CN105530144A - Service identifying method and system in asymmetrical routing environment - Google Patents
Service identifying method and system in asymmetrical routing environment Download PDFInfo
- Publication number
- CN105530144A CN105530144A CN201510945648.0A CN201510945648A CN105530144A CN 105530144 A CN105530144 A CN 105530144A CN 201510945648 A CN201510945648 A CN 201510945648A CN 105530144 A CN105530144 A CN 105530144A
- Authority
- CN
- China
- Prior art keywords
- user access
- access logs
- business
- user
- logs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/062—Generation of reports related to network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a service identifying method and system in asymmetrical routing environment. The method comprises: receiving user access logs uploaded by DPI (Deep Packet Inspection) devices; respectively gathering and matching the user access logs of the same time period; extracting effective service according to the matched user access logs so as to obtain a final identifying result. The DPI devices are arranged in the backbone link through which a user terminal accesses to the internet; a plurality of DPI devices cover the backbone link together; the user access logs are generated through obtaining the request messages sent by the user terminal or the response messages returned by the server and carrying out service identification according to the request messages or the response messages. According to the invention, the final identification result is obtained through receiving the user access logs uploaded by the DPI devices respectively deployed in the backbone link by a data analyzing platform, gathering and matching the user access logs of the same time period and extracting the effective service; therefore, the service in the asymmetrical routing environment is identified effectively and accurately.
Description
Technical field
The application relates to Network recognition technology field, is specifically related to the business recognition method in a kind of asymmetric routed environment and system.
Background technology
At internet arena, in order to the access behavior of detailed recording user, the business information of access service is a very important content.Traditional business recognition method, realizes the identification of the type of service to whole session to the depth detection of message mainly through DPI technology.
Deep-packet detection (DeepPacketInspection, being called for short DPI) technology is a kind of flow detection based on application layer and control technology, when IP packet, TCP or UDP message flow through the bandwidth management system based on DPI technology, this system is recombinated to the application layer message in OSI seven layer protocol by the content of deep reading IP payload package, thus obtain the content of whole application program, then according to the management strategy of system definition, shaping operation is carried out to flow.
DPI equipment possesses business data flow identification, business datum flow-control capability, be operated in osi model transport layer to application layer, there is high data-handling capacity, the business that can carry network identifies and traffic management, can be deployed in the network equipment of the positions such as network backbone layer, metropolitan area network and enterprises.
Ideally, the request message of user terminal and back message can walk identical network path.Fig. 1 is the scene schematic diagram of symmetric routing environment in prior art.As shown in Figure 1, in symmetric routing environment, DPI equipment 50 can obtain the message of twocouese, and uses DPI technology to carry out traffic identification, by the result merger of traffic identification on same five-tuple.Finally export ticket result, then the ticket that this five-tuple produces can bring correct traffic identification result.
Five-tuple refers to a set of these five parameter compositions of IP address, source port, object IP address, destination interface and transport layer protocol.Five-tuple can distinguish different sessions, and the session of correspondence is unique.
But in asymmetric routed environment, there is the larger defect of error in above-mentioned recognition methods.Fig. 2 is the scene schematic diagram of asymmetric routed environment in prior art.As shown in Figure 2, in asymmetric routed environment, dpi equipment 50 cannot obtain the message of twocouese usually, usually obtains by a DPI equipment 50 request message that user terminal sends, then obtains by another dpi equipment 50 back message that server 90 returned by the Internet 70.Due to the request message of forward and the physical separation of reverse back message, finally easily cause dpi equipment 50 inaccurate for the traffic identification result in one of them direction.
Summary of the invention
In view of above-mentioned defect of the prior art or deficiency, expect to provide a kind of business recognition method and the system that can realize accurate traffic identification in asymmetric routed environment.
First aspect, the invention provides the business recognition method in a kind of asymmetric routed environment, described method comprises:
Receive the user access logs that DPI (deep-packet detection) equipment is uploaded;
Converge respectively and mate the described user access logs of same period;
Effective traffic is extracted to obtain final recognition result according to the user access logs of coupling.
Wherein, described DPI equipment is arranged in the backbone links of user terminal access the Internet, and some described DPI equipment covers described backbone links jointly.
