CN104734981A - Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) - Google Patents

Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) Download PDF

Info

Publication number
CN104734981A
CN104734981A CN201510173272.6A CN201510173272A CN104734981A CN 104734981 A CN104734981 A CN 104734981A CN 201510173272 A CN201510173272 A CN 201510173272A CN 104734981 A CN104734981 A CN 104734981A
Authority
CN
China
Prior art keywords
mpls vpn
relation
traffic
service provider
flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510173272.6A
Other languages
Chinese (zh)
Other versions
CN104734981B (en
Inventor
刘向东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Metamessage Science And Technology Ltd Is Consulted In Guangzhou
Original Assignee
Metamessage Science And Technology Ltd Is Consulted In Guangzhou
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Metamessage Science And Technology Ltd Is Consulted In Guangzhou filed Critical Metamessage Science And Technology Ltd Is Consulted In Guangzhou
Priority to CN201510173272.6A priority Critical patent/CN104734981B/en
Publication of CN104734981A publication Critical patent/CN104734981A/en
Application granted granted Critical
Publication of CN104734981B publication Critical patent/CN104734981B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a device interconnectional relation-based method of precisely recognizing service traffic of an MPLS VPN (multi-protocol label switching virtual private network). A service provider P, provider edges PE and a customer edge CE are provided. According to the principle that MPLS VPN services can be bonded only to a PE interface connected with the CE, through device interconnectional relation, a NetStream/Netflow inflow traffic statistics function is started from the PE1 and PE2 at the same time through multi-device data relation analysis; MPLS VPN service traffic flowing through the PE1 and the PE2 is acquired by deduction, recognition and conversion; thus, the service traffic data between the PEs of a backbone network of the service provider and the service provider P is counted more accurately; service traffic is not recognized through labels, traffic data are correlated, analyzed and calculated through source ports and target ports, and recognition of the MPLS VPN service traffic is achieved.

Description

A kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation
Technical field
The present invention relates to a kind of method of network service traffic, a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation of specific design, belongs to network management technology field.
Background technology
MPLS VPN refers to and adopts MPLS (multi protocol label conversion) technology in backbone IP network, build IP private network, realize cross-region, safety, at a high speed, the multiple services communication such as reliable data, voice, image.
MPLS VPN is based on the VPN technologies of service provider edge router (PE:Provider Edge), it uses Border Gateway Protocol (BGP) (Border Gateway Protocol), service provider backbone is issued VPN route, uses MPLS on service provider backbone, forward VPN message.
To the flow analysis of MPLS VPN, the bottleneck of network manager's Timeliness coverage Internet resources can be helped, and according to the timely Optimizing Network Resources of the development of business, for the fault location of network management personnel in the network planning, daily O&M process provides effective decision support.
The current flow analysis method to MPLS VPN is (number of patent application: 200910169601.4): the private network tags that data flow interpolation that every platform PE equipment forwards for it is corresponding with the VPN belonging to this data flow, and the identification information of private network VPN recorded in flow analysis system in this VPN corresponding to all PE equipment and the corresponding relation of private network tags, first flow analysis system receiving router report according to different private network tags generate traffic statistics, then according to private network tags, the traffic statistics based on private network VPN is generated according to its corresponding relation, thus realize the Traffic identification of different VPN.
The treatment step of the method is as shown in Figure 1:
1, flow analysis servers needs to be respectively each PE equipment and distributes different available private network tags;
2, flow analysis servers must obtain the device id of PE equipment used in current system, the private network tags corresponding to the determined each private network VPN of the identification information of the private network VPN in current system corresponding to all PE equipment, each PE equipment;
3, flow analysis servers generates and the device id of all PE equipment, the identification information of private network VPN and the corresponding relation of private network tags in saved system.
Existing method Problems existing:
1, PE distributes comprehensive label by flow analysis servers, there is potential safety hazard, if when PE is unreachable to the route of server, then cannot obtain private network tags; After Analysis server delays machine, the whole network all cannot obtain private network tags;
2, use fixed labels to there is incipient fault for data security, analyzed by the packet caught packet capturing software, can according to the content of label analytic message;
3, the method distributes private network tags by flow analysis servers, if realize this object, need BGP (Border Gateway Protocol, Border Gateway Protocol) transform, and existing PE equipment vendors use MBGP agreement to distribute vpn label mostly, cannot support that flow analysis system is that VPN distributes vpn label, therefore the practicality of the method is not high;
4, for the scene across AS territory, particularly for the situation of different operators across AS, the method can only identify the VPN flow of Home Network, and the flow of None-identified bipartite network.
Summary of the invention
The invention provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, existing Traffic identification technology is improved, namely identification services flow is not carried out by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
For solving the problems of the technologies described above, the embodiment of the present application provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, by the interconnecting relation (source port and destination interface) of equipment, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
One or more technical schemes that the application provides, at least have following technique effect or advantage:
Existing Traffic identification technology is improved, does not namely carry out identification services flow by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is prior art schematic diagram;
Fig. 2 is the structure chart of the embodiment of the present application one.
Embodiment
The invention provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, existing Traffic identification technology is improved, namely identification services flow is not carried out by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
In order to better understand technique scheme, below in conjunction with Figure of description and concrete execution mode, technique scheme is described in detail.
Embodiment one:
With reference to Fig. 2, for solving the problems of the technologies described above, the embodiment of the present application provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, by the interconnecting relation (source port and destination interface) of equipment, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
Identify the MPLS VPN traffic method of flow flowing through PE2 in PE1:
Owing to being None-identified PE1->PE2MPLS VPN traffic flow in PE1, therefore in order to identify in PE1 the MPLS VPN traffic flow flowing through PE2, need the traffic statistics utilizing PE2, interface identification MPLS VPN traffic flow by being connected with CE2 in PE2, namely has following identification services method:
In PE1 in the service traffics=PE2 of PE2 from the flow that PE1 flows into, and the interface identification MPLS VPN traffic flow by being connected with CE2 in PE2
MPLS VPN traffic method of calculating flux from PE1 to P1:
Flow from PE1 to P1 comprises the flow of CE1->PE1->P1, CE2->PE2->PE1-GreatT.GreaT.G TP1, and the flow of PE2 to PE1 comprises the flow of CE2->PE2->PE1-GreatT.GreaT.G TP1, P2->PE2->PE1-> CE1, the computing formula therefore calculating the flow from PE1 to P1 is as follows:
In MPLS VPN traffic flow=PE1 from PE1 to P1, all Output interfaces are that in the flow summation+PE2 of the interface of PE1 to P1, all Output interfaces are that in the flow summation-PE2 of the interface of PE2 to PE1, all Input interfaces are the interface of P2 to PE2 and Output interface is the flow summation of the interface of PE2 to PE1, identify the MPLS VPN traffic of flow carrying according to Input interface simultaneously
MPLS VPN traffic method of calculating flux from P1 to PE1
Flow from P1 to PE1 comprises the flow of P1->PE1->CE1, P1->PE1->PE2-> CE2, and the flow of PE1 to PE2 comprises the flow of P1->PE1->PE2-> CE2, CE1->PE1->PE2-GreatT.GreaT.G TP2, the computational methods therefore calculating the flow from P1 to PE1 are as follows:
In MPLS VPN traffic flow=PE1 from P1 to PE1, all Input interfaces are that in the flow summation+PE2 of the interface of P1 to PE1, all Input interfaces are that in the flow summation-PE2 of the interface of PE1 to PE2, all Output interfaces are the interface of PE2 to P2 and Input interface is the flow summation of the interface of PE1 to PE2, identify the MPLS VPN traffic of flow carrying according to Output interface simultaneously.
One or more technical schemes that the application provides, at least have following technique effect or advantage:
Existing Traffic identification technology is improved, does not namely carry out identification services flow by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (1)

1. one kind accurately identifies the method for MPLS VPN service traffics based on devices interconnect relation, it is characterized in that: comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, interconnecting relation by equipment: source port and destination interface, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
CN201510173272.6A 2015-04-11 2015-04-11 A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation Active CN104734981B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510173272.6A CN104734981B (en) 2015-04-11 2015-04-11 A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510173272.6A CN104734981B (en) 2015-04-11 2015-04-11 A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation

Publications (2)

Publication Number Publication Date
CN104734981A true CN104734981A (en) 2015-06-24
CN104734981B CN104734981B (en) 2017-10-27

Family

ID=53458429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510173272.6A Active CN104734981B (en) 2015-04-11 2015-04-11 A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation

Country Status (1)

Country Link
CN (1) CN104734981B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311840A (en) * 2019-07-31 2019-10-08 秒针信息技术有限公司 Network flow identification method, device, equipment and storage medium
CN110703817A (en) * 2016-03-29 2020-01-17 华为技术有限公司 Control method, device and system for statistical flow
CN110868352A (en) * 2019-11-14 2020-03-06 迈普通信技术股份有限公司 Private network application identification system and method, SDN controller and P device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6205488B1 (en) * 1998-11-13 2001-03-20 Nortel Networks Limited Internet protocol virtual private network realization using multi-protocol label switching tunnels
CN101488925A (en) * 2009-03-03 2009-07-22 中兴通讯股份有限公司 Method for collecting and designing VPN flow by using Netflow
CN101631089A (en) * 2009-08-27 2010-01-20 杭州华三通信技术有限公司 Flow calculating method, flow calculating device and flow calculating system based on private network VPN
CN101707554A (en) * 2009-11-18 2010-05-12 华为技术有限公司 Method and device for obtaining flow distribution of network
CN103746914A (en) * 2013-12-31 2014-04-23 华为技术有限公司 Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6205488B1 (en) * 1998-11-13 2001-03-20 Nortel Networks Limited Internet protocol virtual private network realization using multi-protocol label switching tunnels
CN101488925A (en) * 2009-03-03 2009-07-22 中兴通讯股份有限公司 Method for collecting and designing VPN flow by using Netflow
CN101631089A (en) * 2009-08-27 2010-01-20 杭州华三通信技术有限公司 Flow calculating method, flow calculating device and flow calculating system based on private network VPN
CN101707554A (en) * 2009-11-18 2010-05-12 华为技术有限公司 Method and device for obtaining flow distribution of network
CN103746914A (en) * 2013-12-31 2014-04-23 华为技术有限公司 Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110703817A (en) * 2016-03-29 2020-01-17 华为技术有限公司 Control method, device and system for statistical flow
CN110703817B (en) * 2016-03-29 2022-04-05 华为技术有限公司 Control method, device and system for statistical flow
US11381480B2 (en) 2016-03-29 2022-07-05 Huawei Technologies Co., Ltd. Control method, apparatus, and system for collecting traffic statistics
US11716262B2 (en) 2016-03-29 2023-08-01 Huawei Technologies Co., Ltd. Control method, apparatus, and system for collecting traffic statistics
CN110311840A (en) * 2019-07-31 2019-10-08 秒针信息技术有限公司 Network flow identification method, device, equipment and storage medium
CN110868352A (en) * 2019-11-14 2020-03-06 迈普通信技术股份有限公司 Private network application identification system and method, SDN controller and P device
CN110868352B (en) * 2019-11-14 2022-04-15 迈普通信技术股份有限公司 Private network application identification system and method, SDN controller and P device

Also Published As

Publication number Publication date
CN104734981B (en) 2017-10-27

Similar Documents

Publication Publication Date Title
EP3364603B1 (en) Flow and time based reassembly of fragmented packets by ip protocol analyzers
CN103703722B (en) The method and apparatus of fault detection conversation of booting on P2MP tunnels
CN106656801B (en) Reorientation method, device and the Business Stream repeater system of the forward-path of Business Stream
US9407450B2 (en) Method and apparatus for providing tenant information for network flows
EP3151470B1 (en) Analytics for a distributed network
CN101764752B (en) Method and system for managing remote concentrated image
US9369339B2 (en) Virtual cable modem termination system
CN106685903B (en) SDN-based data transmission method, SDN controller and SDN system
US20160301603A1 (en) Integrated routing method based on software-defined network and system thereof
CN101631089B (en) Flow calculating method, flow calculating device and flow calculating system based on private network VPN
CN104954367A (en) Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method
US20150381478A1 (en) Proxy for port to service instance mapping
CN112202930B (en) Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network
CN103326940A (en) Method for forwarding message in network and edge device of operator
CN106941437A (en) A kind of information transferring method and device
CN103746914A (en) Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table)
CN105827629A (en) Software definition safety guiding device under cloud computing environment and implementation method thereof
CN104734981A (en) Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network)
CN108075928B (en) General simulation model and method for network flow
CN103795630A (en) Message transmitting method and device of label switching network
KR102207289B1 (en) Method, apparatus and computer program using a software defined network to avoid didos attack
Jeuk et al. Tenant-id: Tagging tenant assets in cloud environments
US20180198708A1 (en) Data center linking system and method therefor
US20110158097A1 (en) System and method for guiding and distributing network load flow
CN111865805B (en) Multicast GRE message processing method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant