过程是通过DNS服务器实现,并记录成DNS日志,参考格式如下:(2) DNS log. When a user visits a different website, the computer will first convert the customer's domain name into an IP address. This process is realized through the DNS server and recorded as a DNS log. The reference format is as follows:
本实施例中主要使用其中的A记录和CName记录,A记录直接获取域名和IP地址的关系,CName记录通过迭代最终也形成了A记录。因此使用的DNS形式如下表2:In this embodiment, the A record and the CName record are mainly used. The A record directly obtains the relationship between the domain name and the IP address, and the CName record finally forms an A record through iteration. Therefore, the DNS format used is as follows in Table 2:
表2Table 2
(3)NetFlow信息,客户获取从设备上流经的流量成分。本方法中需要使用骨干边缘设备中NetFlow信息的源IP地址以及流量大小,源IP地址主要用于和DNS日志中的IP地址相对应,并和BGP路由信息相关联形成省信息。需要说明的是Netflow信息中的源IP地址涉及到的多条Netflow记录需要合并累加形成流量大小,如下表3:(3) NetFlow information, the client obtains the flow components passing through the device. In this method, the source IP address and flow size of the NetFlow information in the backbone edge device need to be used. The source IP address is mainly used to correspond to the IP address in the DNS log, and is associated with the BGP routing information to form provincial information. It should be noted that multiple Netflow records involved in the source IP address in the Netflow information need to be combined and accumulated to form the traffic size, as shown in Table 3 below:
表3table 3
(4)客户的域名信息,作为本方法的技术数据,需要进行基础配置如下表4:(4) The customer's domain name information, as the technical data of this method, requires basic configuration as shown in Table 4:
表4Table 4
2、根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;2. According to the AsPath attribute in the BGP routing information, obtain the corresponding address segment range of each province;
3、根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围(跨省),则进一步分析并找出变动的IP地址,再结合NetFlow信息,获取调度流量的大小。当调度流量大于既定阀值时,具体分为以下几种情况:3. According to the customer's domain name information, monitor the DNS log. When it is found that the corresponding customer address segment in the DNS log has changed, and the range of the change exceeds the range of the address segment of the province (cross-province), then further analysis and find out the change. Combined with the IP address and NetFlow information, the size of the scheduled traffic is obtained. When the scheduling traffic is greater than the predetermined threshold, it can be divided into the following situations:
(1)新增IP时,新增IP分布的省以及对应的流量。(1) When adding an IP, add the province where the IP is distributed and the corresponding traffic.
(2)减少IP时,减少IP对应的省以及对应的流量。(2) When reducing the IP, reduce the province corresponding to the IP and the corresponding traffic.
新增记录格式参考如下表5:The newly added record format refers to the following table 5:
表5table 5
减少记录格式参考如下表6:The reduced record format refers to the following table 6:
表6Table 6
基于同一发明构思,本发明还提出一种基于BGP路由和DNS的客户调度行为分析装置。该装置的实施可以参见上述方法的实施,重复之处不再赘述。以下所使用的术语“模块”,可以是实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。Based on the same inventive idea, the present invention also proposes a client scheduling behavior analysis device based on BGP routing and DNS. For the implementation of the device, reference may be made to the implementation of the above method, and repeated descriptions will not be repeated. The term "module" used hereinafter may be a combination of software and/or hardware that realizes predetermined functions. Although the devices described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
图2是本发明基于BGP路由和DNS的客户调度行为分析装置结构示意图。如图2所示,该装置包括:Fig. 2 is a schematic diagram of the structure of the client scheduling behavior analysis device based on BGP routing and DNS in the present invention. As shown in Figure 2, the device includes:
信息采集模块101,用于对省出口设备的NetFlow信息、全国的BGP路由信息、DNS日志以及客户的域名信息进行采集;The
(1)BGP路由信息,运营商会按As来划分不同地市。路由条目信息中,本装置需要用到的是Aspath字段,prefix字段代表地址段范围,主要代表了路由的As传播路径,其中as2代表了路由的播出域即地市,地市再归结为省,本装置用的就是As来区分地址段的省份信息。(1) For BGP routing information, operators will divide different cities by As. In the routing entry information, this device needs to use the Aspath field, the prefix field represents the range of the address segment, and mainly represents the AS propagation path of the route, where as2 represents the broadcast domain of the route, that is, the city, and the city is then attributed to the province , this device uses As to distinguish the province information of the address segment.
(3)DNS日志,在用户访问不同的网址时,计算机会先将客户的域名转换成IP地址,这个过程是通过DNS服务器实现,并记录成DNS日志。(3) DNS log. When a user visits a different website, the computer will first convert the customer's domain name into an IP address. This process is realized through the DNS server and recorded as a DNS log.
本装置中主要使用其中的A记录和CName记录,A记录直接获取域名和IP地址的关系,CName记录通过迭代最终也形成了A记录。The device mainly uses the A record and the CName record. The A record directly obtains the relationship between the domain name and the IP address, and the CName record finally forms an A record through iteration.
(3)NetFlow信息,客户获取从设备上流经的流量成分。本装置中需要使用骨干边缘设备中NetFlow信息的源IP地址以及流量大小,源IP地址主要用于和DNS日志中的IP地址相对应,并和BGP路由信息相关联形成省信息。需要说明的是Netflow信息中的源IP地址涉及到的多条Netflow记录需要合并累加形成流量大小。(3) NetFlow information, the client obtains the flow components passing through the device. This device needs to use the source IP address and flow size of the NetFlow information in the backbone edge device. The source IP address is mainly used to correspond to the IP address in the DNS log, and is associated with the BGP routing information to form provincial information. It should be noted that multiple Netflow records related to the source IP address in the Netflow information need to be combined and accumulated to form the traffic size.
(4)客户的域名信息,作为本装置的技术数据,需要进行基础配置。(4) The customer's domain name information, as the technical data of this device, needs to be configured basicly.
调度分析模块102,用于根据BGP路由信息中的AsPath属性,获取各省对应的地址段范围;根据客户的域名信息,对DNS日志进行监控,当发现DNS日志中对应的客户地址段有变动,且变动的范围超出本省的地址段范围,则进一步分析并找出变动的IP地址,再结合NetFlow信息,获取调度流量的大小。当调度流量大于既定阀值时,具体分为以下几种情况:
(1)新增IP时,新增IP分布的省以及对应的流量。(1) When adding an IP, add the province where the IP is distributed and the corresponding traffic.
(2)减少IP时,减少IP对应的省以及对应的流量。(2) When reducing the IP, reduce the province corresponding to the IP and the corresponding traffic.
应当注意,尽管在上文详细描述中提及了基于BGP路由和DNS的客户调度行为分析装置的若干模块,但是这种划分仅仅是示例性的并非强制性的。实际上,根据本发明的实施方式,上文描述的两个或更多模块的特征和功能可以在一个模块中具体化。反之,上文描述的一个模块的特征和功能可以进一步划分为由多个模块来具体化。It should be noted that although several modules of the client scheduling behavior analysis device based on BGP routing and DNS are mentioned in the above detailed description, this division is only exemplary and not mandatory. Actually, according to the embodiment of the present invention, the features and functions of two or more modules described above may be embodied in one module. Conversely, the features and functions of one module described above may be further divided to be embodied by a plurality of modules.
基于前述发明构思,如图3所示,本发明还提出一种计算机设备200,包括存储器210、处理器220及存储在存储器210上并可在处理器220上运行的计算机程序230,处理器220执行计算机程序230时实现前述基于BGP路由和DNS的客户调度行为分析方法。Based on the foregoing inventive concepts, as shown in FIG. 3 , the present invention also proposes a
基于前述发明构思,本发明还提出一种计算机可读存储介质,计算机可读存储介质存储有执行前述基于BGP路由和DNS的客户调度行为分析的计算机程序。Based on the aforementioned inventive concept, the present invention also proposes a computer-readable storage medium, which stores a computer program for executing the aforementioned analysis of customer scheduling behavior based on BGP routing and DNS.
本发明提出的基于BGP路由和DNS的客户调度行为分析方法及装置,通过BGP路由信息和DNS日志结合,准确确定省维度的调度,再结合Netflow信息,形成调度流量大小,从而准确监控调度的行为和调度流量大小。The method and device for analyzing customer scheduling behavior based on BGP routing and DNS proposed by the present invention can accurately determine the scheduling of provincial dimensions through the combination of BGP routing information and DNS logs, and then combine Netflow information to form the size of scheduling traffic, thereby accurately monitoring the behavior of scheduling and scheduling traffic size.
虽然已经参考若干具体实施方式描述了本发明的精神和原理,但是应该理解,本发明并不限于所公开的具体实施方式,对各方面的划分也不意味着这些方面中的特征不能组合以进行受益,这种划分仅是为了表述的方便。本发明旨在涵盖所附权利要求的精神和范围内所包含的各种修改和等同布置。Although the spirit and principles of the invention have been described with reference to a number of specific embodiments, it should be understood that the invention is not limited to the specific embodiments disclosed, nor does division of aspects imply that features in these aspects cannot be combined to achieve optimal performance. Benefit, this division is only for the convenience of expression. The present invention is intended to cover various modifications and equivalent arrangements encompassed within the spirit and scope of the appended claims.
对本发明保护范围的限制,所属领域技术人员应该明白,在本发明的技术方案的基础上,本领域技术人员不需要付出创造性劳动即可做出的各种修改或变形仍在本发明的保护范围以内。For the limitation of the protection scope of the present invention, those skilled in the art should understand that on the basis of the technical solution of the present invention, various modifications or deformations that those skilled in the art can make without creative labor are still within the protection scope of the present invention within.
Claims (8)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211522565.7A CN115914043B (en) | 2022-11-30 | 2022-11-30 | A method and device for analyzing customer scheduling behavior based on BGP routing and DNS |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211522565.7A CN115914043B (en) | 2022-11-30 | 2022-11-30 | A method and device for analyzing customer scheduling behavior based on BGP routing and DNS |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115914043A true CN115914043A (en) | 2023-04-04 |
CN115914043B CN115914043B (en) | 2025-02-11 |
Family
ID=86478442
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211522565.7A Active CN115914043B (en) | 2022-11-30 | 2022-11-30 | A method and device for analyzing customer scheduling behavior based on BGP routing and DNS |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115914043B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024230515A1 (en) * | 2023-05-06 | 2024-11-14 | 北京火山引擎科技有限公司 | Method and apparatus for determining query line of content delivery network, and device and medium |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030172145A1 (en) * | 2002-03-11 | 2003-09-11 | Nguyen John V. | System and method for designing, developing and implementing internet service provider architectures |
CN101409692A (en) * | 2008-04-24 | 2009-04-15 | 上海地面通信息网络有限公司 | Method for implementing interconnect and intercommunication of telecom and Unicom through IP address |
US20100217801A1 (en) * | 2000-07-20 | 2010-08-26 | Akamai Technologies, Inc. | Network performance monitoring in a content delivery system |
JP2011109587A (en) * | 2009-11-20 | 2011-06-02 | Nippon Telegr & Teleph Corp <Ntt> | Device, method, and system for monitoring bgp traffic variation |
CN102868550A (en) * | 2012-08-17 | 2013-01-09 | 新浪网技术(中国)有限公司 | Total network flow scheduler and method for querying domain name resolution record by using total network flow scheduler |
CN105335420A (en) * | 2014-08-06 | 2016-02-17 | 神州数码信息系统有限公司 | Method for automatically generating city IP data |
CN106992938A (en) * | 2017-05-15 | 2017-07-28 | 网宿科技股份有限公司 | A kind of network traffics dynamic dispatching distribution method and system |
CN107959681A (en) * | 2017-12-06 | 2018-04-24 | 中盈优创资讯科技有限公司 | Access path determines method and device to IP network end to end |
CN110602264A (en) * | 2019-09-02 | 2019-12-20 | 中国移动通信集团江苏有限公司 | Method, apparatus, device and medium for transferring domain name resolution address weight information |
CN110912827A (en) * | 2019-11-22 | 2020-03-24 | 北京金山云网络技术有限公司 | Route updating method and user cluster |
CN114006841A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | IDC client resale analysis method and device |
CN114006734A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | Method and device for analyzing false source address of flow in metropolitan area network |
CN114338471A (en) * | 2021-12-28 | 2022-04-12 | 浙江云诺通信科技有限公司 | Analysis method based on ICP record combination netflow |
CN114500456A (en) * | 2020-10-23 | 2022-05-13 | 中国移动通信集团河北有限公司 | DNS scheduling optimization method and device based on full-network sniffing and computing equipment |
-
2022
- 2022-11-30 CN CN202211522565.7A patent/CN115914043B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100217801A1 (en) * | 2000-07-20 | 2010-08-26 | Akamai Technologies, Inc. | Network performance monitoring in a content delivery system |
US20030172145A1 (en) * | 2002-03-11 | 2003-09-11 | Nguyen John V. | System and method for designing, developing and implementing internet service provider architectures |