Described user access logs obtains request message that user terminal sends or the back message that server returns by described DPI equipment, and carries out traffic identification according to described request message or back message and generated.
Second aspect, the invention provides the business identifying system in a kind of asymmetric routed environment, described system comprises:
DPI (deep-packet detection) equipment, be arranged in the backbone links of user terminal access the Internet, for covering the back message that described backbone links returns with the request message or server that obtain user terminal transmission, and carry out traffic identification according to described request message or back message, result according to described traffic identification generates user access logs, uploads described user access logs;
Data Analysis Platform, for receiving the user access logs that described DPI equipment is uploaded, converging and mating the described user access logs of same period, extracting effective traffic to obtain final recognition result according to the user access logs of coupling.
Business recognition method in the asymmetric routed environment that the many embodiments of the present invention provide and system receive the user access logs being deployed in the DPI equipment in each backbone links respectively and uploading by setting data analysis platform, the user access logs of same period is converged and mates, thus extract effective traffic to obtain final recognition result, have effectively achieved the accurate identification to business in asymmetric routed environment;
Business recognition method in the asymmetric routed environment that some embodiments of the invention provide and system determine the final recognition result of the effective traffic extracted according to the user access logs of same five-tuple by priority, improve the accuracy rate of traffic identification.
Accompanying drawing explanation
By reading the detailed description done non-limiting example done with reference to the following drawings, the other features, objects and advantages of the application will become more obvious:
Fig. 1 is the scene schematic diagram of symmetric routing environment in prior art.
Fig. 2 is the scene schematic diagram of asymmetric routed environment in prior art.
The flow chart of the business recognition method in the asymmetric routed environment that Fig. 3 provides for one embodiment of the invention.
Fig. 4 is the flow chart of the step S50 of business recognition method shown in Fig. 3.
Fig. 5 is the flow chart of the step S70 of business recognition method shown in Fig. 3.
Fig. 6 is the flow chart of the preferred embodiment of business recognition method shown in Fig. 3.
The structural representation of the business identifying system in the asymmetric routed environment that Fig. 7 provides for one embodiment of the invention.
Description of reference numerals:
10 user terminals
30 apparatus for network node
50DPI equipment
70 the Internets
80 Data Analysis Platforms
90 servers
Embodiment
Below in conjunction with drawings and Examples, the application is described in further detail.Be understandable that, specific embodiment described herein is only for explaining related invention, but not the restriction to this invention.It also should be noted that, for convenience of description, illustrate only in accompanying drawing and invent relevant part.
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the application in detail in conjunction with the embodiments.
The flow chart of the business recognition method in the asymmetric routed environment that Fig. 3 provides for one embodiment of the invention.
As shown in Figure 3, in the present embodiment, the business recognition method in asymmetric routed environment provided by the invention comprises:
S30: receive the user access logs that DPI (deep-packet detection) equipment is uploaded.
S50: converge respectively and mate the described user access logs of same period.
S70: extract effective traffic to obtain final recognition result according to the user access logs of coupling.
Wherein, described DPI equipment is arranged in the backbone links of user terminal access the Internet, and some described DPI equipment covers described backbone links jointly;
Described user access logs obtains request message that user terminal sends or the back message that server returns by described DPI equipment, and carries out traffic identification according to described request message or back message and generated.
Above-described embodiment receives the user access logs being deployed in the DPI equipment in each backbone links respectively and uploading by setting data analysis platform, the user access logs of same period is converged and mates, thus extract effective traffic to obtain final recognition result, have effectively achieved the accurate identification to business in asymmetric routed environment.
In a preferred embodiment, described user access logs comprises the five-tuple of server described in described user terminal access.
Fig. 4 is the flow chart of the step S50 of business recognition method shown in Fig. 3.
As shown in Figure 4, in a preferred embodiment, step S50 comprises:
S501: the user access logs converging the same period.
S503: the user access logs mating request message corresponding according to same five-tuple respectively and back message generation.
Fig. 5 is the flow chart of the step S70 of business recognition method shown in Fig. 3.
As shown in Figure 5, in a preferred embodiment, step S70 comprises:
S701: the user access logs according to coupling extracts effective traffic.
S703: the priority obtaining the effective traffic extracted.
S705: in user access logs individual event of extracting or multinomial effective traffic of each group coupling, the effective traffic getting priority the highest is final recognition result.
Above-described embodiment determines the final recognition result of the effective traffic extracted according to the user access logs of same five-tuple by priority, improve the accuracy rate of traffic identification.
Fig. 6 is the flow chart of the preferred embodiment of business recognition method shown in Fig. 3.
As shown in Figure 6, in a preferred embodiment, also comprise after step S70:
S90: generate user journal according to described final recognition result.
Particularly, by an example, above-mentioned business recognition method is described:
In an asymmetric routed environment, 20 DPI equipment to arrange respectively in the backbone links of described asymmetric routed environment and covers described backbone links.Some user terminals send service request respectively by described backbone links and the Internet to each server.Wherein a DPI equipment obtains the first request message that user terminal A sends, and generates first user access log according to the first request message; 2nd DPI equipment obtains the first back message that server H returns to user terminal A, and generates the second user access logs according to the first back message; 5th DPI equipment obtains the second request message that user terminal C sends, and generates the 6th user access logs according to the second request message; 8th DPI equipment obtains the second back message that server R returns to user terminal C, and generates the 8th user access logs according to the second back message.Described 20 DPI equipment upload some user access logses of each self-generating respectively.
Wherein, described first user access log and described second user access logs comprise the same five-tuple of user terminal A access services device H respectively; Described 6th user access logs and described 8th user access logs comprise the same five-tuple of user terminal C access services device R respectively.
After some user access logses that described 20 the DPI equipment of Data Analysis Platform reception are uploaded respectively, converge the user access logs with the period, and the five-tuple in converged user access logs is mated, such as described first user access log is mated with described second user access logs, described 6th user access logs is mated with described 8th user access logs.
Data Analysis Platform comprises the user access logs coupling of same five-tuple by each group after, individual event or multinomial effective traffic is extracted from the user access logs of coupling, such as from described first user access log and described second user access logs, extract http, from described 6th user access logs and described 8th user access logs, extract http and micro-letter; Obtain the priority of the effective traffic extracted again, the priority of such as http is 1, the priority of micro-letter is 2, the effective traffic getting priority the highest is final recognition result, then user terminal A produces the final recognition result of this access of described first user access log and described second user access logs is http, and the final recognition result that user terminal C produces this access of described 6th user access logs and described 8th user access logs is micro-letter.Data Analysis Platform generates user journal according to above-mentioned final recognition result.
The structural representation of the business identifying system in the asymmetric routed environment that Fig. 7 provides for one embodiment of the invention.
As shown in Figure 7, in the present embodiment, the business identifying system in asymmetric routed environment provided by the invention comprises:
DPI equipment 50, being arranged on user terminal 10 accesses in the backbone links of the Internet 70, for covering the back message that described backbone links returns with the request message or server 90 that obtain user terminal 10 transmission, and carry out traffic identification according to described request message or back message, result according to described traffic identification generates user access logs, uploads described user access logs.
Data Analysis Platform 80, for receiving the user access logs that DPI equipment 50 is uploaded, converging and mating the described user access logs of same period, extracting effective traffic to obtain final recognition result according to the user access logs of coupling.
In a preferred embodiment, described user access logs comprises the five-tuple of user terminal 10 access services device 90.
In a preferred embodiment, described coupling comprises with the described user access logs of period: the user access logs mating request message corresponding according to same five-tuple respectively and back message generation.
In a preferred embodiment, Data Analysis Platform 80 also for obtaining the priority of extracted effective traffic, and gets user access logs individual event of extracting of each group coupling or the highest effective traffic of multinomial effective traffic medium priority is final recognition result.
In a preferred embodiment, Data Analysis Platform 80 is also for generating user journal according to described final recognition result.
More than describe and be only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art are to be understood that, invention scope involved in the application, be not limited to the technical scheme of the particular combination of above-mentioned technical characteristic, also should be encompassed in when not departing from described inventive concept, other technical scheme of being carried out combination in any by above-mentioned technical characteristic or its equivalent feature and being formed simultaneously.The technical characteristic that such as, disclosed in above-mentioned feature and the application (but being not limited to) has similar functions is replaced mutually and the technical scheme formed.
Claims (10)
1. the business recognition method in asymmetric routed environment, is characterized in that, described method comprises:
Receive the user access logs that DPI (deep-packet detection) equipment is uploaded;
Converge respectively and mate the described user access logs of same period;
Effective traffic is extracted to obtain final recognition result according to the user access logs of coupling;
Wherein, described DPI equipment is arranged in the backbone links of user terminal access the Internet, and some described DPI equipment covers described backbone links jointly;
Described user access logs obtains request message that user terminal sends or the back message that server returns by described DPI equipment, and carries out traffic identification according to described request message or back message and generated.
2. business recognition method according to claim 1, is characterized in that, described user access logs comprises the five-tuple of server described in described user terminal access.
3. business recognition method according to claim 2, is characterized in that, described converge respectively and mate the described user access logs of same period comprise:
Converge the user access logs with the period;
Mate the user access logs of request message corresponding according to same five-tuple respectively and back message generation.
4. business recognition method according to claim 1, is characterized in that, the described user access logs according to coupling extracts effective traffic and comprises to obtain final recognition result:
User access logs according to coupling extracts effective traffic;
Obtain the priority of the effective traffic extracted;
In user access logs individual event of extracting or multinomial effective traffic of each group coupling, the effective traffic getting priority the highest is final recognition result.
5. the business recognition method according to any one of claim 1-4, is characterized in that, the described user access logs according to coupling extracts effective traffic and also comprises after obtaining final recognition result:
User journal is generated according to described final recognition result.
6. the business identifying system in asymmetric routed environment, is characterized in that, described system comprises:
DPI (deep-packet detection) equipment, be arranged in the backbone links of user terminal access the Internet, for covering the back message that described backbone links returns with the request message or server that obtain user terminal transmission, and carry out traffic identification according to described request message or back message, result according to described traffic identification generates user access logs, uploads described user access logs;
Data Analysis Platform, for receiving the user access logs that described DPI equipment is uploaded, converging and mating the described user access logs of same period, extracting effective traffic to obtain final recognition result according to the user access logs of coupling.
7. business identifying system according to claim 6, is characterized in that, described user access logs comprises the five-tuple of server described in described user terminal access.
8. business identifying system according to claim 7, is characterized in that, described coupling comprises with the described user access logs of period: the user access logs mating request message corresponding according to same five-tuple respectively and back message generation.
9. business identifying system according to claim 6, it is characterized in that, described Data Analysis Platform also for obtaining the priority of extracted effective traffic, and gets user access logs individual event of extracting of each group coupling or the highest effective traffic of multinomial effective traffic medium priority is final recognition result.
10. the business identifying system according to any one of claim 6-9, is characterized in that, described Data Analysis Platform is also for generating user journal according to described final recognition result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510945648.0A CN105530144B (en) | 2015-12-16 | 2015-12-16 | Business recognition method and system in asymmetric routed environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510945648.0A CN105530144B (en) | 2015-12-16 | 2015-12-16 | Business recognition method and system in asymmetric routed environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105530144A true CN105530144A (en) | 2016-04-27 |
| CN105530144B CN105530144B (en) | 2017-07-28 |
Family
ID=55772147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510945648.0A Active CN105530144B (en) | 2015-12-16 | 2015-12-16 | Business recognition method and system in asymmetric routed environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105530144B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106941517A (en) * | 2017-02-10 | 2017-07-11 | 北京浩瀚深度信息技术股份有限公司 | Five-tuple ticket synthetic method and device under a kind of asymmetric condition |
| CN108206788A (en) * | 2016-12-16 | 2018-06-26 | ***通信有限公司研究院 | The business recognition method and relevant device of a kind of flow |
| CN110166359A (en) * | 2019-05-27 | 2019-08-23 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442541A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | Method for recognizing P2P application encipher flux |
| CN101771627A (en) * | 2009-01-05 | 2010-07-07 | 武汉烽火网络有限责任公司 | Equipment and method for analyzing and controlling node real-time deep packet on internet |
| US20120240234A1 (en) * | 2011-03-17 | 2012-09-20 | Cybernet Systems Corporation | Usb firewall apparatus and method |
| CN103036789A (en) * | 2012-12-18 | 2013-04-10 | 北京星网锐捷网络技术有限公司 | Message sending method, message sending device and network output equipment |
-
2015
- 2015-12-16 CN CN201510945648.0A patent/CN105530144B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442541A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | Method for recognizing P2P application encipher flux |
| CN101771627A (en) * | 2009-01-05 | 2010-07-07 | 武汉烽火网络有限责任公司 | Equipment and method for analyzing and controlling node real-time deep packet on internet |
| US20120240234A1 (en) * | 2011-03-17 | 2012-09-20 | Cybernet Systems Corporation | Usb firewall apparatus and method |
| CN103036789A (en) * | 2012-12-18 | 2013-04-10 | 北京星网锐捷网络技术有限公司 | Message sending method, message sending device and network output equipment |
Non-Patent Citations (1)
| Title |
|---|
| 王超等: "IP 骨干网络流量控制***分析及方案部署", 《山东科技大学学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108206788A (en) * | 2016-12-16 | 2018-06-26 | ***通信有限公司研究院 | The business recognition method and relevant device of a kind of flow |
| CN108206788B (en) * | 2016-12-16 | 2021-07-06 | ***通信有限公司研究院 | Traffic service identification method and related equipment |
| CN106941517A (en) * | 2017-02-10 | 2017-07-11 | 北京浩瀚深度信息技术股份有限公司 | Five-tuple ticket synthetic method and device under a kind of asymmetric condition |
| CN110166359A (en) * | 2019-05-27 | 2019-08-23 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
| CN110166359B (en) * | 2019-05-27 | 2022-02-25 | 新华三信息安全技术有限公司 | Message forwarding method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105530144B (en) | 2017-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9185014B2 (en) | Real-time adaptive processing of network data packets for analysis | |
| CN111211980B (en) | Transmission link management method, transmission link management device, electronic equipment and storage medium | |
| CN103297270A (en) | Application type recognition method and network equipment | |
| CN109314662A (en) | Data transmission method and device | |
| CN104320304A (en) | Multimode integration core network user traffic application identification method easy to expand | |
| TW201618497A (en) | Estimating bandwidth in a network | |
| CN110519009B (en) | Data packet transmission method and device | |
| CN111222019B (en) | Feature extraction method and device | |
| CN105530144A (en) | Service identifying method and system in asymmetrical routing environment | |
| CN111771359A (en) | Method and system for connecting communication networks | |
| CN106535240A (en) | Mobile APP centralized performance analysis method based on cloud platform | |
| Plonka et al. | Assessing performance of Internet services on IPv6 | |
| KR101684456B1 (en) | System and providing method for network inspection saving packet | |
| CN103036789B (en) | File transmitting method, device and network gateway devices | |
| CN107819596A (en) | Diagnostic method, the apparatus and system of SDN failure | |
| CN115242760B (en) | SFU system and method based on WebRTC | |
| CN103701626A (en) | Method and equipment for acquiring bandwidth information | |
| US20220191120A1 (en) | Traffic flow trace in a network | |
| CN105049345A (en) | Method and system for fusing BGP route traffic data | |
| CN115378881A (en) | Federal learning-based home router data flow identification method and identification framework | |
| CN116781540A (en) | Information transmission method and device and storage medium | |
| US10523795B2 (en) | Small form-factor pluggable module | |
| CN110177045B (en) | MTU value-based transmission data configuration method | |
| JP6169954B2 (en) | Service estimation apparatus and method | |
| WO2020221779A1 (en) | Methods and devices for measuring reputation in a communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 218, 2nd Floor, Building A, No. 119 West Fourth Ring North Road, Haidian District, Beijing, 100000 Patentee after: HAOHAN DATA TECHNOLOGY CO.,LTD. Address before: 100142 No. 14, No. 45, North dewa Road, Haidian District, Beijing, 102 Patentee before: HAOHAN DATA TECHNOLOGY CO.,LTD. |