CN104734981A - Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) - Google Patents
Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) Download PDFInfo
- Publication number
- CN104734981A CN104734981A CN201510173272.6A CN201510173272A CN104734981A CN 104734981 A CN104734981 A CN 104734981A CN 201510173272 A CN201510173272 A CN 201510173272A CN 104734981 A CN104734981 A CN 104734981A
- Authority
- CN
- China
- Prior art keywords
- mpls vpn
- relation
- traffic
- service provider
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a device interconnectional relation-based method of precisely recognizing service traffic of an MPLS VPN (multi-protocol label switching virtual private network). A service provider P, provider edges PE and a customer edge CE are provided. According to the principle that MPLS VPN services can be bonded only to a PE interface connected with the CE, through device interconnectional relation, a NetStream/Netflow inflow traffic statistics function is started from the PE1 and PE2 at the same time through multi-device data relation analysis; MPLS VPN service traffic flowing through the PE1 and the PE2 is acquired by deduction, recognition and conversion; thus, the service traffic data between the PEs of a backbone network of the service provider and the service provider P is counted more accurately; service traffic is not recognized through labels, traffic data are correlated, analyzed and calculated through source ports and target ports, and recognition of the MPLS VPN service traffic is achieved.
Description
Technical field
The present invention relates to a kind of method of network service traffic, a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation of specific design, belongs to network management technology field.
Background technology
MPLS VPN refers to and adopts MPLS (multi protocol label conversion) technology in backbone IP network, build IP private network, realize cross-region, safety, at a high speed, the multiple services communication such as reliable data, voice, image.
MPLS VPN is based on the VPN technologies of service provider edge router (PE:Provider Edge), it uses Border Gateway Protocol (BGP) (Border Gateway Protocol), service provider backbone is issued VPN route, uses MPLS on service provider backbone, forward VPN message.
To the flow analysis of MPLS VPN, the bottleneck of network manager's Timeliness coverage Internet resources can be helped, and according to the timely Optimizing Network Resources of the development of business, for the fault location of network management personnel in the network planning, daily O&M process provides effective decision support.
The current flow analysis method to MPLS VPN is (number of patent application: 200910169601.4): the private network tags that data flow interpolation that every platform PE equipment forwards for it is corresponding with the VPN belonging to this data flow, and the identification information of private network VPN recorded in flow analysis system in this VPN corresponding to all PE equipment and the corresponding relation of private network tags, first flow analysis system receiving router report according to different private network tags generate traffic statistics, then according to private network tags, the traffic statistics based on private network VPN is generated according to its corresponding relation, thus realize the Traffic identification of different VPN.
The treatment step of the method is as shown in Figure 1:
1, flow analysis servers needs to be respectively each PE equipment and distributes different available private network tags;
2, flow analysis servers must obtain the device id of PE equipment used in current system, the private network tags corresponding to the determined each private network VPN of the identification information of the private network VPN in current system corresponding to all PE equipment, each PE equipment;
3, flow analysis servers generates and the device id of all PE equipment, the identification information of private network VPN and the corresponding relation of private network tags in saved system.
Existing method Problems existing:
1, PE distributes comprehensive label by flow analysis servers, there is potential safety hazard, if when PE is unreachable to the route of server, then cannot obtain private network tags; After Analysis server delays machine, the whole network all cannot obtain private network tags;
2, use fixed labels to there is incipient fault for data security, analyzed by the packet caught packet capturing software, can according to the content of label analytic message;
3, the method distributes private network tags by flow analysis servers, if realize this object, need BGP (Border Gateway Protocol, Border Gateway Protocol) transform, and existing PE equipment vendors use MBGP agreement to distribute vpn label mostly, cannot support that flow analysis system is that VPN distributes vpn label, therefore the practicality of the method is not high;
4, for the scene across AS territory, particularly for the situation of different operators across AS, the method can only identify the VPN flow of Home Network, and the flow of None-identified bipartite network.
Summary of the invention
The invention provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, existing Traffic identification technology is improved, namely identification services flow is not carried out by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
For solving the problems of the technologies described above, the embodiment of the present application provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, by the interconnecting relation (source port and destination interface) of equipment, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
One or more technical schemes that the application provides, at least have following technique effect or advantage:
Existing Traffic identification technology is improved, does not namely carry out identification services flow by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is prior art schematic diagram;
Fig. 2 is the structure chart of the embodiment of the present application one.
Embodiment
The invention provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, existing Traffic identification technology is improved, namely identification services flow is not carried out by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
In order to better understand technique scheme, below in conjunction with Figure of description and concrete execution mode, technique scheme is described in detail.