CN101409692A (en) * | 2008-04-24 | 2009-04-15 | 上海地面通信息网络有限公司 | Method for implementing interconnect and intercommunication of telecom and Unicom through IP address |
JP2011109587A (en) * | 2009-11-20 | 2011-06-02 | Nippon Telegr & Teleph Corp <Ntt> | Device, method, and system for monitoring bgp traffic variation |
CN102868550A (en) * | 2012-08-17 | 2013-01-09 | 新浪网技术(中国)有限公司 | Total network flow scheduler and method for querying domain name resolution record by using total network flow scheduler |
CN105335420A (en) * | 2014-08-06 | 2016-02-17 | 神州数码信息系统有限公司 | Method for automatically generating city IP data |
CN106992938A (en) * | 2017-05-15 | 2017-07-28 | 网宿科技股份有限公司 | A kind of network traffics dynamic dispatching distribution method and system |
CN107959681A (en) * | 2017-12-06 | 2018-04-24 | 中盈优创资讯科技有限公司 | Access path determines method and device to IP network end to end |
CN110602264A (en) * | 2019-09-02 | 2019-12-20 | 中国移动通信集团江苏有限公司 | Method, apparatus, device and medium for transferring domain name resolution address weight information |
CN110912827A (en) * | 2019-11-22 | 2020-03-24 | 北京金山云网络技术有限公司 | Route updating method and user cluster |
CN114500456A (en) * | 2020-10-23 | 2022-05-13 | 中国移动通信集团河北有限公司 | DNS scheduling optimization method and device based on full-network sniffing and computing equipment |
CN114006841A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | IDC client resale analysis method and device |
CN114006734A (en) * | 2021-10-11 | 2022-02-01 | 中盈优创资讯科技有限公司 | Method and device for analyzing false source address of flow in metropolitan area network |
CN114338471A (en) * | 2021-12-28 | 2022-04-12 | 浙江云诺通信科技有限公司 | Analysis method based on ICP record combination netflow |
Non-Patent Citations (1)
Title |
---|
项朝君;罗望东;张浩;白洁;: "基于DNS和Flow数据实现互联网流量流向的大数据分析系统", 电信技术, no. 09, 25 September 2018 (2018-09-25), pages 35 - 40 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2024230515A1 (en) * | 2023-05-06 | 2024-11-14 | 北京火山引擎科技有限公司 | Method and apparatus for determining query line of content delivery network, and device and medium |
Also Published As
Publication number | Publication date |
---|---|
CN115914043B (en) | 2025-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112347377B (en) | IP address field searching method, service scheduling method, device and electronic equipment | |
US20230370319A1 (en) | Traffic outage detection in the internet | |
Schien et al. | Modeling and assessing variability in energy consumption during the use stage of online multimedia services | |
US8374103B2 (en) | Method and system for computing multicast traffic matrices | |
US8307006B2 (en) | Methods and apparatus to obtain anonymous audience measurement data from network server data for particular demographic and usage profiles | |
CN102833668B (en) | Data traffic reminding method and data traffic reminding device | |
US20130185429A1 (en) | Processing Store Visiting Data | |
CN110213203B (en) | Network scheduling method and device and computer storage medium | |
Wählisch et al. | Exposing a nation-centric view on the German internet–a change in perspective on AS-level | |
CN103093377B (en) | A kind of advertisement placement method and system | |
CN104317877A (en) | Netuser behavior data real-time processing method based on distributed computation | |
Yang et al. | An exact virtual network embedding algorithm based on integer linear programming for virtual network request with location constraint | |
CN115914043A (en) | A method and device for analyzing customer scheduling behavior based on BGP routing and DNS | |
CN102546205B (en) | Method and device for generating fault relation and determining fault | |
CN102170463B (en) | Online advertisement monitoring method for performing incoming call conversion tracking by utilizing extension telephone set | |
CN103152212B (en) | A kind of alarm correlation analysis method, device and network management system | |
CN116016628A (en) | API gateway buried point analysis method and device | |
CN101355460A (en) | Network flow monitoring point setting method | |
CN106779899B (en) | Malicious order identification method and device | |
CN115695216A (en) | Big data analysis method for internet traffic flow direction | |
CN115987803B (en) | Method and related device for determining organization of autonomous system | |
CN114006841A (en) | IDC client resale analysis method and device | |
Chen et al. | Energy efficient virtual network embedding for path splitting | |
Jeltes | Analyzing the use of renewable energy in Dutch web hosting through DNS measurement data | |
CN104580541A (en) | Intelligent DNS system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |