CN118921337A

CN118921337A - Flow mirror image system, flow mirror image method and device and electronic equipment

Info

Publication number: CN118921337A
Application number: CN202310513031.6A
Authority: CN
Inventors: 施大年; 谢于明; 张亮; 赵永鹏; 张忠刚
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2023-05-08
Filing date: 2023-05-08
Publication date: 2024-11-08

Abstract

A flow mirror system, a flow mirror method and device and electronic equipment are disclosed. The system comprises: control equipment, a service network, a mirror image network and analysis equipment; the control device is used for determining target network equipment in the service network based on the target data stream, wherein the target network equipment is network equipment for transmitting the target data stream; the control device is further configured to send a first mirroring instruction to the target network device; the target network device is used for sending the mirror image flow of the target data flow to the first network device in the service network based on the first mirror image instruction; the first network device is configured to send a mirrored traffic of the target data stream over a mirrored network.

Description

Flow mirror image system, flow mirror image method and device and electronic equipment

Technical Field

The present application relates to the field of network technologies, and in particular, to a flow mirroring system, a flow mirroring method and apparatus, and an electronic device.

Background

In the scenes such as a data center, in order to locate a fault occurrence point, each node through which the flow of the target application passes needs to be subjected to flow mirroring, and the mirrored flow of each node is transmitted to the control device.

If the network shunt equipment is arranged at each node, the mirror image of the flow of each node is realized, and the realization cost is high. Moreover, when the target application changes, the network shunt equipment needs to be reinstalled and deployed, the deployment time is long, and the efficiency is low. Even after the deployment of the network shunt equipment is completed, the application is restored to be normal again, so that the fault occurrence point is not located in time.

Disclosure of Invention

The application provides a flow mirror system, a flow mirror method and device and electronic equipment, which can reduce flow mirror cost and improve efficiency.

In a first aspect, the present application provides a flow mirroring system comprising: control equipment, a service network and a mirror network.

The control device is used for determining target network equipment in the service network based on the target data stream, wherein the target network equipment is network equipment for transmitting the target data stream; the control device is further configured to send a first mirroring instruction to the target network device; the target network device is used for sending the mirror image flow of the target data flow to the first network device in the service network based on the first mirror image instruction; the first network device is configured to send a mirrored traffic of the target data stream over the mirrored network.

In an implementation manner of the present application, a mirror network is directly connected with a first network device in a service network, after a control device determines a target network device that needs to perform flow mirroring, the control device sends a first mirror instruction to the target network device, and the target network device sends mirror flow to the first network device according to the instruction, and then the first network device sends the mirror flow to other devices, such as an analysis device, through the mirror network. The mirror image flow transmission is realized by adopting the implementation mode, on one hand, network shunt equipment is not required to be configured on each node needing to be acquired, and the cost is low; on the other hand, when the target data flow to be analyzed changes, the target network equipment reporting the mirror image flow is changed through the instruction, the instantaneity is good, and the fault occurrence point can be positioned in time under the fault positioning scene.

In some implementations of the application, the control device is configured to obtain a transmission path of the target data stream in the service network; at least one network device on the transmission path is determined as a target network device.

In this implementation, the control device may determine the target network device as needed, for example, when it is necessary to locate the failure occurrence point with high accuracy, all network devices on the transmission path may be selected as the target network device. For another example, when it is necessary to locate the failure occurrence point with high efficiency or low overhead, a part of the network devices on the transmission path may be selected as the target network devices, for example, a low-load network device may be selected as the target network devices.

In some implementations of the application, the service network includes at least one first network device.

A control device further configured to select a first network device from the at least one first network device as a mirrored traffic of the transmission target data stream based on at least one of a length of the first path, a performance of the first path, and a load of the first network device;

The first path is a path from the target network device to the first network device.

In the implementation mode, the short path is selected to transmit the mirror image flow, so that the transmission path length of the mirror image flow is reduced, and the transmission time delay is reduced; selecting a path with good performance to transmit the mirror image flow, and improving the transmission quality of the mirror image flow; and selecting the equipment with low load as the corresponding first network equipment, ensuring that the first network equipment has enough resources to process the mirror image traffic, and reducing the transmission delay and packet loss of the mirror image traffic.

In some implementations of the present application, a first network device is configured to receive a mirrored traffic of a target data stream sent by a target network device; transmitting the mirror image flow of the target data flow to a mirror image network;

and the mirror image network is used for sending the mirror image flow of the mirrored target data flow to the analysis equipment.

In this implementation, the mirrored network includes an access layer and a convergence layer, thereby enabling multiple paths of mirrored traffic to be converged together, enabling the analysis device to perform analysis of more traffic.

Wherein sending the mirrored traffic of the target data stream to the mirrored network may comprise: and mirroring the mirrored flow of the target data stream again, and sending the mirrored flow of the mirrored target data stream to the mirroring network.

The first network device mirrors the mirrored traffic of the target data stream again, which may be implemented by using port mirroring (switched port analyzer, SPAN).

In this implementation manner, in order to avoid the first network device processing the first mirror image packet, a port of the first network device that receives the mirror image traffic of the target data stream is configured with a black hole route, so that the first network device does not receive the first mirror image packet, and does not need to provide resources for receiving the first mirror image packet. But still be able to act as a source port for SPAN to mirror the traffic again.

In some implementations of the application, the mirrored network includes a plurality of mirrored traffic transmitting devices;

The mirror image flow transmission device is used for determining a forwarding port of the mirror image flow of the target data flow according to the mirror image flow forwarding strategy under the condition that the mirror image flow of the target data flow is received; and sending the mirror image traffic of the target data stream to the analysis equipment through the forwarding port.

In the implementation manner, the mirror image flow transmission device determines the forwarding port of the mirror image flow according to the mirror image flow forwarding strategy, and the mirror image flow forwarding strategy can be configured by the control device, so that the configurability of the access and convergence of the mirror image flow is realized.

In some implementations of the application, the control device is further configured to determine a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path according to a topology of the mirrored network; based on the forwarding path, sending a mirror image flow forwarding strategy to mirror image flow transmission equipment of a mirror image network on the forwarding path;

the second path is a path from the first network device to the analysis device.

In the implementation mode, the short path is selected to transmit the mirror image flow, so that the transmission path length of the mirror image flow is reduced, and the transmission time delay is reduced; and selecting a path with good performance to transmit the mirror image flow, and improving the transmission quality of the mirror image flow.

In some implementations of the application, the control device and the analysis device are the same device, or the control device and the analysis device are different devices.

In a second aspect, the present application provides a flow mirroring method, the method comprising:

The control device determines target network equipment in the service network based on the target data stream, wherein the target network equipment is network equipment for transmitting the target data stream;

the control device sends a first mirror image instruction to the target network device, the first mirror image instruction is used for instructing the target network device to send mirror image flow of the target data flow to the first network device, and the first network device is used for sending the mirror image flow of the target data flow through the mirror image network.

Optionally, the control device determines a target network device in the service network based on the target data flow, including:

the control equipment acquires a transmission path of a target data stream in a service network;

the control device determines at least one network device on the transmission path as a target network device.

Optionally, the service network comprises at least one first network device; the method further comprises the steps of:

The control device selects one first network device from the at least one first network device as a mirror traffic of the transmission target data stream based on at least one of the length of the first path, the performance of the first path, and the load of the first network device;

Optionally, the method further comprises:

The control device determines a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path according to a topology of the mirrored network;

The control device sends a mirror image flow forwarding strategy to mirror image flow transmission equipment of a mirror image network on the forwarding path based on the forwarding path, wherein the flow forwarding strategy is used for indicating the mirror image flow transmission equipment to determine a forwarding port of the mirror image flow of the target data flow, and the mirror image flow of the target data flow is sent to the analysis device through the forwarding port;

the second path is a path from the first network device to the analysis device.

In a third aspect, the present application provides a traffic mirroring method, the method comprising:

The target network equipment receives a first mirror image instruction sent by the control equipment, and belongs to a service network;

the target network device sends the mirror image flow of the target data flow to the first network device in the service network based on the first mirror image instruction, and the first network device is used for sending the mirror image flow of the target data flow through the mirror image network.

In a fourth aspect, the present application provides a flow mirroring method, the method comprising:

The method comprises the steps that first network equipment receives mirror image flow of a target data stream sent by target network equipment, and the first network equipment and the target network equipment both belong to a service network;

the first network device sends the mirror traffic of the target data stream over the mirror network.

In a fifth aspect, the present application provides a flow mirroring device comprising:

A determining unit, configured to determine a target network device in the service network based on the target data flow, where the target network device is a network device that transmits the target data flow;

The sending unit is used for sending a first mirror image instruction to the target network equipment, the first mirror image instruction is used for indicating the target network equipment to send the mirror image flow of the target data flow to the first network equipment, and the first network equipment is used for sending the mirror image flow of the target data flow through the mirror image network.

Optionally, the determining unit is configured to obtain a transmission path of the target data stream in the service network; at least one network device on the transmission path is determined as a target network device.

Optionally, the service network comprises at least one first network device;

a determining unit further configured to select a first network device from the at least one first network device as a mirror traffic of the transmission target data stream based on at least one of a length of the first path, a performance of the first path, and a load of the first network device;

Optionally, the determining unit is further configured to determine, according to a topology of the mirrored network, a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path;

The sending unit is further used for sending a mirror image flow forwarding strategy to mirror image flow transmission equipment of a mirror image network on the forwarding path based on the forwarding path, wherein the flow forwarding strategy is used for indicating the mirror image flow transmission equipment to determine a forwarding port of the mirror image flow of the target data flow, and sending the mirror image flow of the target data flow to the analysis equipment through the forwarding port;

the second path is a path from the first network device to the analysis device.

In a sixth aspect, the present application provides a traffic mirroring apparatus, the traffic mirroring apparatus belonging to a service network, the apparatus comprising:

the receiving unit is used for receiving the first mirror image instruction sent by the control equipment;

The sending unit is used for sending the mirror image flow of the target data flow to the first network equipment in the service network based on the first mirror image instruction, and the first network equipment is used for sending the mirror image flow of the target data flow through the mirror image network.

In a seventh aspect, the present application provides a traffic mirroring apparatus, the traffic mirroring apparatus belonging to a service network, the apparatus comprising:

a receiving unit, configured to receive a mirror flow of a target data stream sent by a target network device in a service network;

And the sending unit is used for sending the mirror image flow of the target data flow through the mirror image network.

In an eighth aspect, an electronic device is provided. The electronic device includes a processor and a memory. The memory is used for storing software programs and modules. The processor implements the method of the second aspect or any of the possible embodiments of the second aspect, or implements the method of the third aspect or any of the possible embodiments of the third aspect, or implements the method of the fourth aspect or any of the possible embodiments of the fourth aspect, by running or executing a software program and/or module stored in the memory.

Optionally, the processor is one or more, and the memory is one or more.

Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor.

In a specific implementation process, the memory may be a non-transient (non-transitory) memory, for example, a Read Only Memory (ROM), which may be integrated on the same chip as the processor, or may be separately disposed on different chips.

In a ninth aspect, a computer program product is provided. The computer program product comprises computer program code which, when run by a computer, causes the computer to perform the method of the second aspect or any of the possible embodiments of the second aspect, or to perform the method of the third aspect or any of the possible embodiments of the third aspect, or to perform the method of the fourth aspect or any of the possible embodiments of the fourth aspect.

In a tenth aspect, the present application provides a computer readable storage medium for storing program code for execution by a processor, the program code comprising instructions for implementing the method of the second aspect or any of the possible embodiments of the second aspect, or implementing the method of the third aspect or any of the possible embodiments of the third aspect, or implementing the method of the fourth aspect or any of the possible embodiments of the fourth aspect.

In an eleventh aspect, there is provided a chip comprising a processor for invoking from a memory and executing instructions stored in the memory, to cause a communication device on which the chip is mounted to perform the method of the second aspect or any of the possible embodiments of the second aspect, or to perform the method of the third aspect or any of the possible embodiments of the third aspect, or to perform the method of the fourth aspect or any of the possible embodiments of the fourth aspect.

In a twelfth aspect, another chip is provided. The other chip comprises an input interface, an output interface, a processor and a memory. The input interface, the output interface, the processor and the memory are connected through an internal connection path. The processor is configured to execute code in the memory, which when executed is configured to perform the method of the second aspect or any of the possible embodiments of the second aspect, or to perform the method of the third aspect or any of the possible embodiments of the third aspect, or to perform the method of the fourth aspect or any of the possible embodiments of the fourth aspect.

Drawings

Fig. 1 is a schematic structural diagram of an application scenario provided in an embodiment of the present application;

Fig. 2 is a schematic diagram of a network topology of a data center according to an embodiment of the present application;

fig. 3 is a schematic diagram of a network topology of a data center according to an embodiment of the present application;

FIG. 4 is a schematic diagram of a flow mirror system according to an embodiment of the present application;

FIG. 5 is a flow chart of a flow mirroring method provided by an embodiment of the present application;

FIG. 6 is a flow chart of a flow mirroring method provided by an embodiment of the present application;

FIG. 7 is a flow chart of a flow mirroring method provided by an embodiment of the present application;

FIG. 8 is a flow chart of a flow mirroring method provided by an embodiment of the present application;

FIG. 9 is a block diagram of a flow mirroring device according to an embodiment of the present application;

FIG. 10 is a block diagram of a flow mirroring device provided by an embodiment of the application;

FIG. 11 is a block diagram of a flow mirroring device according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.

Fig. 1 is a schematic structural diagram of an application scenario provided in an embodiment of the present application. Referring to fig. 1, the application scenario is an example of a service network to which the present application relates. The service network is used for transmission, storage and/or other processing of service data for various applications. The service network comprises a plurality of network devices 11. The network device 11 may be a switch, a routing device, a firewall device, a server, etc.

The following exemplifies the structure of a service network by taking a data center as an example:

Fig. 2 is a schematic diagram of a network topology of a data center according to an embodiment of the present application. Referring to fig. 2, the data center includes a Spine switch 12, a Leaf switch 13, and a Virtual Machine (VM) server 14. The VM servers 14 may communicate with each other through a commonly connected Leaf switch 13. If the VM servers 14 are not connected to the same Leaf switch 13, communication between the VM servers 14 is required through the Leaf switch 13 and the Spine switch 12, as shown by the communication line in the dashed line in fig. 2, and the left VM server 14 communicates with the right VM server 14 sequentially through the Leaf switch 13, the Spine switch 12, and the Leaf switch 13.

Wherein both the Spine switch 12 and the Leaf switch 13 belong to the aforementioned network device 11.

When the data center is larger, the data center may also include an intermediate switch between the Spine switch 12 and the Leaf switch 13.

Fig. 3 is a schematic diagram of a network topology of a data center according to an embodiment of the present application. Referring to fig. 3, fig. 3 differs from fig. 2 mainly in that the data center further comprises an intermediate switch 15.

The VM servers 14 may communicate with each other through the Leaf switch 13, the intermediate switch 15, and the Spine switch 12, such as the communication lines shown in phantom in fig. 3.

Wherein the intermediate switch 15 also belongs to the aforementioned network device 11.

In the above examples of the service network, the number and connection relation of the network devices are only examples, and are not limiting of the present application.

Fig. 4 is a schematic structural diagram of a flow mirror system according to an embodiment of the present application. Referring to fig. 4, the flow mirroring system includes: control device 110, traffic network 120, and mirror network 130. In fig. 4, the service network 120 uses the structure of fig. 2 as an example, and the service network 120 may also use fig. 3 or other structures, which is not limited thereto.

Wherein the mirror network 130 is a network dedicated to transmitting mirror traffic, the mirror network 130 is directly connected to the first network device 122 in the service network 120.

The control device 110 is configured to determine a target network device 121 in the service network 120 based on the target data flow, where the target network device 121 is a network device transmitting the target data flow.

The control device 110 is further configured to send a first mirroring instruction to the target network device 121.

The target network device 121 is configured to send, based on the first mirroring instruction, mirrored traffic of the target data stream to the first network device 122 in the service network 120.

The first network device 122 is configured to send mirrored traffic for the target data stream over the mirrored network 130.

The target data flow and the mirror image flow both comprise at least one message.

Wherein the first network device 122 may also be referred to as a fixed acquisition point, typically a sufficiently bandwidth aggregation or core device.

In the implementation manner of the present application, the mirror network 130 is directly connected to the first network device in the service network 120, after determining that the target network device needs to perform traffic mirroring, the control device 110 sends a first mirror instruction to the target network device 121, and the target network device 121 sends mirror traffic to the first network device 122 according to the instruction, and then the mirror traffic is sent by the first network device 122 to other devices, such as an analysis device, through the mirror network 130. The mirror image flow transmission is realized by adopting the implementation mode, on one hand, network shunt equipment is not required to be configured on each node needing to be acquired, and the cost is low; on the other hand, when the target data flow to be analyzed changes, the target network equipment reporting the mirror image flow is changed through the instruction, the instantaneity is good, and the fault occurrence point can be positioned in time under the fault positioning scene.

In some possible implementations of the present application, the control device 110 is configured to query the analysis system for a target network device corresponding to the target data flow, so as to determine the target network device 121 in the service network 120.

For example, by identification of the target data stream. The identification of the destination data stream is for example a tuple (comprising a source internet protocol (internet protocol, IP) address, a destination IP address), or a tuple (source IP address, source port number, destination IP address, destination port number, protocol type), or an application-aware IPv6 network (APN) identification (identifier). Or query through the identification of the application corresponding to the target data stream, etc.

In some possible implementations of the present application, the control device 110 is configured to obtain a transmission path of the target data stream in the service network; at least one network device on the transmission path is determined as a target network device.

There may be various ways in which the control device 110 obtains the transmission path.

For example, the control device 110 may determine a transmission path of the target data stream in the service network according to the information of the target data stream based on the topology of the service network and forwarding information of each network device. For example, the destination address of the target data flow is matched with the forwarding table entry of each network device, so as to determine the forwarding path, i.e. the transmission path, of the target data flow.

For another example, when the control device 110 obtains connection establishment for transmitting the target data stream, the network devices are ordered based on the survival time (time to live, TTL) of the SYN packet in a synchronization sequence number (synchronize sequence numbers, SYN) packet in a three-way handshake process of a transmission control protocol (transmission control protocol, TCP) uploaded by each network device, so as to form a transmission path of the target data stream.

In some examples, the target data stream may be a single data stream. For example a data stream of an application.

In other examples, the target data stream may also be a plurality of data streams. For example, a plurality of data streams of an application, and further for example, a plurality of data streams with destination addresses in the same network segment, etc. When the target data stream is a plurality of data streams, the control device 110 needs to determine the target network device for each data stream, and send a first mirroring instruction for each target network device, so that each target network device sends a mirroring flow, and mirroring the flows of the plurality of data streams in the target data stream is achieved.

In some examples, control device 110, after determining the transmission path of the target data stream, selects all network nodes on the transmission path as the target network device.

In other examples, after determining the transmission path of the target data stream, the control device 110 selects a portion of the network nodes on the transmission path as the target network device. For example, a portion is selected as a target network device from the transmission path at intervals, or a low-load target network device is selected according to the node load, or the like.

After determining the target network devices, the control device 110 sends the first mirroring instructions to the target network devices respectively. The first mirroring instruction indicates that the action performed by the target network device is traffic mirroring, indicates which traffic the target network device mirrors, and indicates where the target network device sends the mirrored traffic.

To enable the indication of the above three aspects, the first mirroring instruction may include collecting object information and a first indication identity.

Optionally, when the first network device has a plurality of first network devices, the first mirroring instruction may further include destination device information to instruct the destination network device through which first network device to transmit the mirrored traffic.

Wherein the first indication identifier is used for indicating the target network device to execute the mirror function of the target data stream when receiving the instruction.

The acquisition object information may be information of a target data stream, such as a binary group or a five-tuple of the target data stream, etc.; the acquisition object information may also be information of a port through which the target data stream passes, for example, an ingress port corresponding to the target data stream on the target network device.

The destination device information may include an address and/or identification of the first network device, etc.

Optionally, the first mirroring instruction may further include a mirroring time range, where the mirroring time range is used to limit a time for the target network device to mirror the target data stream.

For example, the mirror time range is represented by an exact range, such as 0 point to 24 points on a certain day, or 0 minutes to 60 minutes on a certain hour on a certain day, or the like. For another example, the mirrored time range is represented with a time granularity, such as one day, then the corresponding range is that of the day, or one hour, then the corresponding range is within the current hour, etc.

Of course, when the first mirroring instruction does not include the mirroring time range, the control device may instruct the target network device to stop mirroring the target data stream through the second mirroring instruction. The second mirroring instruction may include the collection object information and a second indication identifier for indicating that the target network device stops the mirroring function of the target data stream when the instruction is received.

In one example, the first mirror instruction may be sent using a network management protocol message, where the destination address of the message is the address of the target network device. Among them, the network management protocol includes, but is not limited to, a simple network management protocol (simple network management protocol, SNMP) protocol or a network configuration (netconfig, netcon) protocol.

The control device 110 is communicatively coupled to the service network 120, and thus the control device 110 may send the first mirroring instruction to the target network device.

After receiving the first mirroring instruction, the target network device 121 determines that traffic mirroring is required based on the first mirroring instruction, and determines that the data flow requiring traffic mirroring is the traffic of the target data flow or the designated port, and the destination address of the mirrored traffic of the target data flow is the address of the first network device.

In an implementation of the present application, the target network device 121 mirrors the traffic of the target data flow or the designated port based on the first mirroring instruction, and transmits the mirrored traffic to the first network device.

For example, the target network device 121 encapsulates remote port mirroring (encapsulated remote SPAN, ERSPAN) of traffic of the target data stream or the designated port to mirror and send the traffic of the target data stream or the designated port to the first network device.

The target network device encapsulates the original flow message based on ERSPAN to obtain a first mirror image message, and sends the first mirror image message to the first network device.

Encapsulation refers herein to encapsulating the messages using a generic routing encapsulation protocol (generic routing encapsulation, GRE) such that the encapsulated messages can be transmitted to the first network device via the network layer protocol.

The encapsulated message includes information of the target network device, for example, includes an address and an acquisition port of the target network device, so that a subsequent analysis device can conveniently locate a fault occurrence point according to the information of the target network device in the message. The destination address in the encapsulated message may be an address of a port of the first network device.

In one example, there are only 1 first network device, i.e. the service network comprises 1 first network device; the mirror image flow of the target data flow is sent to the analysis device through the first network device, namely, the destination device information indicated by each first mirror image instruction is the information of the first network device, and the first mirror image messages respectively packaged by each target network device are sent to the first network device. As described above, the first mirroring instruction at this time does not need to carry the destination device information, and default first network device information may be configured in each network device in advance, and the configured default first network device information is used when mirroring traffic is transmitted.

In another example, there may be a plurality of first network devices, i.e. the service network comprises a plurality of first network devices; at this time, the control device needs to determine 1 corresponding first network device for each target network device, where the information of the corresponding first network device is carried in the first mirror image instruction sent to the target network device, and the target network device also sends a first encapsulation packet to the corresponding first network device.

The following describes how the control device determines 1 corresponding first network device for each target network device.

Wherein, the length of the path may refer to the hop count of the path; the performance of the path may include the bandwidth and/or delay remaining for the path, e.g., the bandwidth and delay remaining are quantized separately into component values, with a weighted sum of the two values being used as the performance of the path.

The control device determines paths from the target network device to the first network devices according to the topology of the service network, selects a path which accords with at least one of the shortest path, the best path performance and the lowest device load, and determines the first network device corresponding to the path. The port corresponding to the path at the target network device is an output port of the mirror image flow, and the port corresponding to the path at the first network device is an input port of the mirror image flow.

The control device may also acquire the network topology of the service network in advance. The manner in which the control device obtains the network topology of the service network is not limited by the present application.

Since the target network device and the first network device need to transmit traffic in the traffic network in addition to the mirrored traffic, only a portion of the ports of the target network device and the first network device may be used for the transmission of mirrored traffic, and these ports are referred to as mirrored traffic transmission ports. In an implementation of the present application, when determining a path from the target network device to each first network device, path selection is performed only from paths from the mirror traffic transfer port of the target network device to the mirror traffic transfer ports of each first network device.

For the case where there is only 1 first network device, the ports of the first network devices may also be determined in the above manner.

When the load of the device is used as an index, the load of the first network device corresponding to the selected path is low. The load of the first network device may include at least one of: processing load, port load connected to the target network device, load of a path between the target network device.

In order to determine the first network devices in the above manner, in some possible implementations, each first network device may periodically report its own load to the control device, or when the control device needs to use the load of each first network device, instruct each first network device to report its own load to the control device through an instruction.

Of course, the above manner of determining the first network device is also merely an example, and in other implementations, the control device may also randomly select or sequentially select one from a plurality of first network devices, and send the first network device that is the mirror traffic as the target network device.

Referring again to fig. 4, the network further comprises an analysis device 140, the analysis device 140 being connected to the mirror network.

In an implementation of the present application, the first network device 122 is configured to receive a mirrored traffic of a target data stream sent by a target network device; transmitting the mirror image flow of the target data flow to a mirror image network; and the mirror image network is used for sending the mirror image flow of the mirrored target data flow to the analysis equipment.

The first network device 122 mirrors the mirrored traffic of the target data stream again, which may be implemented using SPAN. The SPAN copies the received first mirror image message to another port. The SPAN is to copy the port message as it is.

In this implementation, in order to avoid the first network device processing the first image packet, the port of the first network device 122 that receives the image traffic of the target data stream is configured with the black hole route, so that the first network device does not receive the first image packet, and does not need to provide resources for receiving the first image packet. But still be able to act as a source port for SPAN to mirror the traffic again.

In one example, the target network device does not include the first network device. For example, the first network device is a Spine switch, and the target network device is a Leaf switch, where the mirrored traffic of the target data stream is transmitted in the foregoing manner, that is, the mirrored traffic is transmitted from the target network device to the first network device by adopting ERSPAN to mirror the target data stream, and then the mirrored traffic is transmitted from one port to another port of the first network device by adopting SPAN to mirror the mirrored traffic.

In another example, the target network device comprises a first network device, i.e. the at least one target network device and the first network device are the same network device. For the case that the target network device is the first network device, the SPAN is used to mirror the target data stream, and the mirror traffic is transmitted from one port of the first network device to another port, that is, the target network device sends the mirror traffic of the target data stream to a local port, and then outputs the mirror traffic of the target data stream from the local port to the analysis device.

In an implementation of the present application, the SPAN of the first network device may be configured in advance, for example, the mirrored traffic received from the first port may be mirrored again to the second port through the SPAN, so as to be output by the second port.

Referring again to fig. 4, the mirrored network 130 includes a plurality of mirrored traffic-transmitting devices 131. The mirror network 130 shown in fig. 4 is a layer 2 network comprising an access layer connected to the first network device 122 and a convergence layer connected to the analysis device 140. The mirror network includes an access layer and a convergence layer, thereby enabling multiple paths of mirror traffic to be converged together, enabling the analysis device to analyze more traffic.

Of course, the structure of the mirror network given in fig. 4 is only an example. In other implementations, the mirror network may also include more or fewer layers. Or the mirror network may also employ other network structures.

The mirror traffic transmission device 131 is configured to determine, when receiving the mirror traffic of the target data stream, a forwarding port of the mirror traffic of the target data stream according to a mirror traffic forwarding policy; the mirrored traffic of the target data stream is sent to the analysis device 140 via the forwarding port.

The mirror traffic forwarding policy refers to the mirror traffic received from the C port, and is output from the port associated with the C port. The C-port is any ingress port of the mirrored traffic transmission device 131.

Illustratively, the mirrored traffic transmitting device 131 may be a Test Access Point (TAP) device, also referred to as a network splitter.

In the TAP device, the C port is an ingress (ingress) port, and an egress (egress) port corresponding to the C port is assigned to the same TAP group (group), and the mirrored traffic received from the C port by the TAP device is selectively output from the port corresponding to the C port, for example, to a next TAP device, which also forwards the mirrored traffic according to its own mirrored traffic forwarding policy, until the mirrored traffic is sent to the analysis device. The number of ports corresponding to the C ports may be 1 or a plurality of ports. The ingress port can only add one TAP group, and the egress port can add multiple TAP groups at the same time.

In one example, the mirrored traffic forwarding policy of each mirrored traffic transmitting device 131 may be fixedly configured.

In another example, the mirrored traffic forwarding policy for each mirrored traffic transmitting device 131 may be determined by the control device and then issued to the mirrored traffic transmitting device 131.

Illustratively, the control device 110 is configured to determine a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path according to a topology of the mirrored network; based on the forwarding path, sending a mirror image flow forwarding strategy to mirror image flow transmission equipment of a mirror image network on the forwarding path;

the second path is a path from the first network device to the analysis device.

For example, the control device determines each path from the first network device to the analysis device according to the topology of the mirror network, selects a path with the shortest path and/or the best performance, and determines the mirror traffic transmission device 131 corresponding to the path, and an input port and an output port of the mirror traffic in each mirror traffic transmission device 131.

The control device may acquire the network topology of the mirror network in advance. The manner in which the control device obtains the network topology of the mirror network is not limiting in the present application.

The mirror traffic forwarding policy sent by the control device 110 to the mirror traffic transmitting device 131 includes an ingress port and an egress port.

Optionally, the mirrored traffic forwarding policy may also include information of the mirrored traffic. The information of the mirrored traffic may be the address of the target network device.

Referring again to fig. 4, the analysis device 140 includes one or more collectors 141, and when multiple collectors are included, the control device 110 first determines a collector from among the multiple collectors for analyzing the mirrored flow. Then, a transmission path from the first network device to the collector is determined.

Wherein the control device 110 may select one or more collectors from among the collectors as analyzing the mirrored flow according to the load of each collector 141.

Illustratively, the collector may be a physical network card.

In order to determine the forwarding path of the mirror image flow in the mirror image network in the above manner, in some possible implementation manners, each collector may periodically report its own load to the control device, or when the control device needs to use the load of each collector, the control device instructs each collector to report its own load to the control device through an instruction.

Referring again to fig. 4, the control device 110 and the analysis device 140 are different devices.

In other implementations, the control device 110 and the analysis device 140 may be the same device.

Taking fig. 4 as an example, the control device 110 may not be separately present in fig. 4, but the control device 110 may be integrated into the analysis device 140, and the actions of the control device 110 may be performed by the analysis device 140.

Besides, the control device 110 may be a device, and may be further split into 2 or more devices, for example, may be split into an analysis system and a control device, where the analysis system is used to determine an acquisition task to the control device, and the control device is used to disassemble the acquisition task issued by the analysis system into a first mirror image instruction, a mirror image traffic forwarding policy, and the like, and issue the first mirror image instruction, the mirror image traffic forwarding policy, and the like to the target network device and the mirror image traffic transmission device.

Fig. 5 is a flow chart of a flow mirroring method according to an embodiment of the present application. Referring to fig. 5, the flow mirroring method may be performed by the control apparatus of fig. 4, and the steps of the method include:

201: the control device determines a target network device in the traffic network based on the target data stream.

The target network device is a network device for transmitting the target data stream, and there may be one or more target network devices. If there are multiple target network devices, the control device performs the actions of step 202 separately for each target network device.

202: The control device sends a first mirror image instruction to the target network device.

The first mirror image instruction is used for indicating the target network equipment to send the mirror image flow of the target data flow to the first network equipment, and the first network equipment is used for sending the mirror image flow of the target data flow through the mirror image network.

In an implementation manner of the present application, after determining a target network device that needs to perform traffic mirroring, the control device sends a first mirroring instruction to the target network device, so that the target network device sends a mirrored traffic to the first network device according to the instruction, and then the first network device sends the mirrored traffic to other devices, such as an analysis device, through a mirroring network. The mirror image flow transmission is realized by adopting the implementation mode, on one hand, network shunt equipment is not required to be configured on each node needing to be acquired, and the cost is low; on the other hand, when the target data flow to be analyzed changes, the target network equipment reporting the mirror image flow is changed through the instruction, the instantaneity is good, and the fault occurrence point can be positioned in time under the fault positioning scene.

Fig. 6 is a flow chart of a flow mirroring method according to an embodiment of the present application. Referring to fig. 6, the traffic mirroring method may be performed by the target network device of fig. 4, and the steps of the method include:

301: and the target network equipment receives the first mirror image instruction sent by the control equipment.

Wherein the target network device belongs to a service network, for example a Leaf switch in the service network.

302: The target network device sends the mirror traffic of the target data stream to a first network device in the service network based on the first mirror instruction.

The first network device is configured to send a mirrored traffic of the target data stream over the mirrored network.

In an implementation manner of the present application, the target network device receives a first mirror image instruction sent by the control device, sends a mirror image traffic to the first network device according to the first mirror image instruction, and then sends the mirror image traffic to other devices, such as an analysis device, through a mirror image network by the first network device. The mirror image flow transmission is realized by adopting the implementation mode, on one hand, network shunt equipment is not required to be configured on each node needing to be acquired, and the cost is low; on the other hand, when the target data flow to be analyzed changes, the target network equipment reporting the mirror image flow is changed through the instruction, the instantaneity is good, and the fault occurrence point can be positioned in time under the fault positioning scene.

Fig. 7 is a flow chart of a flow mirroring method according to an embodiment of the present application. Referring to fig. 7, the traffic mirroring method may be performed by the first network device of fig. 4, the steps of the method comprising:

401: the first network device receives the mirror image flow of the target data flow sent by the target network device.

Wherein, the first network device and the target network device both belong to the service network.

402: The first network device sends the mirror traffic of the target data stream over the mirror network.

In the implementation manner of the application, the first network device sends the mirror image flow to the analysis device through the mirror image network according to the mirror image flow sent by the first network device target network device according to the first mirror image instruction. The mirror image flow transmission is realized by adopting the implementation mode, on one hand, network shunt equipment is not required to be configured on each node needing to be acquired, and the cost is low; on the other hand, when the target data flow to be analyzed changes, the target network equipment reporting the mirror image flow is changed through the instruction, the instantaneity is good, and the fault occurrence point can be positioned in time under the fault positioning scene.

Fig. 8 is a flow chart of a flow mirroring method according to an embodiment of the present application. Referring to fig. 8, the traffic mirroring method may be performed by the control device, the target network device, the first network device, the mirrored traffic transmission device, and the analysis device in fig. 4, and the steps of the method include:

501: the control device acquires a transmission path of the target data stream in the service network.

In one example, the control device first obtains an acquisition task that includes at least information of the target data stream, such as a tuple or a quintuple of the target data stream, and performs subsequent steps according to the acquisition task.

Illustratively, the doublet of the target data stream includes: source address 192.168.1.100, destination address 172.16.1.2.

Taking the path of the dashed line as the target data stream in the network shown in fig. 2 as an example, the transmission path determined by the control device is: leaf13→spine12→leaf13.

Taking the path of the dashed line as the target data stream in the network shown in fig. 3 as an example, the transmission path determined by the control device is: leaf13→intermediate switch 15→intermediate switch 15→spine12→intermediate switch 15→intermediate switch 15→leaf13.

502: The control device determines at least one network device on the transmission path as a target network device.

Taking the dashed line in the network shown in fig. 2 as an example of the path of the target data stream, the determined target network device may be all network devices on the transmission path, that is, include two Leaf13 and 1 spline 12, and the determined target network device may be part of the network devices on the transmission path, for example, include two Leaf13.

Likewise, in the example corresponding to fig. 3, the target network device may also be all network devices or part of network devices on the transmission path, which is not described herein.

After determining the target network device, the control device may obtain information about the target network device, where the information about the target network device may include a device identifier (SERVERLEAF 1), a port (10 GE/0/0/1), and an address.

Since the steps for implementing the mirror traffic collection are the same for a plurality of target network devices, only one target device will be described as an example, and the following steps will be described in this embodiment using the target network device 121 (Leaf 13) in fig. 4 as an example.

503: The control device selects a first network device from the at least one first network device as a mirrored traffic of the transport target data stream based on at least one of the length of the first path, the performance of the first path, and the load of the first network device.

Referring to fig. 4, 2 paths are formed between the target network device 121 and the two first network devices 122. Illustratively, the transmission of mirrored traffic with the first network device 122 on the left is determined based on the performance of the path and/or the load of the first network device.

After determining the first network device, the control device may acquire information of the first network device, that is, information of the destination device.

504: The control device sends a first mirror image instruction to the target network device. And the target network equipment receives the first mirror image instruction sent by the control equipment.

After determining the acquisition object information and the destination device information, the control device generates a first mirror image instruction, where the first mirror image instruction may include the acquisition object information (for example, a binary group or a five-tuple of the target data stream), the destination device information, and the first indication identifier. The destination device information is usually the destination address of the message carrying the instruction. And sending the first mirror image instruction to the target network equipment.

The destination device information may include, among other things, an address and/or an identification of the first network device.

Optionally, the destination device information may additionally include port information, where the acquisition is performed based on the port, or the destination device information does not include port information, where the acquisition is performed globally based on the device, that is, the acquisition is performed based on all ports of the device.

The first indication identifier may be ERSPAN, which indicates that the target network device uses ERSPAN to mirror the target data stream to the first network device.

505: The control device selects one or more collectors from the analysis devices as the analysis mirror flow according to the load of each collector in the analysis device.

The analysis device includes one or more collectors, and when a plurality of collectors are included, the control device first determines a collector (e.g., server 101) for analyzing the mirrored flow from the plurality of collectors.

After determining the collector for analyzing the mirror image flow, the control device obtains the destination of the mirror image flow transmitted through the mirror image network.

506: The control device sends the acquisition analysis strategy to the analysis device. The analysis device receives the acquisition analysis policy.

In an implementation of the application, the acquisition analysis strategy includes information of the analysis object and the mirrored traffic.

The analysis object, that is, the information of the collector determined in step 505, where the information of the mirror traffic includes an identifier of the mirror traffic, and the identifier of the mirror traffic includes a tuple of the mirror traffic, that is, a source address of the mirror traffic (an address of the target network device) and a destination address of the mirror traffic (an address of the first network device), or the identifier of the mirror traffic includes only the source address of the mirror traffic, for example, 10.10.10.2, or the identifier of the mirror traffic includes a tuple of the mirror traffic, and so on.

In addition to specifying a collector, the analysis object may also specify a port of the collector to be analyzed, such as eth-0.

Optionally, the acquisition analysis policy may further include a task name for describing the target data stream, such as the data stream of the user a accessing the site b.

507: The control device determines a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path according to a topology of the mirrored network.

The second path is a path from the first network device to the analysis device, and in this embodiment, may refer to a path from the first network device to the collector determined in step 505.

After determining the first network device and the collector, the control device determines a possible path from the first network device to the collector, namely a second path, according to the topology of the mirror image network, and selects a suitable forwarding path from the second path according to the mode. For example, as shown in fig. 4, the control device determines, according to the performance of the path, that the path thickened in the mirror network 130 is a forwarding path.

508: The control device sends the mirror image flow forwarding strategy to the mirror image flow transmission device of the mirror image network on the forwarding path based on the forwarding path. The image traffic transmission device receives the image traffic forwarding policy.

The flow forwarding strategy is used for indicating the forwarding port of the mirror image flow transmission device to determine the mirror image flow of the target data flow, and the mirror image flow of the target data flow is sent to the analysis device through the forwarding port.

As shown in fig. 4, the mirrored traffic transmission device 131 receives mirrored traffic from the ingress port C and needs to forward from the egress port a. The mirror traffic forwarding policy sent by the control device to the mirror traffic transmitting device 131 includes the information of the ingress port C, the egress port a and the mirror traffic.

For example, the mirrored traffic forwarding policy includes ingress ports eth-0-1, egress ports eth-0-9, and source addresses 10.10.10.2 of mirrored traffic.

When the mirror image traffic transmission device is the TAP device, after receiving the mirror image traffic forwarding policy, the ingress port C and the egress port a are added to the same TAP group, so that when the mirror image traffic is subsequently received from the ingress port C, the mirror image traffic is forwarded through the egress port a.

The above-described policy issuing and configuring procedure of only one mirror traffic transmission device 131 is taken as an example, and the control device configures a mirror traffic forwarding policy for each mirror traffic transmission device 131 on the forwarding path, and will not be repeated here.

509: The target network device sends the mirror traffic of the target data stream to a first network device in the service network based on the first mirror instruction. The first network device receives the mirror image flow of the target data flow sent by the target network device.

The target network device 121 performs GRE encapsulation on the target data flow to obtain a first mirror packet, where the source address of the first mirror packet is the address of the target network device, and the destination address is the address of the first network device. The target network device 121 transmits the first mirrored message to the first network device 122 via a network layer protocol.

510: The first network device mirrors the mirrored traffic of the target data stream again.

The first network device 122 is configured with a black hole message corresponding to the ingress port of the mirror traffic, and therefore does not receive the first mirror message. Meanwhile, the ingress port of the first network device 122 corresponding to the mirrored traffic is configured with SPAN, and the first mirrored packet arriving at the ingress port is mirrored to the egress port.

As shown in fig. 4, the first mirrored message arriving at ingress port 1 is mirrored to egress port 2.

511: The first network device sends the mirrored flow of the mirrored target data stream to the mirrored flow transmission device. The mirror traffic transmitting device receives the mirror traffic of the target data stream.

The output port indicated in step 510 is directly connected to the mirror network, so that the mirror message mirrored to the output port is output from the output port to the mirror network.

512: And the mirror image flow transmission equipment determines a forwarding port of the mirror image flow of the target data flow according to the mirror image flow forwarding strategy.

That is, the image traffic transmission device determines, according to the image traffic forwarding policy, an output port corresponding to an input port that receives the image traffic.

For example, when the mirrored traffic transmission device is a TAP device, that is, an output port belonging to the same TAP group as an input port receiving mirrored traffic is determined.

513: The mirror image flow transmission device sends the mirror image flow of the target data flow through the forwarding port.

The mirror image flow of the target data flow is forwarded by one or more mirror image flow transmission devices to the analysis device.

514: The analysis equipment collects the mirror image flow according to the collection and analysis strategy and analyzes the mirror image flow.

The analysis equipment collects the mirror image flow of the collector indicated by the collection and analysis strategy, then analyzes the flows, for example, analyzes the packet loss condition of the same data flow on different network equipment, and then determines the node or link where the packet loss occurs, thereby locating the fault occurrence point.

After receiving the acquisition task, the control device issues configuration in the service network, mirrors the flow to be acquired to a fixed acquisition point (first network device) by ERSPAN, and forwards the flow to the TAP mirror network in a local mirror mode. According to the forwarding strategy in the mirror image network, the flow is transmitted to the analysis equipment, and the flow of any node in the service network can be automatically mirrored to the target analysis equipment, so that the problem of flow acquisition on demand in the network is solved.

Fig. 9 is a block diagram of a flow mirroring device according to an embodiment of the present application. The flow mirroring means may be implemented as all or part of the control device by software, hardware or a combination of both. The flow mirroring device may include: a determining unit 601 and a transmitting unit 602.

The determining unit 601 is configured to determine a target network device in the service network based on the target data flow, where the target network device is a network device that transmits the target data flow;

The sending unit 602 is configured to send a first mirroring instruction to the target network device, where the first mirroring instruction is configured to instruct the target network device to send a mirrored traffic of the target data stream to the first network device, and the first network device is configured to send the mirrored traffic of the target data stream through the mirroring network.

Optionally, a determining unit 601 is configured to obtain a transmission path of the target data stream in the service network; at least one network device on the transmission path is determined as a target network device.

Optionally, the service network comprises at least one first network device;

A determining unit 601, configured to select, from at least one first network device, a first network device that is a mirrored traffic of the transmission target data stream, based on at least one of a length of the first path, a performance of the first path, and a load of the first network device;

Optionally, the determining unit 601 is further configured to determine, according to a topology of the mirror network, a forwarding path from the first network device to the analysis device based on at least one of a length of the second path and a performance of the second path;

The sending unit 602 is further configured to send, based on the forwarding path, a mirror image traffic forwarding policy to a mirror image traffic transmission device of a mirror image network on the forwarding path, where the traffic forwarding policy is used to instruct the mirror image traffic transmission device to determine a forwarding port of the mirror image traffic of the target data stream, and send the mirror image traffic of the target data stream to the analysis device through the forwarding port;

the second path is a path from the first network device to the analysis device.

Fig. 10 is a block diagram of a flow mirroring device according to an embodiment of the present application. The traffic mirroring apparatus may be implemented as all or part of the target network device by software, hardware or a combination of both. The flow mirroring device may include: a receiving unit 701 and a transmitting unit 702.

The receiving unit 701 is configured to receive a first mirror instruction sent by the control device;

a sending unit 702, configured to send, based on the first mirroring instruction, a mirrored flow of the target data stream to a first network device in the service network, where the first network device is configured to send the mirrored flow of the target data stream through the mirroring network.

Fig. 11 is a block diagram of a flow mirroring device according to an embodiment of the present application. The traffic mirroring apparatus may be implemented as all or part of the first network device by software, hardware or a combination of both. The flow mirroring device may include: a receiving unit 801 and a transmitting unit 802.

A receiving unit 801, configured to receive a mirror traffic of a target data stream sent by a target network device in a service network;

A sending unit 802, configured to send the mirror traffic of the target data stream through the mirror network.

It should be noted that, in the flow mirror device provided in the foregoing embodiment, only the division of the functional units is used for illustration when performing data flow identification, and in practical application, the foregoing functional allocation may be performed by different functional units according to needs, that is, the internal structure of the device is divided into different functional units, so as to complete all or part of the functions described above. In addition, the flow mirror device provided in the above embodiment and the flow mirror method embodiment belong to the same concept, and the specific implementation process of the flow mirror device is detailed in the method embodiment, which is not described herein again.

The descriptions of the processes corresponding to the drawings have emphasis, and the descriptions of other processes may be referred to for the parts of a certain process that are not described in detail.

Fig. 12 shows a schematic structural diagram of an electronic device 150 according to an embodiment of the present application. The electronic device may be a control device, a target network device or a first network device. The electronic device 150 shown in fig. 12 is configured to perform the operations related to the flow mirroring method shown in any one of fig. 5 to 8 described above. The electronic device 150 may be implemented by a general bus architecture.

As shown in fig. 12, electronic device 150 includes at least one processor 151, memory 153, and at least one communication interface 154.

Processor 151 is, for example, a general purpose central processing unit (central processing unit, CPU), digital signal processor (DIGITAL SIGNAL processor, DSP), network processor (network processer, NP), data processing unit (Data Processing Unit, DPU), microprocessor, or one or more integrated circuits for implementing aspects of the application. For example, processor 151 includes an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. PLDs are, for example, complex programmable logic devices (complex programmable logic device, CPLD), field-programmable gate arrays (FPGAs), general-purpose array logic (GENERIC ARRAY logic, GAL), or any combination thereof. Which may implement or perform the various logical blocks, modules, and circuits described in connection with the disclosure of embodiments of the application. The processor may also be a combination that performs the function of a computation, e.g., including one or more microprocessors, a combination of a DSP and a microprocessor, and so forth.

Optionally, the electronic device 150 further comprises a bus. The bus is used to transfer information between the components of the electronic device 150. The bus may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 12, but not only one bus or one type of bus.

The Memory 153 is, for example, but not limited to, a read-only Memory (ROM) or other type of static storage device that can store static information and instructions, a random access Memory (random access Memory, RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only Memory, EEPROM), a compact disc read-only Memory (compact disc read-only Memory) or other optical disc storage, a compact disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), a magnetic disk storage medium, or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 153 is, for example, independent and is connected to the processor 151 via a bus. Memory 153 may also be integrated with processor 151.

The communication interface 154 uses any transceiver-like device for communicating with other devices or communication networks, which may be Ethernet, radio Access Network (RAN), or wireless local area network (wireless local area networks, WLAN), etc. Communication interface 154 may include a wired communication interface and may also include a wireless communication interface. Specifically, the communication interface 154 may be an Ethernet (FAST ETHERNET, FE) interface, a Gigabit Ethernet (GE) interface, an asynchronous transfer mode (Asynchronous Transfer Mode, ATM) interface, a wireless local area network (wireless local area networks, WLAN) interface, a cellular network communication interface, or a combination thereof. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. In an embodiment of the present application, the communication interface 154 may be used for the electronic device 150 to communicate with other devices.

In a specific implementation, processor 151 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 12, as an embodiment. Each of these processors may be a single-core (single-CPU) processor or may be a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In a particular implementation, as one embodiment, electronic device 150 may include multiple processors, such as processor 151 and processor 155 shown in FIG. 12. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In a particular implementation, electronic device 150 may also include an output device and an input device, as one embodiment. The output device communicates with the processor 151 and information may be displayed in a variety of ways. For example, the output device may be a Liquid Crystal Display (LCD) CRYSTAL DISPLAY, a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device(s) are in communication with the processor 151 and may receive user input in a variety of ways. For example, the input device may be a mouse, a keyboard, a touch screen device, a sensing device, or the like.

In some embodiments, memory 153 is used to store program code 1510 that performs aspects of the present application, and processor 151 may execute program code 1510 stored in memory 153. That is, the electronic device 150 may implement the flow mirroring method provided by the method embodiment by the processor 151 executing the program code 1510 in the memory 153. One or more software modules may be included in the program code 1510. Alternatively, processor 151 itself may store program code or instructions for performing the inventive arrangements.

In a specific embodiment, the electronic device 150 of the embodiment of the present application may correspond to the controller in each of the above-described method embodiments, where the processor 151 in the electronic device 150 reads the instructions in the memory 153, so that the electronic device 150 shown in fig. 12 can perform all or part of the operations performed by the controller.

Specifically, the processor 151 is configured to determine a target network device in a service network based on a target data flow, where the target network device is a network device that transmits the target data flow; and sending a first mirror instruction to the target network equipment, wherein the first mirror instruction is used for indicating the target network equipment to send the mirror flow of the target data flow to the first network equipment, and the first network equipment is used for sending the mirror flow of the target data flow through a mirror network.

Or the processor 151 is configured to receive a first mirror instruction sent by a control device, where the target network device belongs to a service network; and based on the first mirror instruction, sending the mirror flow of the target data flow to first network equipment in the service network, wherein the first network equipment is used for sending the mirror flow of the target data flow through a mirror network.

Or the processor 151 is configured to receive a mirror flow of a target data stream sent by a target network device, where the first network device and the target network device both belong to a service network; and sending the mirror image flow of the target data flow through a mirror image network.

Other optional embodiments are not described here again for brevity.

The steps of the flow mirroring method shown in any one of fig. 5 to 8 are performed by an integrated logic circuit of hardware or an instruction in software form in a processor of the electronic device 150. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with its hardware, performs the steps of the above method, which will not be described in detail here to avoid repetition.

The embodiment of the application also provides a chip, which comprises: input interface, output interface, processor and memory. The input interface, the output interface, the processor and the memory are connected through an internal connection path. The processor is configured to execute the code in the memory and when the code is executed, the processor is configured to perform any of the traffic mirroring methods described above.

It is to be appreciated that the processor described above may be a CPU, but may also be other general purpose processors, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or any conventional processor or the like. It should be noted that the processor may be a processor supporting the ARM architecture.

Further, in an alternative embodiment, the processor is one or more, and the memory is one or more. Alternatively, the memory may be integrated with the processor or the memory may be separate from the processor. The memory may include read only memory and random access memory and provide instructions and data to the processor. The memory may also include non-volatile random access memory. For example, the memory may also store a reference block and a target block.

The memory may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be ROM, PROM, EPROM, EEPROM or flash memory, among others. The volatile memory may be RAM, which acts as external cache. By way of example, and not limitation, many forms of RAM are available. Such as SRAM, DRAM, SDRAM, DDR SDRAM, ESDRAM, SLDRAM, and DR RAM.

In an embodiment of the present application, there is further provided a computer readable storage medium, in which computer instructions are stored, which when executed by an electronic device, cause the electronic device to perform the above-provided flow mirroring method.

In an embodiment of the present application, there is also provided a computer program product containing instructions that, when executed on an electronic device, cause the electronic device to perform the above-provided flow mirroring method.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk Solid STATE DISK), etc.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The foregoing is merely an alternative embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that may be easily contemplated by those skilled in the art within the scope of the present application should be included in the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "first," "second," "third," and the like in the description and in the claims, are not used for any order, quantity, or importance, but are used for distinguishing between different elements. Likewise, the terms "a" or "an" and the like do not denote a limitation of quantity, but rather denote the presence of at least one. The word "comprising" or "comprises", and the like, is intended to mean that elements or items that are present in front of "comprising" or "comprising" are included in the word "comprising" or "comprising", and equivalents thereof, without excluding other elements or items.

The above embodiments are merely examples of the present application, and the present application is not limited thereto, but any modifications, equivalents, improvements and the like made within the spirit and principle of the present application should be included in the scope of the present application.

Claims

1. A flow mirroring system, the system comprising: control equipment, a service network and a mirror network;

the control device is configured to determine a target network device in the service network based on a target data flow, where the target network device is a network device that transmits the target data flow;

the control device is further configured to send a first mirror instruction to the target network device;

The target network device is configured to send, based on the first mirroring instruction, a mirrored flow of the target data stream to a first network device in the service network;

the first network device is configured to send, through the mirror network, a mirror traffic of the target data stream.

2. The traffic mirror system according to claim 1, wherein the control device is configured to obtain a transmission path of the target data stream in the service network; and determining at least one network device on the transmission path as the target network device.

3. Traffic mirror system according to claim 1 or 2, characterized in that the service network comprises at least one of the first network devices;

The control device is further configured to select, from at least one of the first network devices, a first network device that is a mirror traffic for transmitting the target data stream based on at least one of a length of a first path, a performance of the first path, and a load of the first network device;

Wherein the first path is a path from the target network device to the first network device.

4. A traffic mirroring system according to any one of claims 1 to 3, wherein said first network device is configured to receive mirrored traffic of said target data stream sent by said target network device; transmitting the mirror traffic of the target data stream to the mirror network;

the mirror network is used for sending the mirror flow of the target data flow to analysis equipment.

5. The traffic mirror system of claim 4, wherein the mirror network comprises a plurality of mirror traffic transport devices;

The mirror flow transmission device is configured to determine a forwarding port of the mirror flow of the target data flow according to a mirror flow forwarding policy when the mirror flow of the target data flow is received; and sending the mirror image flow of the target data flow to the analysis equipment through the forwarding port.

6. The traffic mirroring system according to claim 5, wherein the control device is further configured to determine a forwarding path from the first network device to the analysis device based on at least one of a length of a second path and a performance of the second path according to a topology of the mirrored network; transmitting a mirror image flow forwarding strategy to mirror image flow transmission equipment of the mirror image network on the forwarding path based on the forwarding path;

Wherein the second path is a path from the first network device to the analysis device.

7. The flow mirroring system according to any one of claims 4 to 6, wherein the control device and the analysis device are the same device or the control device and the analysis device are different devices.

8. A method of traffic mirroring, the method comprising:

The control equipment determines target network equipment in a service network based on a target data stream, wherein the target network equipment is network equipment for transmitting the target data stream;

the control device sends a first mirror instruction to the target network device, wherein the first mirror instruction is used for indicating the target network device to send the mirror flow of the target data flow to the first network device, and the first network device is used for sending the mirror flow of the target data flow through a mirror network.

9. The method of claim 8, wherein the control device determining a target network device in the traffic network based on the target data flow comprises:

The control equipment acquires a transmission path of the target data stream in the service network;

The control device determines at least one network device on the transmission path as the target network device.

10. The method according to claim 8 or 9, wherein the service network comprises at least one of the first network devices; the method further comprises the steps of:

The control device selects one first network device from at least one first network device as a mirror traffic for transmitting the target data stream based on at least one of a length of a first path, a performance of the first path, and a load of the first network device;

11. The method according to any one of claims 8 to 10, further comprising:

The control device determines a forwarding path from the first network device to an analysis device based on at least one of a length of a second path and performance of the second path according to a topology of the mirrored network;

The control device sends a mirror image flow forwarding strategy to a mirror image flow transmission device of the mirror image network on the forwarding path based on the forwarding path, wherein the flow forwarding strategy is used for indicating the mirror image flow transmission device to determine a forwarding port of the mirror image flow of the target data flow, and the mirror image flow of the target data flow is sent to the analysis device through the forwarding port;

12. A method of traffic mirroring, the method comprising:

the method comprises the steps that target network equipment receives a first mirror image instruction sent by control equipment, wherein the target network equipment belongs to a service network;

The target network device sends the mirror image flow of the target data flow to the first network device in the service network based on the first mirror image instruction, and the first network device is used for sending the mirror image flow of the target data flow through a mirror image network.

13. A method of traffic mirroring, the method comprising:

The method comprises the steps that first network equipment receives mirror image flow of a target data stream sent by target network equipment, wherein the first network equipment and the target network equipment both belong to a service network;

The first network device sends the mirror traffic of the target data stream over a mirror network.

14. A flow mirroring device, the device comprising:

a determining unit, configured to determine a target network device in a service network based on a target data flow, where the target network device is a network device that transmits the target data flow;

The sending unit is used for sending a first mirror instruction to the target network equipment, the first mirror instruction is used for indicating the target network equipment to send the mirror flow of the target data flow to the first network equipment, and the first network equipment is used for sending the mirror flow of the target data flow through a mirror network.

15. The apparatus according to claim 14, wherein the determining unit is configured to obtain a transmission path of the target data stream in the service network; and determining at least one network device on the transmission path as the target network device.

16. The apparatus according to claim 14 or 15, wherein the service network comprises at least one of the first network devices;

The determining unit is further configured to select, from at least one first network device, a first network device that is a mirror traffic for transmitting the target data stream, based on at least one of a length of a first path, a performance of the first path, and a load of the first network device;

17. The apparatus according to any of the claims 14 to 16, wherein the determining unit is further configured to determine a forwarding path from the first network device to an analysis device based on at least one of a length of a second path and a performance of the second path according to a topology of the mirrored network;

The sending unit is further configured to send, based on the forwarding path, a mirror image traffic forwarding policy to a mirror image traffic transmission device of the mirror image network on the forwarding path, where the traffic forwarding policy is used to instruct the mirror image traffic transmission device to determine a forwarding port of the mirror image traffic of the target data flow, and send, through the forwarding port, the mirror image traffic of the target data flow to the analysis device;

18. A traffic mirroring apparatus, the traffic mirroring apparatus belonging to a service network, the apparatus comprising:

And the sending unit is used for sending the mirror image flow of the target data flow to the first network equipment in the service network based on the first mirror image instruction, and the first network equipment is used for sending the mirror image flow of the target data flow through a mirror image network.

19. A traffic mirroring apparatus, the traffic mirroring apparatus belonging to a service network, the apparatus comprising:

a receiving unit, configured to receive a mirror traffic of a target data stream sent by a target network device in the service network;

and the sending unit is used for sending the mirror image flow of the target data flow through a mirror image network.

20. An electronic device comprising a processor and a memory for storing a software program, the processor being configured to cause the electronic device to implement the method of any one of claims 8 to 13 by running or executing the software program stored in the memory.

21. A computer readable storage medium storing program code for execution by a processor, the program code comprising instructions for implementing the method of any one of claims 8 to 13.

22. A computer program product comprising program code which, when run on a computer, causes the computer to perform the method of any of claims 8 to 13.