Embodiment one:
With reference to Fig. 2, for solving the problems of the technologies described above, the embodiment of the present application provides a kind of method accurately identifying MPLS VPN service traffics based on devices interconnect relation, comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, by the interconnecting relation (source port and destination interface) of equipment, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
Identify the MPLS VPN traffic method of flow flowing through PE2 in PE1:
Owing to being None-identified PE1->PE2MPLS VPN traffic flow in PE1, therefore in order to identify in PE1 the MPLS VPN traffic flow flowing through PE2, need the traffic statistics utilizing PE2, interface identification MPLS VPN traffic flow by being connected with CE2 in PE2, namely has following identification services method:
In PE1 in the service traffics=PE2 of PE2 from the flow that PE1 flows into, and the interface identification MPLS VPN traffic flow by being connected with CE2 in PE2
MPLS VPN traffic method of calculating flux from PE1 to P1:
Flow from PE1 to P1 comprises the flow of CE1->PE1->P1, CE2->PE2->PE1-GreatT.GreaT.G TP1, and the flow of PE2 to PE1 comprises the flow of CE2->PE2->PE1-GreatT.GreaT.G TP1, P2->PE2->PE1-> CE1, the computing formula therefore calculating the flow from PE1 to P1 is as follows:
In MPLS VPN traffic flow=PE1 from PE1 to P1, all Output interfaces are that in the flow summation+PE2 of the interface of PE1 to P1, all Output interfaces are that in the flow summation-PE2 of the interface of PE2 to PE1, all Input interfaces are the interface of P2 to PE2 and Output interface is the flow summation of the interface of PE2 to PE1, identify the MPLS VPN traffic of flow carrying according to Input interface simultaneously
MPLS VPN traffic method of calculating flux from P1 to PE1
Flow from P1 to PE1 comprises the flow of P1->PE1->CE1, P1->PE1->PE2-> CE2, and the flow of PE1 to PE2 comprises the flow of P1->PE1->PE2-> CE2, CE1->PE1->PE2-GreatT.GreaT.G TP2, the computational methods therefore calculating the flow from P1 to PE1 are as follows:
In MPLS VPN traffic flow=PE1 from P1 to PE1, all Input interfaces are that in the flow summation+PE2 of the interface of P1 to PE1, all Input interfaces are that in the flow summation-PE2 of the interface of PE1 to PE2, all Output interfaces are the interface of PE2 to P2 and Input interface is the flow summation of the interface of PE1 to PE2, identify the MPLS VPN traffic of flow carrying according to Output interface simultaneously.
One or more technical schemes that the application provides, at least have following technique effect or advantage:
Existing Traffic identification technology is improved, does not namely carry out identification services flow by label, but utilize source port and the data on flows of destination interface to carry out associating, analyze, calculate, thus realize the identification of MPLS VPN traffic flow.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (1)
1. one kind accurately identifies the method for MPLS VPN service traffics based on devices interconnect relation, it is characterized in that: comprise service provider equipment P, the edge router PE of service provider backbone and customer edge CE, described method is the principle on the PE interface that utilizes MPLS VPN traffic to be bundled in be connected with CE, interconnecting relation by equipment: source port and destination interface, namely PE1 is utilized, interconnecting relation between PE2, by the association analysis of many device datas, in PE1 and PE2, enable the incoming traffic statistical function of NetStream/Netflow simultaneously, derivation identifies and converts out and flows through PE1, MPLS VPN traffic flow between PE2, thus the service traffics data counted more accurately between the edge router PE of service provider backbone and service provider equipment P.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510173272.6A CN104734981B (en) | 2015-04-11 | 2015-04-11 | A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510173272.6A CN104734981B (en) | 2015-04-11 | 2015-04-11 | A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104734981A true CN104734981A (en) | 2015-06-24 |
CN104734981B CN104734981B (en) | 2017-10-27 |
Family
ID=53458429
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510173272.6A Active CN104734981B (en) | 2015-04-11 | 2015-04-11 | A kind of method that MPLS VPN service traffics are accurately recognized based on equipment interconnecting relation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104734981B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311840A (en) * | 2019-07-31 | 2019-10-08 | 秒针信息技术有限公司 | Network flow identification method, device, equipment and storage medium |
CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
CN110868352A (en) * | 2019-11-14 | 2020-03-06 | 迈普通信技术股份有限公司 | Private network application identification system and method, SDN controller and P device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6205488B1 (en) * | 1998-11-13 | 2001-03-20 | Nortel Networks Limited | Internet protocol virtual private network realization using multi-protocol label switching tunnels |
