patents.google.com

CN111049744A - Distributed routing protocol correlation analysis method and device - Google Patents

  • ️Tue Apr 21 2020

CN111049744A - Distributed routing protocol correlation analysis method and device - Google Patents

Distributed routing protocol correlation analysis method and device Download PDF

Info

Publication number
CN111049744A
CN111049744A CN201911327590.8A CN201911327590A CN111049744A CN 111049744 A CN111049744 A CN 111049744A CN 201911327590 A CN201911327590 A CN 201911327590A CN 111049744 A CN111049744 A CN 111049744A Authority
CN
China
Prior art keywords
routing
analysis
route
management platform
type
Prior art date
2019-12-20
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911327590.8A
Other languages
Chinese (zh)
Inventor
陈景
韩志亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wangtai Technology Development Co ltd
Original Assignee
Beijing Wangtai Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
2019-12-20
Filing date
2019-12-20
Publication date
2020-04-21
2019-12-20 Application filed by Beijing Wangtai Technology Development Co ltd filed Critical Beijing Wangtai Technology Development Co ltd
2019-12-20 Priority to CN201911327590.8A priority Critical patent/CN111049744A/en
2020-04-21 Publication of CN111049744A publication Critical patent/CN111049744A/en
Status Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/44Distributed routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/70Routing based on monitoring results

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a distributed routing protocol correlation analysis method and device. The method comprises the following steps: the route monitoring probe acquires the monitored route data in the route data packet according to the association analysis strategy issued by the unified security management platform; the route monitoring probes send the route data to the unified safety management platform, so that the unified safety management platform performs correlation analysis on the route data sent by all the route monitoring probes to obtain an analysis result. According to the method and the device provided by the embodiment of the invention, the route monitoring probes are arranged at different positions of the network to acquire the route data in the route data packets at different positions, so that the unified security management platform can carry out all-around analysis on the route data at different positions, and the integrity and the correctness of an analysis result are ensured. And moreover, the collection and analysis of the routing data are not finished on the same equipment, so that the operating pressure of each equipment is reduced.

Description

Distributed routing protocol correlation analysis method and device

Technical Field

The present invention relates to the field of network security technologies, and in particular, to a distributed routing protocol association analysis method and apparatus.

Background

In order to ensure the network security, the routing data in the network needs to be acquired for network security analysis. In the prior art, the collection and analysis of routing data are completed by one device, under the condition, the operating pressure of the device is higher, and the routing data is data in the same autonomous domain.

Disclosure of Invention

Aiming at the problems in the prior art, the embodiment of the invention provides a distributed routing protocol correlation analysis method and a distributed routing protocol correlation analysis device.

In a first aspect, an embodiment of the present invention provides a distributed routing protocol association analysis method, including:

the route monitoring probe acquires the monitored route data in the route data packet according to the association analysis strategy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the routing monitoring probes send the routing data to the unified security management platform, so that the unified security management platform performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Further, the route monitoring probe is deployed in a bypass mode at the border of an autonomous domain or between different autonomous domains.

Furthermore, the route monitoring probe is connected with the unified security management platform through a special line or a special IP tunnel; the special line is a special physical line or a virtual special line.

In a second aspect, an embodiment of the present invention provides a distributed routing protocol association analysis method, including:

the unified security management platform issues association analysis strategies to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires route data in monitored route data packets according to the received association analysis strategies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the unified safety management platform receives the routing data sent by all the routing monitoring probes, and performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Further, still include:

and presenting the analysis result.

In a third aspect, an embodiment of the present invention provides a distributed routing protocol association analysis apparatus, including:

the acquisition module is used for acquiring the monitored routing data in the routing data packet according to the association analysis strategy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the sending module is used for sending the routing data to the unified security management platform so that the unified security management platform can perform correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

In a fourth aspect, an embodiment of the present invention provides a distributed routing protocol association analysis apparatus, including:

the issuing module is used for issuing the association analysis strategies to the route monitoring probes deployed at various positions so that each route monitoring probe acquires the monitored route data in the route data packet according to the received association analysis strategies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the analysis module is used for receiving the routing data sent by all the routing monitoring probes and carrying out correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Further, still include:

and the presentation module is used for presenting the analysis result.

In a fifth aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the steps of the method according to the first aspect or the second aspect when executing the program.

In a sixth aspect, embodiments of the present invention provide a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the method as provided in the first or second aspect.

According to the distributed routing protocol correlation analysis method and device provided by the embodiment of the invention, the routing monitoring probes are arranged at different positions of the network, so that the routing data in the routing data packets at different positions can be collected, the unified security management platform can carry out omnibearing analysis on the routing data at different positions, and the integrity and correctness of an analysis result are ensured. Meanwhile, the routing data is acquired by the routing monitoring probe, and the routing data is analyzed by the unified safety management platform, namely, the acquisition and the analysis of the routing data are not completed on the same equipment, so that the operating pressure of each equipment is reduced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.

Fig. 1 is a flowchart of a distributed routing protocol association analysis method according to an embodiment of the present invention;

fig. 2 is a flowchart of a distributed routing protocol association analysis method according to another embodiment of the present invention;

fig. 3 is a schematic structural diagram of a distributed routing protocol association analysis apparatus according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a distributed routing protocol association analysis apparatus according to another embodiment of the present invention;

fig. 5 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Fig. 1 is a flowchart of a distributed routing protocol association analysis method provided in an embodiment of the present invention, where an execution subject of the method is a routing monitoring probe, and as shown in fig. 1, the method includes:

step

101, a route monitoring probe collects monitored route data in a route data packet according to an association analysis strategy issued by a unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

102, the routing monitoring probes send the routing data to the unified security management platform, so that the unified security management platform performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Specifically, the route monitoring probe is used for monitoring route data packets in the network and recording the interaction process of different route data packets in the network. In an embodiment of the invention, route monitoring probes are deployed at different locations of the network. For example, route monitoring probes are deployed in bypass mode at autonomous domain boundaries and between different autonomous domains. Where an autonomous domain is a large network or group of networks managed by a single organization. The autonomous domain boundary refers to an outlet of the autonomous domain, and the bypass deployment of the routing monitoring probe at the autonomous domain boundary refers to that the routing monitoring probe mirrors out a traffic (namely, a routing data packet) from the outlet of the autonomous domain, and the traffic is copied. And deploying the route monitoring probes in a bypass mode among different autonomous domains to obtain route data packets among different autonomous domains.

Further, the route monitoring probe acquires the monitored route data in the route data packet according to the associated analysis strategy issued by the unified safety management platform. The unified safety management platform is used for managing the route monitoring probes and is responsible for analyzing the route data acquired by the route monitoring probes deployed at different positions. The association analysis strategy comprises the following steps: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field for instructing the route monitoring probe to collect specific data in the routing packet.

The policy ID is an identifier for distinguishing the policy from other policies, which is not specifically limited in this embodiment of the present invention.

The routing protocol types are: open Shortest Path First (OSPF), Intermediate system to Intermediate system (ISIS). OSPF is an interior gateway protocol for routing decisions within a single Autonomous System (AS). ISIS is an autonomous system interior gateway protocol, one of the interior gateway protocols commonly used by telecommunication operators.

The type of the data packet: the types of data packets corresponding to different types of routing protocols are different, for example: the data packet type corresponding to the routing protocol type of the OSPF type is as follows: hello, DB Description, LS request, LS Update. The data packet type corresponding to the routing protocol type of the ISIS type is as follows: hello, LSP, SNP.

And (4) an associated field: the associated field of the routing protocol type of the OSPF type is DD sequence, and the DDsequence of different messages must be continuously increased. The correlation fields of the routing protocol type of the ISIS type are start lsp-id and end lsp-id, and the start lsp-id in a single message must be smaller than the end lsp-id. The routing monitoring probes send the collected routing data to the unified safety management platform, and after the unified safety management platform receives the routing data collected by the routing monitoring probes deployed at different positions of the network, the routing data are subjected to correlation analysis to obtain an analysis result. Wherein, the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

For example, if a route monitoring probe located at the border of the autonomous domain receives the association analysis policy: strategy 1, OSPF, hello, DD sequence. The route monitoring probe only needs to collect DD sequence of OSPF, and the unified security management platform can judge whether dangerous operation is performed according to whether the continuously collected DD sequence is continuous. The correlation analysis is carried out on the same field of different OSPF messages.

For another example, if a route monitoring probe located at a border of the autonomous domain receives the association analysis policy: strategy 2, ISIS, SNP, start lsp-id, end lsp-id. The route monitoring probe only needs to collect start lsp-id and end lsp-id of ISIS, and if the unified security management platform judges that the start lsp-id in the same message is larger than the end lsp-id, the unified security management platform judges that the operation is dangerous. The correlation analysis is to perform correlation analysis on different fields in the same packet of the ISIS.

According to the method provided by the embodiment of the invention, the route monitoring probes are arranged at different positions of the network, so that the route data in the route data packets at different positions can be collected, the unified security management platform can carry out omnibearing analysis on the route data at different positions, and the integrity and correctness of the analysis result are ensured. Meanwhile, the routing data is acquired by the routing monitoring probe, and the routing data is analyzed by the unified safety management platform, namely, the acquisition and the analysis of the routing data are not completed on the same equipment, so that the operating pressure of each equipment is reduced.

Based on any of the above embodiments, the route monitoring probe is deployed in a bypass mode at the border of an autonomous domain or between different autonomous domains.

Based on any of the above embodiments, the route monitoring probe is connected with the unified security management platform through a dedicated line or a dedicated IP tunnel; the special line is a special physical line or a virtual special line.

Fig. 2 is a flowchart of a distributed routing protocol association analysis method according to another embodiment of the present invention, where an execution subject of the method is a unified security management platform, as shown in fig. 2, the method includes:

step

201, the unified security management platform issues association analysis strategies to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires route data in monitored route data packets according to the received association analysis strategies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

202, the unified safety management platform receives the routing data sent by all the routing monitoring probes, and performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Specifically, routing monitoring probes are disposed at different locations of the network, for example, the routing monitoring probes are disposed at the boundary of the autonomous domain to mirror out the traffic (i.e., routing packets) at the network outlet, and the routing monitoring probes are disposed between different autonomous domains to obtain routing packets between different autonomous domains.

And the unified safety management platform issues association analysis strategies to the route monitoring probes at different positions, and the route monitoring probes acquire the monitored route data in the route data packet and send the route data to the unified safety management platform after receiving the association analysis strategies. It should be noted that the association analysis strategy is described in detail in the above embodiments, and is not described herein again.

And after receiving the routing data sent by the routing monitoring probes deployed at different positions, the unified safety management platform analyzes the routing data to obtain an analysis result. Wherein, the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

According to the method provided by the embodiment of the invention, the route monitoring probes are arranged at different positions of the network, so that the route data in the route data packets at different positions can be collected, the unified security management platform can carry out omnibearing analysis on the route data at different positions, and the integrity and correctness of the analysis result are ensured. Meanwhile, the routing data is acquired by the routing monitoring probe, and the routing data is analyzed by the unified safety management platform, namely, the acquisition and the analysis of the routing data are not completed on the same equipment, so that the operating pressure of each equipment is reduced.

Based on any of the above embodiments, the method provided by the embodiment of the present invention further includes:

and presenting the analysis result.

Fig. 3 is a schematic structural diagram of a distributed routing protocol association analysis apparatus according to an embodiment of the present invention, where the apparatus is a routing monitoring probe, and as shown in fig. 3, the apparatus includes:

the

acquisition module

301 is configured to acquire the monitored routing data in the routing data packet according to the association analysis policy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field; a sending

module

302, configured to send the routing data to the unified security management platform, so that the unified security management platform performs association analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Specifically, the apparatus provided in the embodiment of the present invention is specifically configured to execute the above embodiment of the method for route monitoring probe end, and details thereof are not repeated in the embodiment of the present invention. The device provided by the embodiment of the invention is deployed at each position of a network, and each device can acquire the route data in the route data packet at the corresponding position, so that the unified security management platform can carry out all-around analysis on the route data at different positions, and the integrity and the correctness of an analysis result are ensured. Meanwhile, the collection and analysis of the routing data are not completed on the same equipment, so that the operating pressure of each equipment is reduced.

Fig. 4 is a schematic structural diagram of a distributed routing protocol association analysis apparatus according to another embodiment of the present invention, where the apparatus is a unified security management platform, and as shown in fig. 4, the apparatus includes:

an

issuing module

401, configured to issue association analysis policies to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires route data in the monitored route data packet according to the received association analysis policies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field; an

analysis module

402, configured to receive the routing data sent by all the routing monitoring probes, and perform correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

Specifically, the apparatus provided in the embodiment of the present invention is specifically configured to execute the embodiment of the method at the unified security management platform side, and details of the embodiment of the present invention are not repeated herein. According to the device provided by the embodiment of the invention, the route monitoring probes are arranged at different positions of the network, so that the route data in the route data packets at different positions can be collected, the unified safety management platform can carry out omnibearing analysis on the route data at different positions, and the integrity and correctness of an analysis result are ensured. Meanwhile, the routing data is acquired by the routing monitoring probe, and the routing data is analyzed by the unified safety management platform, namely, the acquisition and the analysis of the routing data are not completed on the same equipment, so that the operating pressure of each equipment is reduced.

Fig. 5 is a schematic entity structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device may include: a processor (processor)501, a communication Interface (Communications Interface)502, a memory (memory)503, and a

communication bus

504, wherein the

processor

501, the

communication Interface

502, and the

memory

503 are configured to communicate with each other via the

communication bus

504. The

processor

501 may invoke a computer program stored on the

memory

503 and executable on the

processor

501 to perform the methods provided by the above embodiments, including, for example: collecting the monitored routing data in the routing data packet according to an association analysis strategy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field; sending the routing data to the unified security management platform so that the unified security management platform performs correlation analysis on all routing data to obtain an analysis result; wherein the analysis result comprises: collecting the monitored routing data in the routing data packet according to an association analysis strategy issued by the unified security management platform; and sending the routing data to the unified security management platform so that the unified security management platform performs correlation analysis on all routing data to obtain an analysis result. Or issuing a correlation analysis strategy to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires the monitored route data in the route data packet according to the received correlation analysis strategy; and receiving the routing data sent by all the routing monitoring probes, and carrying out correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result.

In addition, the logic instructions in the

memory

503 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or make a contribution to the prior art, or may be implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

Embodiments of the present invention further provide a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the method provided in the foregoing embodiments when executed by a processor, and the method includes: collecting the monitored routing data in the routing data packet according to an association analysis strategy issued by the unified security management platform; and sending the routing data to the unified security management platform so that the unified security management platform performs correlation analysis on all routing data to obtain an analysis result. Or issuing a correlation analysis strategy to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires the monitored route data in the route data packet according to the received correlation analysis strategy; and receiving the routing data sent by all the routing monitoring probes, and carrying out correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result.

The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.

Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A distributed routing protocol correlation analysis method is characterized by comprising the following steps:

the route monitoring probe acquires the monitored route data in the route data packet according to the association analysis strategy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the routing monitoring probes send the routing data to the unified security management platform, so that the unified security management platform performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

2. The method of claim 1, wherein the route monitoring probe is deployed in a bypass mode at an autonomous domain boundary or between different autonomous domains.

3. The method according to claim 1, wherein the route monitoring probe is connected with the unified security management platform through a dedicated line or a dedicated IP tunnel; the special line is a special physical line or a virtual special line.

4. A distributed routing protocol correlation analysis method is characterized by comprising the following steps:

the unified security management platform issues association analysis strategies to the route monitoring probes deployed at various positions, so that each route monitoring probe acquires route data in monitored route data packets according to the received association analysis strategies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the unified safety management platform receives the routing data sent by all the routing monitoring probes, and performs correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

5. The method of claim 4, further comprising:

and presenting the analysis result.

6. A distributed routing protocol association analysis apparatus, comprising:

the acquisition module is used for acquiring the monitored routing data in the routing data packet according to the association analysis strategy issued by the unified security management platform; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the sending module is used for sending the routing data to the unified security management platform so that the unified security management platform can perform correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

7. A distributed routing protocol association analysis apparatus, comprising:

the issuing module is used for issuing the association analysis strategies to the route monitoring probes deployed at various positions so that each route monitoring probe acquires the monitored route data in the route data packet according to the received association analysis strategies; wherein the association analysis policy comprises: any one or more of a policy ID, a routing protocol type, a packet type, and an associated field;

the analysis module is used for receiving the routing data sent by all the routing monitoring probes and carrying out correlation analysis on the routing data sent by all the routing monitoring probes to obtain an analysis result; wherein the analysis result comprises: any one or more of the type, the quantity, the time, the router address, the type and the quantity of the high-risk message sent by any router to other routers.

8. The apparatus of claim 7, further comprising:

and the presentation module is used for presenting the analysis result.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method according to any of claims 1 to 5 are implemented when the processor executes the program.

10. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.

CN201911327590.8A 2019-12-20 2019-12-20 Distributed routing protocol correlation analysis method and device Pending CN111049744A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911327590.8A CN111049744A (en) 2019-12-20 2019-12-20 Distributed routing protocol correlation analysis method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911327590.8A CN111049744A (en) 2019-12-20 2019-12-20 Distributed routing protocol correlation analysis method and device

Publications (1)

Publication Number Publication Date
CN111049744A true CN111049744A (en) 2020-04-21

Family

ID=70238250

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911327590.8A Pending CN111049744A (en) 2019-12-20 2019-12-20 Distributed routing protocol correlation analysis method and device

Country Status (1)

Country Link
CN (1) CN111049744A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115811468A (en) * 2022-11-18 2023-03-17 深信服科技股份有限公司 Distribution method, device, electronic equipment and storage medium of flow collection strategy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859239A (en) * 2006-06-07 2006-11-08 北京邮电大学 Monitoring and analytic system for route between domain of internet and its working method
CN1905512A (en) * 2006-08-17 2007-01-31 北京邮电大学 Monitoring and analyzing system for opening shortest path priority route protocol and working method
CN101867503A (en) * 2010-06-09 2010-10-20 清华大学 A method for cross-domain BGP routing policy deployment
CN103442008A (en) * 2013-08-29 2013-12-11 中国科学院计算技术研究所 System and method for detecting routing security

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859239A (en) * 2006-06-07 2006-11-08 北京邮电大学 Monitoring and analytic system for route between domain of internet and its working method
CN1905512A (en) * 2006-08-17 2007-01-31 北京邮电大学 Monitoring and analyzing system for opening shortest path priority route protocol and working method
CN101867503A (en) * 2010-06-09 2010-10-20 清华大学 A method for cross-domain BGP routing policy deployment
CN103442008A (en) * 2013-08-29 2013-12-11 中国科学院计算技术研究所 System and method for detecting routing security

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115811468A (en) * 2022-11-18 2023-03-17 深信服科技股份有限公司 Distribution method, device, electronic equipment and storage medium of flow collection strategy

Similar Documents

Publication Publication Date Title
JP7108674B2 (en) 2022-07-28 Failure root cause determination method and device, and computer storage medium
US11323307B2 (en) 2022-05-03 Method and system of a dynamic high-availability mode based on current wide area network connectivity
JP6419967B2 (en) 2018-11-07 System and method for network management
CN104796298B (en) 2019-06-07 A kind of method and device of SDN network accident analysis
US20170339022A1 (en) 2017-11-23 Anomaly detection and prediction in a packet broker
CN108055207A (en) 2018-05-18 A kind of network topology cognitive method and device
CN108055144A (en) 2018-05-18 The monitoring method and system of a kind of network equipment
CN111030873A (en) 2020-04-17 Fault diagnosis method and device
CA2995566A1 (en) 2017-02-16 Systems and methods for managing network health
US11140059B1 (en) 2021-10-05 Active path detection for on-demand network links in a software-defined wide area network (SDWAN)
CN112291075B (en) 2022-08-30 Network fault positioning method and device, computer equipment and storage medium
CN106452915B (en) 2020-03-13 Method and device for discovering MPLS VPN network topology
CN102449957A (en) 2012-05-09 IP network fault positioning method, device and system
CN108512699B (en) 2020-08-14 Block chain service server data anomaly detection method and equipment and block chain system
CN111049744A (en) 2020-04-21 Distributed routing protocol correlation analysis method and device
WO2017200651A1 (en) 2017-11-23 Anomaly detection and prediction in a packet broker
KR101829881B1 (en) 2018-02-19 Flow management system, controller and method for detecting fault
EP2562974B1 (en) 2016-09-14 Message multiple-transfer method, device and system
CN110868429A (en) 2020-03-06 BGP routing protocol security protection method and device
CN101431435A (en) 2009-05-13 Connection-oriented service configuration and management method
CN110855566A (en) 2020-02-28 Method and device for dragging upstream flow
CN113301003B (en) 2022-06-21 Information and data link detection method, device and storage medium
JP6460893B2 (en) 2019-01-30 Communication path monitoring device, communication system, failure determination method, and program
CN111083011A (en) 2020-04-28 Automatic testing method and device for routing security firewall and management platform
US20150372894A1 (en) 2015-12-24 Direct-link quality monitoring method, communications device, and system

Legal Events

Date Code Title Description
2020-04-21 PB01 Publication
2020-04-21 PB01 Publication
2020-05-15 SE01 Entry into force of request for substantive examination
2020-05-15 SE01 Entry into force of request for substantive examination
2022-09-02 RJ01 Rejection of invention patent application after publication

Application publication date: 20200421

2022-09-02 RJ01 Rejection of invention patent application after publication