[go: up one dir, main page]

CN111884871A - Method and equipment for detecting discarded message of switch - Google Patents

Method and equipment for detecting discarded message of switch Download PDF

Info

Publication number
CN111884871A
CN111884871A CN202010608938.7A CN202010608938A CN111884871A CN 111884871 A CN111884871 A CN 111884871A CN 202010608938 A CN202010608938 A CN 202010608938A CN 111884871 A CN111884871 A CN 111884871A
Authority
CN
China
Prior art keywords
discarded
discard
entry
packet
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010608938.7A
Other languages
Chinese (zh)
Other versions
CN111884871B (en
Inventor
潘彪
颜虹
袁福利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN202010608938.7A priority Critical patent/CN111884871B/en
Publication of CN111884871A publication Critical patent/CN111884871A/en
Application granted granted Critical
Publication of CN111884871B publication Critical patent/CN111884871B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • H04L43/0829Packet loss
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/55Prevention, detection or correction of errors
    • H04L49/555Error detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供了一种交换机丢弃报文检测的方法和设备,该方法包括以下步骤:在监控服务器中建立丢弃报文的丢弃表项;响应于丢弃报文进入数据中心白盒交换机,将第一个报文的特征与丢弃表项中的记录进行匹配;响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数。通过使用本发明的方案,能够实现对丢弃报文的实时监控,解决传统网络无法对丢弃报文及原因实时监控的问题。

Figure 202010608938

The present invention provides a method and device for detecting discarded packets of a switch. The method includes the following steps: establishing a discarding table entry for discarding packets in a monitoring server; The feature of each packet is matched with the record in the discard entry; in response to the feature of the first packet matching the feature recorded in the discard entry, the count recorded in the discard entry corresponding to the feature is increased. By using the solution of the present invention, the real-time monitoring of the discarded packets can be realized, and the problem that the traditional network cannot monitor the discarded packets and the reasons in real time can be solved.

Figure 202010608938

Description

一种交换机丢弃报文检测的方法和设备A method and device for detecting discarded packets of a switch

技术领域technical field

本领域涉及计算机领域,并且更具体地涉及一种交换机丢弃报文检测的方法和设备。The field relates to the field of computers, and more particularly, to a method and device for detecting discarded packets of a switch.

背景技术Background technique

数据中心网络当网络中出现故障导致数据报文丢弃,交换机将报文统计到RX_DROP中,但是无法详细探知交换机具体丢包原因,因此当网络出现丢包故障时,如何有效的检测网络丢包原因,成为最需要解决的问题。In the data center network, when a network failure causes data packets to be discarded, the switch will count the packets into RX_DROP, but the specific packet loss reason of the switch cannot be detected in detail. Therefore, when a network packet loss failure occurs, how to effectively detect the network packet loss cause , is the problem that needs to be solved the most.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明实施例的目的在于提出一种交换机丢弃报文检测的方法和设备,通过使用本发明的方法,能够实现对丢弃报文的实时监控,解决传统网络无法对丢弃报文及原因实时监控的问题。In view of this, the purpose of the embodiments of the present invention is to propose a method and device for detecting discarded packets of a switch. By using the method of the present invention, real-time monitoring of discarded packets can be realized, and the problem that traditional networks cannot detect discarded packets and The reason is the problem of real-time monitoring.

基于上述目的,本发明的实施例的一个方面提供了一种交换机丢弃报文检测的方法,包括以下步骤:Based on the above purpose, an aspect of the embodiments of the present invention provides a method for detecting discarded packets by a switch, including the following steps:

在监控服务器中建立丢弃报文(DROP报文)的丢弃表项;Create a discard table entry for discarded packets (DROP packets) in the monitoring server;

响应于丢弃报文进入数据中心白盒交换机,将第一个报文的特征与丢弃表项中的记录进行匹配;In response to the discarded packet entering the data center white box switch, the characteristics of the first packet are matched with the records in the discarded table entry;

响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数。In response to the feature of the first packet matching the feature recorded in the discard entry, the count recorded in the discard entry corresponding to the feature is incremented.

根据本发明的一个实施例,还包括:According to an embodiment of the present invention, it also includes:

响应于第一个报文的特征与丢弃表项中记录的特征不完全匹配,将第一个报文的特征记录到丢弃表项中。In response to the characteristics of the first packet not completely matching the characteristics recorded in the discard entry, the characteristics of the first packet are recorded in the discard entry.

根据本发明的一个实施例,响应于丢弃报文进入数据中心白盒交换机,将第一个报文的特征与丢弃表项中的记录进行匹配包括:将具有相同特征的丢弃报文中的第一个报文上送到CPU中,将丢弃报文的源IP、目的IP、源端口、目的端口和协议号与丢弃表项中的记录进行匹配,并通过CPU分析丢弃报文的丢弃原因;According to an embodiment of the present invention, in response to the discarded packets entering the data center white-box switch, matching the characteristics of the first packet with the records in the discarding table entry includes: matching the first packet in the discarded packets with the same characteristics. When a packet is sent to the CPU, the source IP, destination IP, source port, destination port, and protocol number of the discarded packet are matched with the records in the discard table entry, and the CPU analyzes the discard reason of the discarded packet;

响应于所述第一个报文的特征与所述丢弃表项中记录的特征不完全匹配,将所述第一个报文的特征记录到所述丢弃表项中包括:响应于所述丢弃报文的源IP、目的IP、源端口、目的端口和协议号与所述丢弃表项中的记录不完全匹配,将所述源IP、目的IP、源端口、目的端口、协议号以及丢弃原因记录到所述丢弃表项中。In response to the characteristics of the first packet not completely matching the characteristics recorded in the discard entry, recording the characteristics of the first packet into the discard entry includes: in response to the discard The source IP, destination IP, source port, destination port, and protocol number of the packet do not exactly match the records in the discard entry, and the source IP, destination IP, source port, destination port, protocol number, and discard reason record in the discard entry.

根据本发明的一个实施例,丢弃表项记录包括报文的源IP、目的IP、源端口、目的端口、协议号、统计值和丢弃原因信息。According to an embodiment of the present invention, the discard entry record includes source IP, destination IP, source port, destination port, protocol number, statistical value, and discard reason information of the packet.

根据本发明的一个实施例,还包括:According to an embodiment of the present invention, it also includes:

响应于丢弃表项中某一条记录持续阈值时间没有相同特征的丢弃报文进入交换机,则将记录删除;In response to a certain record in the discard table entry that does not have the same feature for a threshold time and does not enter the switch, the record is deleted;

响应于阈值时间内有相同特征的丢弃报文进入交换机,重新计算时间。In response to dropped packets with the same characteristics entering the switch within the threshold time, the time is recalculated.

本发明的实施例的另一个方面,还提供了一种交换机丢弃报文检测的设备,设备包括:Another aspect of the embodiments of the present invention further provides a device for detecting discarded packets by a switch, the device comprising:

建立模块,建立模块配置为在监控服务器中建立丢弃报文的丢弃表项;establishing a module, and the establishing module is configured to establish a discarding table entry for discarding packets in the monitoring server;

匹配模块,匹配模块配置为响应于丢弃报文进入数据中心白盒交换机,将第一个报文的特征与丢弃表项中的记录进行匹配;a matching module, where the matching module is configured to match the feature of the first packet with the record in the discard table entry in response to the discarded packet entering the data center white box switch;

计数模块,计数模块配置为响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数。A counting module, where the counting module is configured to increase the count recorded in the discarding table entry corresponding to the characteristic in response to matching the characteristic of the first packet with the characteristic recorded in the discarding table entry.

根据本发明的一个实施例,还包括记录模块,记录模块配置为响应于第一个报文的特征与丢弃表项中记录的特征不完全匹配,将第一个报文的特征记录到丢弃表项中。According to an embodiment of the present invention, a recording module is further included, and the recording module is configured to record the characteristic of the first packet in the discarding table in response to the characteristic of the first packet not completely matching the characteristic recorded in the discarding table entry item.

根据本发明的一个实施例,匹配模块还配置为:将具有相同特征的丢弃报文中的第一个报文上送到CPU中,将丢弃报文的源IP、目的IP、源端口、目的端口和协议号与丢弃表项中的记录进行匹配,并通过CPU分析丢弃报文的丢弃原因;According to an embodiment of the present invention, the matching module is further configured to: send the first packet in the discarded packets with the same characteristics to the CPU, and send the source IP, destination IP, source port, and destination of the discarded packet to the CPU. The port and protocol number are matched with the records in the discard entry, and the reason for discarding the discarded packets is analyzed by the CPU;

记录模块还配置为响应于所述丢弃报文的源IP、目的IP、源端口、目的端口和协议号与所述丢弃表项中的记录不完全匹配,将所述源IP、目的IP、源端口、目的端口、协议号以及丢弃原因记录到所述丢弃表项中。The recording module is further configured to record the source IP, destination IP, source IP, The port, destination port, protocol number and discarding reason are recorded in the discarding table entry.

根据本发明的一个实施例,丢弃表项记录包括报文的源IP、目的IP、源端口、目的端口、协议号、统计值和丢弃原因信息。According to an embodiment of the present invention, the discard entry record includes source IP, destination IP, source port, destination port, protocol number, statistical value, and discard reason information of the packet.

根据本发明的一个实施例,还包括定时模块,定时模块配置为:According to an embodiment of the present invention, it further includes a timing module, and the timing module is configured as:

响应于丢弃表项中某一条记录持续阈值时间没有相同特征的丢弃报文进入交换机,则将记录删除;In response to a certain record in the discard table entry that does not have the same feature for a threshold time and does not enter the switch, the record is deleted;

响应于阈值时间内有相同特征的丢弃报文进入交换机,重新计算时间。In response to dropped packets with the same characteristics entering the switch within the threshold time, the time is recalculated.

本发明具有以下有益技术效果:本发明实施例提供的数据中心白盒交换机丢弃报文检测的方法,通过在监控服务器中建立丢弃报文的丢弃表项;响应于丢弃报文进入数据中心白盒交换机,将具有相同特征的丢弃报文中的第一个报文上送到CPU中,并将第一个报文的特征与丢弃表项中的记录进行匹配;响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数的技术方案,能够实现对丢弃报文的实时监控,解决传统网络无法对丢弃报文及原因实时监控的问题。The present invention has the following beneficial technical effects: the method for detecting discarded packets of a data center white box switch provided by the embodiment of the present invention establishes a discarding table entry for discarding packets in a monitoring server; The switch sends the first packet of the discarded packets with the same characteristics to the CPU, and matches the characteristics of the first packet with the records in the discard table entry; The feature matches the feature recorded in the discard entry, and the technical solution of increasing the count recorded in the discard entry corresponding to the feature can realize real-time monitoring of discarded packets, and solve the problem that traditional networks cannot monitor discarded packets and the reasons in real time. .

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的实施例。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other embodiments can also be obtained according to these drawings without creative efforts.

图1为根据本发明一个实施例的数据中心白盒交换机丢弃报文检测的方法的示意性流程图;1 is a schematic flowchart of a method for detecting discarded packets of a data center white box switch according to an embodiment of the present invention;

图2为根据本发明一个实施例的数据中心白盒交换机丢弃报文检测的设备的示意图。FIG. 2 is a schematic diagram of a device for detecting discarded packets of a white box switch in a data center according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明实施例进一步详细说明。In order to make the objectives, technical solutions and advantages of the present invention more clearly understood, the embodiments of the present invention will be further described in detail below with reference to the specific embodiments and the accompanying drawings.

基于上述目的,本发明的实施例的第一个方面,提出了一种交换机丢弃报文检测的方法的一个实施例。图1示出的是该方法的示意性流程图。Based on the above objective, in a first aspect of the embodiments of the present invention, an embodiment of a method for detecting discarded packets by a switch is proposed. Figure 1 shows a schematic flow chart of the method.

如图1中所示,该方法可以包括以下步骤:As shown in Figure 1, the method may include the following steps:

S1在监控服务器中建立丢弃报文的丢弃表项,该丢弃表项记录丢弃报文的相关信息,主要信息包括丢弃报文的源IP、目的IP、源端口、目的端口、协议号、统计值、交换机ID标识、端口ID标识和丢弃原因信息等;S1 establishes a discard entry for discarded packets in the monitoring server. The discard entry records the relevant information of discarded packets. The main information includes the source IP, destination IP, source port, destination port, protocol number, and statistical value of discarded packets. , switch ID identification, port ID identification and discard reason information, etc.;

S2响应于丢弃报文进入数据中心白盒交换机,将具有相同特征的丢弃报文中的第一个报文上送到CPU中,并将第一个报文的特征与丢弃表项中的记录进行匹配,由于只有第一个报文上送,并且后续可以将相同类型的丢弃报文周期性的上送,因此可以大大降低服务器处理报文数量,将五元组(源IP、目的IP、源端口、目的端口和协议号)作为丢弃报文唯一特征信息,具有相同特征信息的报文视为同一报文,只要五元组信息中存在一项不同,即为不同特征;In response to the discarded packets entering the data center white box switch, S2 sends the first packet of discarded packets with the same characteristics to the CPU, and compares the characteristics of the first packet with the records in the discarded table entry. For matching, since only the first packet is sent, and subsequent discarded packets of the same type can be sent periodically, the number of packets processed by the server can be greatly reduced, and the five-tuple (source IP, destination IP, source port, destination port and protocol number) as the unique feature information of discarded packets, packets with the same feature information are regarded as the same packet, as long as there is a difference in the quintuple information, it is a different feature;

S3响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数,例如,当监控到a个丢弃报文的特征信息(源IP、目的IP、源端口、目的端口、协议号)在丢弃表项中全匹配时,对应该表项统计值加a,当特征信息(源IP、目的IP、源端口、目的端口、协议号)中存在某一项与丢弃表项中不一致时,则新增一条丢弃表项,并为新增表项启动丢弃表项老化定时器。In response to the feature of the first packet matching the feature recorded in the discard entry, S3 increases the count recorded in the discard entry corresponding to the feature. For example, when monitoring the feature information (source IP, destination IP, When the IP, source port, destination port, protocol number) all match in the discard entry, add a to the statistics value of the entry, when the feature information (source IP, destination IP, source port, destination port, protocol number) exists When an entry is inconsistent with the discarded entry, a discarded entry is added, and the discarded entry aging timer is started for the newly added entry.

本发明的技术方案通过监测丢弃,将丢弃报文上送CPU,通过定义的报文丢弃原因,将丢弃的特征信息(源IP、目的IP、源端口、目的端口、协议号)+交换机id标识和端口id标识+报文的丢弃数量进行记录,并生成表项,报告监控服务器,从而实现网络对丢弃报文实时监控。The technical scheme of the present invention sends the discarded message to the CPU by monitoring discarding, and sends the discarded characteristic information (source IP, destination IP, source port, destination port, protocol number) + switch id identifier according to the defined message discarding reason. It records the number of discarded packets and the port ID + the number of discarded packets, and generates entries to report to the monitoring server, so that the network can monitor discarded packets in real time.

在本发明的一个优选实施例中,还包括:In a preferred embodiment of the present invention, it also includes:

响应于第一个报文的特征与丢弃表项中记录的特征不完全匹配,将第一个报文的特征记录到丢弃表项中。这里的匹配时使用的特征包括源IP、目的IP、源端口、目的端口和协议号,将该报文特征记录到丢弃表项中时还需要记录丢弃原因信息,丢弃原因由CPU进行分析获得。In response to the characteristics of the first packet not completely matching the characteristics recorded in the discard entry, the characteristics of the first packet are recorded in the discard entry. The features used for matching here include source IP, destination IP, source port, destination port, and protocol number. When recording the packet feature in the discard entry, you also need to record the discard reason. The discard reason is obtained by the CPU analysis.

在本发明的一个优选实施例中,响应于丢弃报文进入数据中心白盒交换机,将第一个报文的特征与丢弃表项中的记录进行匹配包括:将具有相同特征的丢弃报文中的第一个报文上送到CPU中,将丢弃报文的源IP、目的IP、源端口、目的端口和协议号与丢弃表项中的记录进行匹配,并通过CPU分析丢弃报文的丢弃原因;In a preferred embodiment of the present invention, in response to the discarded packets entering the data center white box switch, matching the characteristics of the first packet with the records in the discarding table entry includes: adding discarded packets with the same characteristics to The first packet is sent to the CPU, the source IP, destination IP, source port, destination port, and protocol number of the discarded packet are matched with the records in the discard entry, and the discarded packet is analyzed by the CPU. reason;

响应于所述第一个报文的特征与所述丢弃表项中记录的特征不完全匹配,将所述第一个报文的特征记录到所述丢弃表项中包括:响应于所述丢弃报文的源IP、目的IP、源端口、目的端口和协议号与所述丢弃表项中的记录不完全匹配,将所述源IP、目的IP、源端口、目的端口、协议号以及丢弃原因记录到所述丢弃表项中。丢弃报文的特征包括源IP、目的IP、源端口、目的端口和协议号,如果这5项有一项以上与丢弃表项中的记录不匹配,则将该丢弃报文记录到丢弃表项中作为其他丢弃报文匹配的对象。In response to the characteristics of the first packet not completely matching the characteristics recorded in the discard entry, recording the characteristics of the first packet into the discard entry includes: in response to the discard The source IP, destination IP, source port, destination port, and protocol number of the packet do not exactly match the records in the discard entry, and the source IP, destination IP, source port, destination port, protocol number, and discard reason record in the discard entry. The characteristics of discarded packets include source IP, destination IP, source port, destination port, and protocol number. If more than one of these five items does not match the record in the discard entry, the discarded packet will be recorded in the discard entry. As the object matched by other discarded packets.

交换机CPU检查报文丢弃原因,通过检测ttl字段、ipv4、ipv6报文头字段、mtu字段、vlan字段信息、路由信息、crc信息、出端口队列深度和利用率信息分析丢弃原因,定义报文丢弃原因如下:The switch CPU checks the reasons for discarding packets, analyzes the reasons for discarding packets by detecting the ttl field, ipv4, ipv6 packet header field, mtu field, vlan field information, routing information, crc information, outgoing port queue depth and utilization information, and defines packet discarding The reasons are as follows:

Ttl(time to live,生存时间)=0的丢弃报文;Ttl (time to live, time to live) = 0 discarded packets;

IP(Internet Protocol、网际互连协议)报头错误的丢弃报文;Discard packets with incorrect IP (Internet Protocol, Internet Protocol) headers;

IPV6(Internet Protocol Version 6、互联网协议第6版)报头错误的丢弃报文;IPV6 (Internet Protocol Version 6, Internet Protocol Version 6) header error discarded packets;

超出交换机MTU(最大传输单元、Maximum Transmission Unit)的丢弃报文;Discarded packets exceeding the MTU (Maximum Transmission Unit) of the switch;

与端口Vlan(Virtual Local Area Network,虚拟局域网)属性不匹配的丢弃报文;Discard packets that do not match the attributes of the port Vlan (Virtual Local Area Network);

未知三层转发丢弃流量;Unknown Layer 3 forwarding discards traffic;

CRC(循环冗余校验、Cyclic Redundancy Check)校验错误的丢弃流量;CRC (Cyclic Redundancy Check, Cyclic Redundancy Check) check error discarded traffic;

交换机出端口队列拥塞丢弃的流量。Traffic discarded by congestion in the egress port queue of the switch.

在本发明的一个优选实施例中,丢弃表项记录包括报文的源IP、目的IP、源端口、目的端口、协议号、统计值和丢弃原因信息。In a preferred embodiment of the present invention, the discard entry record includes source IP, destination IP, source port, destination port, protocol number, statistical value and discard reason information of the packet.

在本发明的一个优选实施例中,还包括:In a preferred embodiment of the present invention, it also includes:

响应于丢弃表项中某一条记录持续阈值时间没有相同特征的丢弃报文进入交换机,则将记录删除;In response to a certain record in the discard table entry that does not have the same feature for a threshold time and does not enter the switch, the record is deleted;

响应于阈值时间内有相同特征的丢弃报文进入交换机,定时器重新计算时间。In response to dropped packets with the same characteristics entering the switch within the threshold time, the timer recalculates the time.

当丢弃表项中某一条目持续t秒内没有相同的(源IP、目的IP、源端口、目的端口、协议号)报文进入交换机,则将该丢弃表项删除,如果在t秒内有相同的(源IP、目的IP、源端口、目的端口、协议号)报文进入设备,则定时器重新计算,等待t秒后如果没有相同报文才会被删除,丢弃老化时间缺省为3分钟,可设置范围为1-5分钟。When an entry in the discard entry does not have the same (source IP, destination IP, source port, destination port, protocol number) packet entering the switch for t seconds, the discard entry will be deleted. If the same (source IP, destination IP, source port, destination port, protocol number) packets enter the device, the timer will be recalculated. After t seconds, if there is no same packet, it will be deleted. The default aging time for discarding is 3. minutes, the settable range is 1-5 minutes.

丢弃表项可以设置上送周期,丢弃表项在监控到a个丢弃报文具有相同的(源IP、目的IP、源端口、目的端口、协议号)时,对应该表项的统计值会增加a,但是此时监控服务器并不知道统计值的变化,因此在丢弃表项上送周期到来后,将该统计值上送监控服务器,从而实现实时监控的目的,又避免每个丢弃报文都上送监控服务器,减少监控服务器的报文处理数量。The drop table entry can be set to the sending period. When a drop table entry monitors a discarded packet with the same (source IP, destination IP, source port, destination port, and protocol number), the corresponding statistical value of the table entry will increase. a, but the monitoring server does not know the change of the statistical value at this time. Therefore, after the sending period of the discard table entry arrives, the statistical value is sent to the monitoring server, so as to realize the purpose of real-time monitoring and avoid the Send it to the monitoring server to reduce the number of packets processed by the monitoring server.

实施例Example

下面是实现本发明方法的一个示例性实施例The following is an exemplary embodiment for implementing the method of the present invention

1、监控丢弃报文,将丢弃报文通过cos=40队列上送CPU;1. Monitor the discarded packets, and send the discarded packets to the CPU through the cos=40 queue;

2、监控进入交换机的报文,当监控到丢弃报文时,根据定义的丢弃原因,分析丢弃报文丢弃原因,监测到丢弃报文时查看ttl字段、ipv4、ipv6报文头字段、mtu字段、vlan字段信息、路由信息、crc信息、出端口队列深度和利用率信息来分析报文丢弃原因;2. Monitor the packets entering the switch. When monitoring the discarded packets, analyze the discarding reasons according to the defined discarding reasons. When monitoring discarded packets, check the ttl field, ipv4, ipv6 header field, and mtu field. , vlan field information, routing information, crc information, outgoing port queue depth and utilization information to analyze the reasons for packet discarding;

3、CPU解析获取报文的特征信息(源IP、目的IP、源端口、目的端口、协议号),记录报文入出端口信息;3. The CPU analyzes and obtains the characteristic information of the packet (source IP, destination IP, source port, destination port, protocol number), and records the information of the incoming and outgoing ports of the packet;

4、生成丢弃表项,记录特征信息(源IP、目的IP、源端口、目的端口、协议号)+统计值+丢弃原因,并启动定时器,防止表项无限占用不老化;4. Generate discard entries, record feature information (source IP, destination IP, source port, destination port, protocol number) + statistical value + discard reason, and start a timer to prevent the entry from being used indefinitely and not aging;

5、底层下发(源IP、目的IP、源端口、目的端口、协议号)的acl(访问控制列表)表项,当后续具有相同特征信息的丢弃报文,直接匹配acl,同时对于统计值增加;5. The acl (access control list) entry (source IP, destination IP, source port, destination port, protocol number) delivered by the bottom layer, when the subsequent discarded packets with the same feature information, directly match the acl, and at the same time for the statistical value Increase;

6、将丢弃报文+丢弃原因+入出端口id标识+交换机id标识上送监控服务器。6. Send the discarded packet + discard reason + inbound and outbound port ID + switch ID to the monitoring server.

通过本发明的技术方案,能够实现对丢弃报文的实时监控,解决传统网络无法对丢弃报文及原因实时监控的问题。Through the technical scheme of the present invention, real-time monitoring of discarded packets can be realized, and the problem that traditional networks cannot monitor discarded packets and the reasons in real-time can be solved.

需要说明的是,本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关硬件来完成,上述的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中存储介质可为磁碟、光盘、只读存储器(Read-Only Memory,ROM)或随机存取存储器(Random AccessMemory,RAM)等。上述计算机程序的实施例,可以达到与之对应的前述任意方法实施例相同或者相类似的效果。It should be noted that those of ordinary skill in the art can understand that all or part of the process in the method of the above-mentioned embodiments can be implemented by instructing the relevant hardware through a computer program, and the above-mentioned program can be stored in a computer-readable storage medium. When the program is executed, it may include the flow of the embodiments of the above-mentioned methods. The storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM) or the like. The above computer program embodiments can achieve the same or similar effects as any of the foregoing method embodiments corresponding thereto.

此外,根据本发明实施例公开的方法还可以被实现为由CPU执行的计算机程序,该计算机程序可以存储在计算机可读存储介质中。在该计算机程序被CPU执行时,执行本发明实施例公开的方法中限定的上述功能。In addition, the methods disclosed according to the embodiments of the present invention may also be implemented as a computer program executed by the CPU, and the computer program may be stored in a computer-readable storage medium. When the computer program is executed by the CPU, the above-mentioned functions defined in the methods disclosed in the embodiments of the present invention are executed.

基于上述目的,本发明的实施例的第二个方面,提出了一种交换机丢弃报文检测的设备,如图2所示,设备200包括:Based on the above purpose, a second aspect of the embodiments of the present invention provides a device for detecting discarded packets by a switch. As shown in FIG. 2 , the device 200 includes:

建立模块,建立模块配置为在监控服务器中建立丢弃报文的丢弃表项;establishing a module, and the establishing module is configured to establish a discarding table entry for discarding packets in the monitoring server;

匹配模块,匹配模块配置为响应于丢弃报文进入数据中心白盒交换机,并将第一个报文的特征与丢弃表项中的记录进行匹配;a matching module, where the matching module is configured to enter the data center white box switch in response to the discarded packet, and to match the feature of the first packet with the record in the discarded table entry;

计数模块,计数模块配置为响应于第一个报文的特征与丢弃表项中记录的特征匹配,增加特征对应的丢弃表项中记录的计数。A counting module, where the counting module is configured to increase the count recorded in the discarding table entry corresponding to the characteristic in response to matching the characteristic of the first packet with the characteristic recorded in the discarding table entry.

在本发明的一个优选实施例中,还包括记录模块,记录模块配置为响应于第一个报文的特征与丢弃表项中记录的特征不完全匹配,将第一个报文的特征记录到丢弃表项中。In a preferred embodiment of the present invention, a recording module is further included, and the recording module is configured to record the characteristics of the first packet in response to the characteristics of the first packet not completely matching the characteristics recorded in the discard table entry discarded in the entry.

在本发明的一个优选实施例中,匹配模块还配置为:将具有相同特征的丢弃报文中的第一个报文上送到CPU中,将丢弃报文的源IP、目的IP、源端口、目的端口和协议号与丢弃表项中的记录进行匹配,并通过CPU分析丢弃报文的丢弃原因;In a preferred embodiment of the present invention, the matching module is further configured to: send the first packet in the discarded packets with the same characteristics to the CPU, and send the source IP, destination IP, and source port of the discarded packet to the CPU. , The destination port and protocol number are matched with the records in the discard entry, and the reason for discarding the discarded packets is analyzed by the CPU;

记录模块还配置为:响应于所述丢弃报文的源IP、目的IP、源端口、目的端口和协议号与所述丢弃表项中的记录不完全匹配,将所述源IP、目的IP、源端口、目的端口、协议号以及丢弃原因记录到所述丢弃表项中。The recording module is further configured to: in response to the source IP, destination IP, source port, destination port and protocol number of the discarded packet not completely matching the record in the discard table entry, record the source IP, destination IP, The source port, the destination port, the protocol number and the discarding reason are recorded in the discarding table entry.

在本发明的一个优选实施例中,丢弃表项记录包括报文的源IP、目的IP、源端口、目的端口、协议号、统计值和丢弃原因信息。In a preferred embodiment of the present invention, the discard entry record includes source IP, destination IP, source port, destination port, protocol number, statistical value and discard reason information of the packet.

在本发明的一个优选实施例中,还包括定时模块,定时模块配置为:In a preferred embodiment of the present invention, it also includes a timing module, and the timing module is configured as:

响应于丢弃表项中某一条记录持续阈值时间没有相同特征的丢弃报文进入交换机,则将记录删除;In response to a certain record in the discard table entry that does not have the same feature for a threshold time and does not enter the switch, the record is deleted;

响应于阈值时间内有相同特征的丢弃报文进入交换机,定时器重新计算时间。In response to dropped packets with the same characteristics entering the switch within the threshold time, the timer recalculates the time.

需要特别指出的是,上述系统的实施例采用了上述方法的实施例来具体说明各模块的工作过程,本领域技术人员能够很容易想到,将这些模块应用到上述方法的其他实施例中。It should be particularly pointed out that the embodiments of the above system use the embodiments of the above method to specifically describe the working process of each module, and those skilled in the art can easily think of applying these modules to other embodiments of the above method.

此外,上述方法步骤以及系统单元或模块也可以利用控制器以及用于存储使得控制器实现上述步骤或单元或模块功能的计算机程序的计算机可读存储介质实现。In addition, the above-mentioned method steps and system units or modules can also be implemented by using a controller and a computer-readable storage medium for storing a computer program that enables the controller to implement the functions of the above-mentioned steps or units or modules.

本领域技术人员还将明白的是,结合这里的公开所描述的各种示例性逻辑块、模块、电路和算法步骤可以被实现为电子硬件、计算机软件或两者的组合。为了清楚地说明硬件和软件的这种可互换性,已经就各种示意性组件、方块、模块、电路和步骤的功能对其进行了一般性的描述。这种功能是被实现为软件还是被实现为硬件取决于具体应用以及施加给整个系统的设计约束。本领域技术人员可以针对每种具体应用以各种方式来实现的功能,但是这种实现决定不应被解释为导致脱离本发明实施例公开的范围。Those skilled in the art will also appreciate that the various exemplary logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends on the specific application and design constraints imposed on the overall system. Those skilled in the art may implement the functions in various ways for each specific application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.

上述实施例,特别是任何“优选”实施例是实现的可能示例,并且仅为了清楚地理解本发明的原理而提出。可以在不脱离本文所描述的技术的精神和原理的情况下对上述实施例进行许多变化和修改。所有修改旨在被包括在本公开的范围内并且由所附权利要求保护。The above-described embodiments, particularly any "preferred" embodiments, are possible examples of implementations, and are presented merely for a clear understanding of the principles of the invention. Numerous changes and modifications may be made to the above-described embodiments without departing from the spirit and principles of the technology described herein. All modifications are intended to be included within the scope of this disclosure and protected by the appended claims.

Claims (10)

1. A method for detecting the discarded message of a switch is characterized by comprising the following steps:
establishing a discarding list item of the discarded message in the monitoring server;
responding to a discarded message entering a data center white box switch, and matching the characteristics of the first message with the records in the discarded table item;
and in response to the feature of the first packet matching the feature recorded in the discarded entry, increasing the count of the record in the discarded entry corresponding to the feature.
2. The method of claim 1, further comprising:
and recording the characteristics of the first message into the discarding table entry in response to the incomplete matching between the characteristics of the first message and the characteristics recorded in the discarding table entry.
3. The method of claim 2, wherein matching the characteristic of the first packet with the record in the drop table entry in response to the drop packet entering a data center white box switch comprises: sending a first message in discarded messages with the same characteristics to a CPU (central processing unit), matching a source IP (Internet protocol), a destination IP, a source port, a destination port and a protocol number of the discarded message with records in the discarded table entry, and analyzing the discarding reason of the discarded message through the CPU;
in response to the feature of the first packet not completely matching the feature recorded in the discard entry, recording the feature of the first packet in the discard entry comprises: and in response to that the source IP, the destination IP, the source port, the destination port and the protocol number of the discarded message are not completely matched with the record in the discarded table entry, recording the source IP, the destination IP, the source port, the destination port, the protocol number and the discarding reason into the discarded table entry.
4. The method of claim 1, wherein the discard entry record comprises a source IP, a destination IP, a source port, a destination port, a protocol number, statistics, and discard cause information of the packet.
5. The method of claim 1, further comprising:
in response to the fact that a certain record in the discarded table entry does not have the discarded message with the same characteristics for the threshold duration time, the record is deleted;
and responding to the discarded message with the same characteristics in the threshold time to enter the switch, and recalculating the time.
6. An apparatus for switch drop message detection, the apparatus comprising:
the system comprises an establishing module, a judging module and a sending module, wherein the establishing module is configured to establish a discarding table item of a discarded message in a monitoring server;
a matching module configured to match a feature of the first packet with a record in the discard entry in response to a discard packet entering a data center white box switch;
a counting module configured to increase a count of the records in the discard entry corresponding to the feature in response to the feature of the first packet matching the feature recorded in the discard entry.
7. The device of claim 6, further comprising a logging module configured to log the feature of the first packet into the discard entry in response to the feature of the first packet not completely matching the feature recorded in the discard entry.
8. The device of claim 7, wherein the matching module is further configured to upload a first message in the discarded messages with the same characteristics to a CPU, match a source IP, a destination IP, a source port, a destination port, and a protocol number of the discarded message with records in the discarded table entry, and analyze, by the CPU, a discard reason of the discarded message;
the recording module is further configured to record the source IP, the destination IP, the source port, the destination port, the protocol number, and the discard reason into the discard entry in response to the source IP, the destination IP, the source port, the destination port, and the protocol number of the discard packet not completely matching the record in the discard entry.
9. The apparatus of claim 6, wherein the discard entry record comprises a source IP, a destination IP, a source port, a destination port, a protocol number, statistics, and discard cause information of the packet.
10. The device of claim 6, further comprising a timing module configured to:
in response to the fact that a certain record in the discarded table entry does not have the discarded message with the same characteristics for the threshold duration time, the record is deleted;
and responding to the discarded message with the same characteristics in the threshold time to enter the switch, and recalculating the time.
CN202010608938.7A 2020-06-30 2020-06-30 Method and equipment for detecting discarded message of switch Active CN111884871B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010608938.7A CN111884871B (en) 2020-06-30 2020-06-30 Method and equipment for detecting discarded message of switch

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010608938.7A CN111884871B (en) 2020-06-30 2020-06-30 Method and equipment for detecting discarded message of switch

Publications (2)

Publication Number Publication Date
CN111884871A true CN111884871A (en) 2020-11-03
CN111884871B CN111884871B (en) 2022-08-19

Family

ID=73157460

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010608938.7A Active CN111884871B (en) 2020-06-30 2020-06-30 Method and equipment for detecting discarded message of switch

Country Status (1)

Country Link
CN (1) CN111884871B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702236A (en) * 2020-12-23 2021-04-23 锐捷网络股份有限公司 Method and processor for realizing packet loss detection
CN116743630A (en) * 2023-06-28 2023-09-12 北京神州数码云科信息技术有限公司 A method for monitoring and processing packet loss during the forwarding process of business flows

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6587471B1 (en) * 1997-11-21 2003-07-01 International Business Machines Corporation Methods, systems and computer program products for suppressing multiple destination traffic in a computer network
CN1801781A (en) * 2006-01-10 2006-07-12 杭州华为三康技术有限公司 Exchange equipment and its message processing method for preventing flow attack
CN103237039A (en) * 2013-05-10 2013-08-07 汉柏科技有限公司 Message forwarding method and message forwarding device
CN105099920A (en) * 2014-04-30 2015-11-25 杭州华三通信技术有限公司 Method and device for setting SDN flow entry
CN106131177A (en) * 2016-06-29 2016-11-16 杭州华三通信技术有限公司 A kind of message processing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6587471B1 (en) * 1997-11-21 2003-07-01 International Business Machines Corporation Methods, systems and computer program products for suppressing multiple destination traffic in a computer network
CN1801781A (en) * 2006-01-10 2006-07-12 杭州华为三康技术有限公司 Exchange equipment and its message processing method for preventing flow attack
CN103237039A (en) * 2013-05-10 2013-08-07 汉柏科技有限公司 Message forwarding method and message forwarding device
CN105099920A (en) * 2014-04-30 2015-11-25 杭州华三通信技术有限公司 Method and device for setting SDN flow entry
CN106131177A (en) * 2016-06-29 2016-11-16 杭州华三通信技术有限公司 A kind of message processing method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112702236A (en) * 2020-12-23 2021-04-23 锐捷网络股份有限公司 Method and processor for realizing packet loss detection
CN116743630A (en) * 2023-06-28 2023-09-12 北京神州数码云科信息技术有限公司 A method for monitoring and processing packet loss during the forwarding process of business flows

Also Published As

Publication number Publication date
CN111884871B (en) 2022-08-19

Similar Documents

Publication Publication Date Title
EP3520267B1 (en) Router with bilateral tcp session monitoring
CN113132342B (en) Method, network device, tunnel entry point device and storage medium
CN102577248B (en) Method and device for detecting NAT equipment
US8397284B2 (en) Detection of distributed denial of service attacks in autonomous system domains
CN104539625B (en) Network security defense system based on software definition and working method thereof
US7602731B2 (en) System and method for integrated header, state, rate and content anomaly prevention with policy enforcement
US9729509B2 (en) System and method for integrated header, state, rate and content anomaly prevention for session initiation protocol
US10764148B2 (en) Methods, systems, and computer readable media for network traffic statistics collection
US7626940B2 (en) System and method for integrated header, state, rate and content anomaly prevention for domain name service
US7636305B1 (en) Method and apparatus for monitoring network traffic
CN103166866B (en) Generate the method for list item, the method receiving message and related device and system
US20110145391A1 (en) System and method for correlating ip flows across network address translation firewalls
CN106233673A (en) Network service inserts
US20140149572A1 (en) Monitoring and diagnostics in computer networks
CN111092840B (en) Method, system and storage medium for generating processing strategy
US12177128B2 (en) Methods and systems for autonomous rule-based task coordination amongst edge devices
CN111371740A (en) Message flow monitoring method and system and electronic equipment
US11146468B1 (en) Intelligent export of network information
CN111884871B (en) Method and equipment for detecting discarded message of switch
CN101355585B (en) System and method for protecting information of distributed architecture data communication equipment
CN109672701B (en) A differential TCP link management method and device
CN110224932B (en) Method and system for rapidly forwarding data
US12160356B2 (en) Flow table sending method and related apparatus
CN116319468B (en) Network telemetry method, device, switch, network, electronic equipment and medium
JP7104201B2 (en) Packet relay device and packet relay method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Building 9, No.1, guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Wuzhong District, Suzhou City, Jiangsu Province

Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: Building 9, No.1, guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Wuzhong District, Suzhou City, Jiangsu Province

Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address