CN101488925A (en) * | 2009-03-03 | 2009-07-22 | 中兴通讯股份有限公司 | Method for collecting and designing VPN flow by using Netflow |
CN101631089A (en) * | 2009-08-27 | 2010-01-20 | 杭州华三通信技术有限公司 | Flow calculating method, flow calculating device and flow calculating system based on private network VPN |
CN101707554A (en) * | 2009-11-18 | 2010-05-12 | 华为技术有限公司 | Method and device for obtaining flow distribution of network |
CN103746914A (en) * | 2013-12-31 | 2014-04-23 | 华为技术有限公司 | Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) |
-
2015
- 2015-04-11 CN CN201510173272.6A patent/CN104734981B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6205488B1 (en) * | 1998-11-13 | 2001-03-20 | Nortel Networks Limited | Internet protocol virtual private network realization using multi-protocol label switching tunnels |
CN101488925A (en) * | 2009-03-03 | 2009-07-22 | 中兴通讯股份有限公司 | Method for collecting and designing VPN flow by using Netflow |
CN101631089A (en) * | 2009-08-27 | 2010-01-20 | 杭州华三通信技术有限公司 | Flow calculating method, flow calculating device and flow calculating system based on private network VPN |
CN101707554A (en) * | 2009-11-18 | 2010-05-12 | 华为技术有限公司 | Method and device for obtaining flow distribution of network |
CN103746914A (en) * | 2013-12-31 | 2014-04-23 | 华为技术有限公司 | Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110703817A (en) * | 2016-03-29 | 2020-01-17 | 华为技术有限公司 | Control method, device and system for statistical flow |
CN110703817B (en) * | 2016-03-29 | 2022-04-05 | 华为技术有限公司 | Control method, device and system for statistical flow |
US11381480B2 (en) | 2016-03-29 | 2022-07-05 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
US11716262B2 (en) | 2016-03-29 | 2023-08-01 | Huawei Technologies Co., Ltd. | Control method, apparatus, and system for collecting traffic statistics |
CN110311840A (en) * | 2019-07-31 | 2019-10-08 | 秒针信息技术有限公司 | Network flow identification method, device, equipment and storage medium |
CN110868352A (en) * | 2019-11-14 | 2020-03-06 | 迈普通信技术股份有限公司 | Private network application identification system and method, SDN controller and P device |
CN110868352B (en) * | 2019-11-14 | 2022-04-15 | 迈普通信技术股份有限公司 | Private network application identification system and method, SDN controller and P device |
Also Published As
Publication number | Publication date |
---|---|
CN104734981B (en) | 2017-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3364603B1 (en) | Flow and time based reassembly of fragmented packets by ip protocol analyzers | |
CN103703722B (en) | The method and apparatus of fault detection conversation of booting on P2MP tunnels | |
CN106656801B (en) | Reorientation method, device and the Business Stream repeater system of the forward-path of Business Stream | |
US9407450B2 (en) | Method and apparatus for providing tenant information for network flows | |
EP3151470B1 (en) | Analytics for a distributed network | |
CN101764752B (en) | Method and system for managing remote concentrated image | |
US9369339B2 (en) | Virtual cable modem termination system | |
CN106685903B (en) | SDN-based data transmission method, SDN controller and SDN system | |
US20160301603A1 (en) | Integrated routing method based on software-defined network and system thereof | |
CN101631089B (en) | Flow calculating method, flow calculating device and flow calculating system based on private network VPN | |
CN104954367A (en) | Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method | |
US20150381478A1 (en) | Proxy for port to service instance mapping | |
CN112202930B (en) | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network | |
CN103326940A (en) | Method for forwarding message in network and edge device of operator | |
CN106941437A (en) | A kind of information transferring method and device | |
CN103746914A (en) | Method, device and system for building corresponding relationship between private network label and primary VRF (VPN (virtual private network) routing and forwarding table) | |
CN105827629A (en) | Software definition safety guiding device under cloud computing environment and implementation method thereof | |
CN104734981A (en) | Device interconnectional relation-based method of precisely recognizing service traffic of MPLS VPN (multi-protocol label switching virtual private network) | |
CN108075928B (en) | General simulation model and method for network flow | |
CN103795630A (en) | Message transmitting method and device of label switching network | |
KR102207289B1 (en) | Method, apparatus and computer program using a software defined network to avoid didos attack | |
Jeuk et al. | Tenant-id: Tagging tenant assets in cloud environments | |
US20180198708A1 (en) | Data center linking system and method therefor | |
US20110158097A1 (en) | System and method for guiding and distributing network load flow | |
CN111865805B (en) | Multicast GRE message processing method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |