CN106487633B - method and device for monitoring abnormity of virtual machine - Google Patents
method and device for monitoring abnormity of virtual machine Download PDFInfo
- Publication number
- CN106487633B CN106487633B CN201610889136.1A CN201610889136A CN106487633B CN 106487633 B CN106487633 B CN 106487633B CN 201610889136 A CN201610889136 A CN 201610889136A CN 106487633 B CN106487633 B CN 106487633B
- Authority
- CN
- China
- Prior art keywords
- identifier
- virtual machine
- physical server
- virtual
- mapping relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0681—Configuration of triggering conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/26—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using dedicated tools for LAN [Local Area Network] management
Abstract
The embodiment of the invention relates to the technical field of communication, in particular to a method and a device for monitoring virtual machine abnormity, which are used for accurately identifying abnormal virtual machines. The method is applicable to a network system comprising at least one physical server, each physical server comprising at least one virtual machine thereon, and comprises, for each physical server: acquiring a first mapping relation from a physical server; acquiring a second mapping relation from the cloud computing management platform; and determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation. Compared with the mode of detecting the virtual machine abnormity only according to the state of the virtual machine recorded on the cloud computing management platform in the prior art, the method provided by the embodiment of the invention can accurately detect the abnormal virtual machine on the physical server.
Description
Technical Field
The embodiment of the invention relates to the field of communication, in particular to a method and a device for monitoring virtual machine abnormity.
background
With the rise of cloud computing, cloud services are beginning to get more and more practical applications in enterprises. The cloud Service presents a stack structure, and sequentially comprises, from top to bottom, application Service (SaaS), Platform Service (PaaS), and Infrastructure Service (IaaS). OpenStack is used as an IaaS component to provide a solution for cloud computing infrastructure services, for example, an enterprise private cloud operating system adopting OpenStack, data of the operating system may be distributed on hundreds of interconnected computers, storage devices, and other physical machines, when the operating system receives an instruction of a user to create a subnet or a Virtual Machine (VM), the OpenStack issues the instruction to the physical Machine and updates a corresponding record, and a Virtual Machine manager (hypervisor) on the physical Machine completes an operation of creating the Virtual Machine on the physical Machine and feeds back a creation result to the OpenStack. However, if the physical machine does not receive any instruction issued by OpenStack, any operation directly performed on the physical machine is not fed back to OpenStack. If the physical machine is subjected to an external attack to cause an abnormal condition of the Virtual machine, for example, the Virtual machine is illegally created or deleted on the physical machine, a Virtual Local Area Network (VLAN) tag of an existing normal Virtual machine is tampered, or one or more Virtual machines are moved to another Network by tampering a corresponding relationship between the VLAN and a Virtual Extensible Local Area Network (VxLAN) on the physical server, and the OpenStack cannot sense the abnormality of the Virtual machine, so that potential safety hazards are caused, such as data loss, occupation of operation resources, and the like. Normally, a log file analysis mode is adopted to detect an abnormal entity, and the abnormal virtual machine caused by external attack on a physical machine is not fed back to the OpenStack, so that the log file on the OpenStack is not recorded, and whether the abnormal virtual machine exists or not cannot be accurately detected.
In a computer network, each subnet can be divided into a plurality of different VLANs, one VLAN is a broadcast domain, and the different broadcast domains are isolated from each other. In the prior art, a PING whole subnet manner is adopted to detect an abnormal entity in a network, as shown in fig. 1, a subnet 100 with an IP of 192.168.1.0/24 has a physical machine 101, a virtual machine 104, a virtual machine 105, a virtual machine 106, a virtual machine 107, and the like are created on the physical machine 101, the virtual machine 104 and the virtual machine 105 are placed in a first virtual lan 102, and the virtual machine 106 and the virtual machine 107 are placed in a second virtual lan 103. At least one switch in the subnet 100 is used for executing PING command, if the switch is in the virtual lan 102, the switch sends ARP request to the virtual machine 104 and the virtual machine 105 to obtain MAC address of the virtual machine 104 and the virtual machine 105; since the first vlan 102 and the second vlan 103 are isolated from each other, and the virtual machines 106 and 107 in the second vlan 103 do not receive the ARP request, the OpenStack cannot detect an abnormal virtual machine in the second vlan 103. Therefore, the method in the prior art cannot accurately identify the abnormal virtual machine.
Disclosure of Invention
The embodiment of the invention provides a method and a device for monitoring virtual machine abnormity, which are used for accurately identifying abnormal virtual machines.
The embodiment of the invention provides a method for monitoring virtual machine abnormity, which is suitable for a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine, and aiming at each physical server, the method comprises the following steps:
Acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; and determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of a virtual local area network to which the virtual machine belongs; the second mapping relation also comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the virtual local area network to which the virtual machine belongs;
obtaining a first mapping relationship from a physical server, comprising: collecting port identification of a physical server; determining the identifier of the virtual local area network included by the physical server according to the identifier of the virtual local area network corresponding to the determined port identifier of the physical server; acquiring a virtual machine manager data table in a physical server; the virtual machine manager data table comprises a mapping relation between an identifier of a virtual machine established in a network system and an identifier of a virtual local area network to which the virtual machine belongs; determining an established virtual machine identifier corresponding to the virtual local area network identifier included in the physical server from a virtual machine manager data table according to the virtual local area network identifier included in the physical server, and obtaining a mapping relation between the established virtual machine identifier on the physical server and the physical server identifier; and obtaining a first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of the virtual extensible local area network; the second mapping relation also comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network;
obtaining a first mapping relation according to a mapping relation between an identifier of an established virtual machine on a physical server and the physical server and an identifier of the established virtual machine corresponding to an identifier of a virtual local area network included in the physical server, the first mapping relation including: acquiring a flow rule configuration table of a virtual switch in a physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between an identifier of a virtual local area network and an identifier of a virtual extensible local area network, wherein the identifier of the virtual local area network is included in a physical server; determining a mapping relation between the identification of the established virtual machine on the physical server and the identification of the virtual extensible local area network according to the identification of the established virtual machine corresponding to the identification of the virtual local area network included in the determined physical server and a flow rule configuration table of the virtual switch; and obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the physical server, the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server, and the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the virtual extensible local area network.
Optionally, determining that the first mapping relationship is different from the second mapping relationship includes: when the fact that at least one virtual machine identifier meets any one or more of the following preset conditions is determined, the first mapping relation is determined to be different from the second mapping relation; wherein the preset conditions include: the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation; the virtual machine identifier exists in the first mapping relation and the second mapping relation, and the virtual machine identifier is different from the physical server identifier corresponding to the first mapping relation.
Optionally, before obtaining the first mapping relationship from the physical server, the method further includes: monitoring a virtual machine on a physical server in a network system, and determining that the virtual machine on the physical server changes; wherein the virtual machine change comprises any one or more of the following: the method comprises the steps of creating and deleting a virtual machine, changing the identifier of a virtual local area network corresponding to the virtual machine, changing the identifier of a virtual extensible local area network corresponding to the virtual machine, and changing the identifier of a physical server corresponding to the virtual machine.
The embodiment of the invention provides a device for monitoring the abnormity of a virtual machine, which is suitable for a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine; the device includes: an acquisition unit and a processing unit; wherein:
the acquisition unit is used for acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform;
and the processing unit is used for determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of a virtual local area network to which the virtual machine belongs; the second mapping relationship also includes a mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the virtual local area network to which the virtual machine belongs.
An acquisition unit configured to: collecting port identification of a physical server; acquiring a virtual machine manager data table in a physical server; the virtual machine manager data table comprises a mapping relation between the identification of the virtual machine established in the network system and the identification of the virtual local area network to which the virtual machine belongs.
a processing unit to: determining the identifier of the virtual local area network included by the physical server according to the identifier of the virtual local area network corresponding to the determined port identifier of the physical server; determining an established virtual machine identifier corresponding to the virtual local area network identifier included in the physical server from a virtual machine manager data table according to the virtual local area network identifier included in the physical server, and obtaining a mapping relation between the established virtual machine identifier on the physical server and the physical server identifier; and obtaining a first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of the virtual extensible local area network; the second mapping relation also comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network; an acquisition unit configured to: acquiring a flow rule configuration table of a virtual switch in a physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between the identifier of the virtual local area network and the identifier of the virtual extensible local area network, wherein the mapping relation is included in the physical server.
A processing unit to: determining a mapping relation between the identification of the established virtual machine on the physical server and the identification of the virtual extensible local area network according to the identification of the established virtual machine corresponding to the identification of the virtual local area network included in the determined physical server and a flow rule configuration table of the virtual switch; and obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the physical server, the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server, and the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the virtual extensible local area network.
optionally, a processing unit for: when the fact that at least one virtual machine identifier meets any one or more of the following preset conditions is determined, the first mapping relation is determined to be different from the second mapping relation; wherein the preset conditions include: the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation; the virtual machine identifier exists in the first mapping relation and the second mapping relation, and the virtual machine identifier is different from the physical server identifier corresponding to the first mapping relation.
optionally, the apparatus further comprises a monitoring unit;
A monitoring unit for: monitoring a virtual machine on a physical server in a network system, and determining that the virtual machine on the physical server changes through a processing unit; wherein the virtual machine change comprises any one or more of the following: the method comprises the steps of creating and deleting a virtual machine, changing the identifier of a virtual local area network corresponding to the virtual machine, changing the identifier of a virtual extensible local area network corresponding to the virtual machine, and changing the identifier of a physical server corresponding to the virtual machine.
the embodiment of the invention provides a method for monitoring virtual machine abnormity, which is suitable for a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine, and aiming at each physical server, the method comprises the following steps: acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; and determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation. Compared with the mode that the virtual machine abnormity is detected only according to the state of the virtual machine recorded on the cloud computing management platform in the prior art, the method can accurately detect the abnormal virtual machine on the physical server.
drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that are required to be used in the description of the embodiments will be briefly described below.
FIG. 1 is a diagram illustrating a prior art network architecture;
fig. 2 is a schematic diagram of a system architecture for monitoring virtual machine exceptions according to an embodiment of the present invention;
Fig. 3 is a schematic flowchart of a method for monitoring an exception of a virtual machine according to an embodiment of the present invention;
fig. 3a is a schematic flowchart of a method for monitoring an exception in another virtual machine according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for monitoring virtual machine exception according to an embodiment of the present invention.
Detailed Description
in order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 2 is a schematic diagram illustrating an architecture of a system for monitoring virtual machine anomalies, where the system includes a network system including at least one physical server, each physical server includes at least one virtual machine, and each virtual machine is connected to a port on the physical server, and as shown in fig. 2, the system architecture includes a first physical server 2100, a virtual local area network 2140, a virtual local area network 2150, a second physical server 2200, a virtual local area network 2240, a virtual local area network 2250, a virtual extensible local area network 2300, and an apparatus 2400 for monitoring virtual machine anomalies, where the apparatus is applicable to an embodiment of the present invention; alternatively, the device 2400 for monitoring for virtual machine abnormality may connect each physical server.
The first physical server 2100 comprises a port 2110, a port 2120 and a hypervisor 2130; port 2110 on first physical server 2100 is connected to virtual machine 2111, virtual machine 2112 and virtual machine 2113, and port 2120 is connected to virtual machine 2121 and virtual machine 2122; port 2110 is in vlan 2140 and port 2120 is in vlan 2150; hypervisor2130 is used to perform operations to create a virtual machine on physical server one 2100.
physical server two 2200 includes port 2210, port 2220 and hypervisor 2230; a port 2210 on the second physical server 2200 is connected with the virtual machine 2211, and a port 2220 is connected with the virtual machine 2221 and the virtual machine 2222; port 2210 is in vlan 2240 and port 2220 is in vlan 2250; hypervisor2230 is used to perform operations to create a virtual machine on physical server two 2200.
the port 2120 on the first physical server 2100 and the port 2210 on the second physical server 2200, including the port, are in the virtual extensible local area network 2300.
Fig. 3 exemplarily shows a flowchart of a method for monitoring a virtual machine exception according to an embodiment of the present invention.
based on the system architecture shown in fig. 2, as shown in fig. 3, a method for monitoring virtual machine anomalies provided in an embodiment of the present invention is applicable to a network system including at least one physical server, where each physical server includes at least one virtual machine, and for each physical server, the method includes the following steps:
Step S3001: the method comprises the steps that a device for monitoring the abnormity of the virtual machine obtains a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server;
Step S3002: the device for monitoring the abnormity of the virtual machine acquires a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform;
step S3003: and the device for monitoring the virtual machine abnormity determines that the virtual machine is abnormal when the first mapping relation is determined to be different from the second mapping relation.
In the embodiment of the invention, the first mapping relation obtained from the physical server comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server; the second mapping relation obtained from the cloud computing management platform comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; comparing the first mapping relation with the second mapping relation, if the comparison result is different, determining that the virtual machine is abnormal, and compared with a mode in the prior art that the virtual machine is detected to be abnormal only according to the state of the virtual machine recorded on the cloud computing management platform, the method provided by the scheme can accurately detect the abnormal virtual machine on the physical server.
Optionally, there may be multiple management systems of the cloud computing management platform, and an embodiment of the present invention provides an optional management system OpenStack; when the cloud computing management platform issues an instruction for creating the virtual machine to the physical server through the management system, corresponding records are updated in the management system, the physical server receives the instruction for creating the virtual machine and completes operation for creating the virtual machine on the physical server through the hypervisor on the physical server, the hypervisor feeds back a creation result to the management system, and the management system records the mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine issued by the management system to the physical server and the identifier of the physical server. However, OpenStack only performs a process of issuing an instruction from top to bottom and feeding back an execution result of the instruction from bottom to top, and any operation performed without receiving the instruction issued by OpenStack on the physical server is not fed back to OpenStack. In an OpenStack environment, behaviors such as adding and deleting virtual machines or subnets are finally completed by calling related components through interfaces to perform specific operations on a physical layer, and the operations do not have corresponding log records, so that the traditional method relying on log analysis has great carelessness in the OpenStack environment.
optionally, the identification of the virtual machine established on the physical server includes: the management system issues an identifier of a virtual machine corresponding to the instruction for creating the virtual machine, an identifier of a virtual machine created by the physical server under external attack, and the like to the physical server.
for example, the cloud computing management platform issues an instruction for creating a virtual machine to the first physical server through the management system, and creates three virtual machines, namely a first virtual machine, a second virtual machine, and a third virtual machine, on the first physical server through the hypervisor, where the identifiers of the three virtual machines are: VM1, VM2, VM3, and the identifications of the virtual machines recorded by the cloud computing management platform are VM1, VM2 and VM 3; identification of physical server one is PC 1; if the physical server is attacked from the outside, two virtual machines are created on the physical machine through hypervisor, wherein the virtual machines are respectively a virtual machine four and a virtual machine five, and the identifications of the virtual machines are respectively VM4 and VM 5; the physical server is subjected to two virtual machines created by external attack, and the virtual machine four and the virtual machine five are not fed back to the cloud computing management platform, so that the records are not recorded on the cloud computing management platform. The first mapping relation obtained from the physical server comprises mapping relations of the VM1, the VM2, the VM3, the VM4, the VM5 and the PC 1; the second mapping relation acquired from the cloud computing management platform comprises the mapping relations of the VM1, the VM2, the VM3 and the PC 1; the first mapping relationship is different from the second mapping relationship, and therefore, it is possible to determine that the virtual machine is abnormal. Therefore, the method provided by the embodiment of the invention can detect the identifier of the virtual machine automatically created on the physical server and the identifier of the virtual machine created by the physical server under external attack according to the identifier of the virtual machine established on the physical server and the identifier of the virtual machine corresponding to the instruction for creating the virtual machine issued to the physical server by the management system, thereby detecting whether the virtual machine is added or deleted on the physical server.
optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of a VLAN to which the virtual machine belongs; the second mapping relation also comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the VLAN to which the virtual machine belongs; obtaining a first mapping relationship from a physical server, comprising: collecting port identification of a physical server; determining VLAN identifications included by the physical server according to the determined VLAN identifications corresponding to the port identifications of the physical server; acquiring a hypervisor data table in a physical server; the hypervisor data table comprises a mapping relation between an identifier of a virtual machine established in a network system and an identifier of a VLAN to which the virtual machine belongs; determining the identifier of the established virtual machine corresponding to the identifier of the VLAN included in the physical server from the hypervisor data table according to the identifier of the VLAN included in the physical server, and obtaining the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the physical server; and obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the VLAN in the physical server.
for example, the first physical server has two ports, i.e., a first port and a second port, the first port is connected to the first virtual machine, the second virtual machine and the third virtual machine, the second port is connected to the fourth virtual machine and the fifth virtual machine, the first port is located in the middle, and the second port is located in the second virtual local area network. The collected Port I identification and Port II identification are Port1 and Port2 respectively; and determining the identifications of the VLAN included in the first physical server as VLAN1 and VLAN2 according to the identification VLAN1 of the first virtual local area network corresponding to Port1, Port2 and Port1 and the identification VLAN2 of the second virtual local area network corresponding to Port 2.
Optionally, the virtual machine manager data table creates a corresponding record of the virtual machine on the physical server for the virtual machine manager, and the virtual machine manager data table includes a mapping relationship between an identifier of the virtual local area network and identifiers of the virtual machine, VM1, VM2, VM3, VM4, and VM5, where VLAN1 corresponds to VM1, VM2, and VM3, and VLAN2 corresponds to VM4 and VM 5; identification of physical server one is PC 1; according to the above relationship, a first mapping relationship can be obtained: PC1 corresponds to VLAN1 and VLAN2, VLAN1 corresponds to VM1, VM2, VM3, and VLAN2 corresponds to VM4, VM 5.
Optionally, one physical server is a computing node, and in the embodiment of the present invention, the port information is collected from the computing node, and then mapping query is performed through the virtual machine manager data table, so as to obtain a correspondence between a virtual local area network on a single computing node and an identifier of a virtual machine, thereby obtaining a first mapping relationship. If the situation that the existing normal virtual machine belongs to the virtual local area network is tampered occurs, the existing technology cannot detect the abnormality of the virtual machine under the situation. The embodiment of the invention detects whether the virtual local area network to which the virtual machine belongs is tampered or not through the comparison result between the first mapping relation and the second mapping relation, and if the comparison result is different, the virtual machine on a single computing node is determined to be abnormal.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of an established virtual machine on the physical server and an identifier of the VxLAN; the second mapping relation also comprises a mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the VxLAN; obtaining a first mapping relation according to a mapping relation between an identifier of an established virtual machine on a physical server and the physical server and an identifier of the established virtual machine corresponding to an identifier of a VLAN included in the physical server, wherein the first mapping relation comprises the following steps: acquiring a flow rule configuration table of a virtual switch in a physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between an identifier of a VLAN (virtual local area network) and an identifier of a VxLAN (virtual local area network) in a physical server; determining a mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the VxLAN according to the identifier of the virtual machine established corresponding to the identifier of the VLAN included in the determined physical server and a flow rule configuration table of the virtual switch; and obtaining the first mapping relation according to the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server, the identifier of the virtual machine established corresponding to the identifier of the VLAN included in the physical server, and the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the VxLAN.
optionally, each physical server includes at least one virtual switch, for example, the virtual switch is an Open VSwitch, and the flow rule configuration table recorded on the virtual switch includes a mapping relationship between an identifier of a virtual local area network included in the physical server and an identifier of a virtual extensible local area network. For example, there are two physical servers, which are a physical server i and a physical server ii respectively; the physical server I is provided with two ports, namely a port I and a port II; the first port is connected with a first virtual machine, a second virtual machine and a third virtual machine which are positioned in a first virtual local area network; the port two is connected with the virtual machine four and the virtual machine five, and the port two is positioned in the virtual local area network two; the physical server II is provided with two ports, namely a port III and a port IV; the third port is connected with a sixth virtual machine and a seventh virtual machine, and the third port is positioned in a third virtual local area network; the port four is connected with the virtual machine eight, and the port four is positioned in the virtual local area network four; a first port of the physical server I and a third port of the physical server II are positioned in the virtual extensible local area network I; and a second port of the first physical server and a fourth port of the second physical server are positioned in the second virtual extensible local area network.
The flow rule configuration table of the virtual switch on the first physical server comprises a mapping relation between an identifier VLAN1 of the first virtual local area network and an identifier VxLAN1 of the first virtual extensible local area network, and a mapping relation between an identifier VLAN2 of the second virtual local area network and an identifier VxLAN2 of the second virtual extensible local area network; the flow rule configuration table of the virtual switch on the second physical server includes a mapping relationship between the identifier VLAN3 of the virtual local area network three and the identifier VxLAN1 of the virtual extensible local area network one, and a mapping relationship between the identifier VLAN4 of the virtual local area network four and the identifier VxLAN2 of the virtual extensible local area network two.
The mapping relationship between the identifier PC1 of the first physical server, the identifier PC1 of the first physical server and the identifier VM1 of the first virtual machine, the identifier VM2 of the second virtual machine, the identifier VM3 of the third virtual machine, the identifier VM4 of the fourth virtual machine, and the identifier VM5 of the fifth virtual machine, which are established on the first physical server, is as follows: PC1 corresponds to VM1, VM2, VM3, VM4, VM 5; the identifier VM1 of the first virtual machine, the identifier VM2 of the second virtual machine, and the identifier VM3 of the third virtual machine correspond to the identifier VLAN1 of the first virtual local area network included in the first physical server. The identifier VM4 of virtual machine four and the identifier VM5 of virtual machine five correspond to the identifier VLAN2 of virtual local area network two included in the physical server one.
the identifier of the second physical server is PC2, and the mapping relationship between the identifier PC2 of the second physical server and the identifier VM6 of the sixth virtual machine, the identifier VM7 of the seventh virtual machine, and the identifier VM8 of the eighth virtual machine established on the second physical server is as follows: PC2 corresponds to VM6, VM7, VM 8; the identifier VM6 of virtual machine six and the identifier VM7 of virtual machine seven correspond to the identifier VLAN3 of virtual lan three included in the physical server two. And the identifier VM8 of the virtual machine eight corresponding to the identifier VLAN4 of the virtual local area network four included in the physical server two.
according to the relationship, a first mapping relationship can be obtained as follows: PC1 corresponds to VLAN1 and VLAN2, VLAN1 corresponds to VM1, VM2, VM3, VLAN2 corresponds to VM4, VM 5; PC2 corresponds to VLAN3 and VLAN4, VLAN3 corresponds to VM6 and VM7, and VLAN4 corresponds to VM 8; VxLAN1 corresponds to VLAN1 and VLAN3, and VxLAN2 corresponds to VLAN2 and VLAN 4. Thus, according to the mapping relationship between the virtual local area network identifier and the virtual extensible local area network identifier on a single physical server, the mapping relationship between the virtual local area network identifier and the virtual extensible local area network identifier on all the physical servers in the network system can be obtained. If the corresponding relation between the identifier of the virtual local area network on the physical server and the virtual extensible local area network is tampered, the prior art cannot detect the abnormality of the virtual machine under the condition; the embodiment of the invention detects the abnormity of the virtual machine through the mapping relation among the identifiers of the established virtual machines on all the physical servers in the network system, the identifiers of the virtual local area networks and the identifiers of the virtual extensible local area networks in the physical servers.
optionally, determining that the first mapping relationship is different from the second mapping relationship includes: and when the identification of at least one virtual machine is determined to meet any one or more of the following preset conditions, determining that the first mapping relation is different from the second mapping relation. The preset conditions comprise the following four conditions:
the first condition is as follows: the identification of the virtual machine exists only in the first mapping relationship or only in the second mapping relationship. For example, a first virtual machine, a second virtual machine, and a third virtual machine are created in the first physical server, and the identifier of the first virtual machine, the identifier of the second virtual machine, and the identifier of the third virtual machine are respectively VM1, VM2, and VM 3; the virtual machines included in the first mapping relationship are identified as VM1, VM2, VM3, and the virtual machines included in the second mapping relationship are identified as VM1, VM2, wherein VM3 exists only in the first mapping relationship, so that virtual machine three is illegally created in physical server one, and the virtual machines are determined to be abnormal.
And a second condition: the identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the VLAN corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the VLAN corresponding to the identifier of the virtual machine in the second mapping relation. For example, a first virtual machine, a second virtual machine and a third virtual machine are created in the first physical server, and the identifiers of the first virtual machine, the second virtual machine and the third virtual machine are respectively VM1, VM2 and VM 3; the first virtual machine and the second virtual machine are positioned in the first virtual local area network, and the third virtual machine is positioned in the second virtual local area network; the identifier VM1 of the first virtual machine and the identifier VM2 of the second virtual machine in the first mapping relationship correspond to the identifier VLAN1 of the first virtual local area network, and the identifier VM3 of the third virtual machine corresponds to the identifier VLAN2 of the second virtual local area network; the identifier VM1 of the first virtual machine in the second mapping relationship corresponds to the identifier VLAN1 of the first virtual local area network, the identifier VM2 of the second virtual machine and the identifier VM3 of the third virtual machine correspond to the identifier VLAN2 of the second virtual local area network; therefore, the identifier VLAN1 of the virtual local area network corresponding to the identifier VM2 of the second virtual machine on the first physical server is different from the identifier VLAN2 of the virtual local area network corresponding to the identifier VM2 of the second virtual machine recorded in the cloud computing management platform, and it is determined that the second virtual machine is abnormal.
and (3) carrying out a third condition: the virtual machine identifier exists in the first mapping relation and the second mapping relation, and the VxLAN identifier corresponding to the virtual machine identifier in the first mapping relation is different from the VxLAN identifier corresponding to the virtual machine identifier in the second mapping relation. For example, a first virtual machine, a second virtual machine and a third virtual machine are created in the first physical server, and the identifiers of the first virtual machine, the second virtual machine and the third virtual machine are respectively VM1, VM2 and VM 3; the first virtual machine and the second virtual machine are positioned in the first virtual extensible local area network, and the third virtual machine is positioned in the second virtual extensible local area network; the identifier VM1 of the first virtual machine and the identifier VM2 of the second virtual machine in the first mapping relation correspond to a first VxLAN1 of the virtual extensible local area network, and the identifier VM3 of the third virtual machine corresponds to a second VxLAN2 of the virtual extensible local area network; the identifier VM1 of the first virtual machine in the second mapping relation corresponds to a first virtual extensible local area network VxLAN1, the identifier VM2 of the second virtual machine and the identifier VM3 of the third virtual machine correspond to a second virtual extensible local area network VxLAN 2; therefore, the identifier VxLAN1 of the virtual extensible local area network corresponding to the identifier VM2 of the second virtual machine on the first physical server is different from the identifier VxLAN2 of the virtual extensible local area network corresponding to the identifier VM2 of the second virtual machine recorded in the cloud computing management platform, and it is determined that the second virtual machine is abnormal.
And a fourth condition: the virtual machine identifier exists in the first mapping relation and the second mapping relation, and the virtual machine identifier is different from the physical server identifier corresponding to the first mapping relation. For example, a network system includes two physical servers, namely a physical server i and a physical server ii, a virtual machine i and a virtual machine ii are created in the physical server i, and the identifier of the virtual machine i and the identifier of the virtual machine ii are respectively VM1 and VM 2; a third virtual machine is created in the second physical server, and the identifier VM3 of the third virtual machine is created; in the first mapping relationship, the identifier VM1 of the first virtual machine and the identifier VM2 of the second virtual machine correspond to the identifier PC1 of the first physical server, and the identifier VM3 of the third virtual machine corresponds to the identifier PC2 of the second physical server; the identifier VM1 of the first virtual machine in the second mapping relationship corresponds to the identifier PC1 of the first physical server, the identifier VM2 of the second virtual machine and the identifier VM3 of the third virtual machine correspond to the identifier PC2 of the second physical server; therefore, the identifier of the second virtual machine is different between the identifiers of the physical servers corresponding to the first mapping relation and the second mapping relation, and the second virtual machine is determined to be abnormal.
And judging whether the first mapping relation is the same as the second mapping relation or not according to the four preset conditions, so that the abnormal condition of the virtual machine possibly occurring on the cloud platform can be comprehensively detected.
optionally, before obtaining the first mapping relationship from the physical server, the method further includes: monitoring a virtual machine on a physical server in a network system, and determining that the virtual machine on the physical server changes; wherein the virtual machine change comprises any one or more of the following: creation and deletion of a virtual machine, change of an identifier of a VLAN corresponding to the virtual machine, change of an identifier of a VxLAN corresponding to the virtual machine, and change of an identifier of a physical server corresponding to the virtual machine.
In the embodiment of the invention, an event trigger mechanism is adopted to monitor the virtual machine on the physical server in the network system, and subsequent operations, such as acquiring the port identifier of the physical server and acquiring a flow rule configuration table of a virtual switch in the physical server, can be started only when the change of the virtual machine is monitored. Therefore, the device for monitoring the abnormity of the virtual machine does not need to collect all information in the whole network every time, and only collects the changed information when the virtual machine is changed, thereby avoiding the calculation cost and the network cost. Meanwhile, the device for monitoring the virtual machine abnormity reads some data from the outside of the original OpenStack system without intervening in the OpenStack management system, so that the device is a non-invasive method and cannot influence the original cloud management system and process.
in order to more clearly describe the above method flow, the following examples are provided in the embodiments of the present invention.
Fig. 3a exemplarily shows a flowchart of another monitoring method for virtual machine exception according to an embodiment of the present invention, based on the system architecture shown in fig. 2, as shown in fig. 3a, the method includes the following steps:
Step S3101: the device for monitoring the abnormity of the virtual machine monitors the virtual machine on a physical server in the network system;
Step S3102: the device for monitoring the virtual machine abnormity determines whether the virtual machine on the physical server is changed; if yes, go to step S3103; if not, go to step S3114;
step S3103: the method comprises the steps that a device for monitoring the abnormity of the virtual machine collects port identification of a physical server;
Step S3104: the device for monitoring the virtual machine abnormity determines the identifier of the virtual local area network included by the physical server according to the identifier of the virtual local area network corresponding to the determined port identifier of the physical server;
step S3105: the method comprises the steps that a device for monitoring virtual machine abnormity obtains a virtual machine manager data table in a physical server;
Step S3106: the device for monitoring the virtual machine abnormity determines the established virtual machine identifier corresponding to the virtual local area network identifier in the physical server from the virtual machine manager data table according to the virtual local area network identifier in the physical server, and obtains the mapping relation between the established virtual machine identifier on the physical server and the physical server identifier;
Step S3107: the method comprises the steps that a device for monitoring virtual machine abnormity obtains a flow rule configuration table of a virtual switch in a physical server;
Step S3108: the device for monitoring the virtual machine abnormity determines the mapping relation between the identification of the virtual machine established on the physical server and the identification of the virtual extensible local area network according to the identification of the established virtual machine corresponding to the identification of the virtual local area network included in the determined physical server and a flow rule configuration table of the virtual switch;
step S3109: the device for monitoring the virtual machine abnormity obtains a first mapping relation according to the mapping relation between the identification of the virtual machine established on the physical server and the identification of the physical server, the identification of the established virtual machine corresponding to the identification of the virtual local area network included in the physical server, and the mapping relation between the identification of the virtual machine established on the physical server and the identification of the virtual extensible local area network.
step S3110: the device for monitoring the abnormity of the virtual machine acquires a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform;
step S3111: the method comprises the steps that a device for monitoring virtual machine abnormity determines whether at least one virtual machine has an identifier meeting any one or more of preset conditions; if yes, go to step S3112; if not, go to step S3114;
The preset conditions include: the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation;
The identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation;
The identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation;
The virtual machine identifier exists in the first mapping relation and the second mapping relation, and the virtual machine identifier is different from the physical server identifier corresponding to the first mapping relation.
step S3112: the device for monitoring the virtual machine abnormity determines that the first mapping relation is different from the second mapping relation;
Step S3113: the means for monitoring the virtual machine for anomalies determines that the virtual machine is anomalous.
Step S3114: the means for monitoring the virtual machine for anomalies determines that the virtual machine does not have anomalies.
from the above, it can be seen that: the embodiment of the invention provides a method for monitoring virtual machine abnormity, which is suitable for a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine, and the method comprises the following steps of: acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; and determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation. The first mapping relation obtained from the physical server comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server; the second mapping relation obtained from the cloud computing management platform comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; comparing the first mapping relation with the second mapping relation, if the comparison result is different, determining that the virtual machine is abnormal, and compared with a mode in the prior art that the virtual machine is detected to be abnormal only according to the state of the virtual machine recorded on the cloud computing management platform, the method provided by the scheme can accurately detect the abnormal virtual machine on the physical server.
Fig. 4 is a schematic structural diagram illustrating an apparatus for monitoring a virtual machine exception according to an embodiment of the present invention.
based on the same conception, the device for monitoring the virtual machine abnormity, which is provided by the embodiment of the invention, is used for executing the method flow, and is suitable for a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine; as shown in fig. 4, the apparatus 400 includes an acquisition unit 401, a processing unit 402, and a monitoring unit 403; wherein:
An obtaining unit 401, configured to obtain a first mapping relationship from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relation comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform;
and the processing unit 402 is configured to determine that the virtual machine has an exception when it is determined that the first mapping relationship is different from the second mapping relationship.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of a virtual local area network to which the virtual machine belongs; the second mapping relation also comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the virtual local area network to which the virtual machine belongs;
an obtaining unit 401, configured to: collecting port identification of a physical server; acquiring a virtual machine manager data table in a physical server; the virtual machine manager data table comprises a mapping relation between an identifier of a virtual machine established in a network system and an identifier of a virtual local area network to which the virtual machine belongs;
a processing unit 402 for: determining the identifier of the virtual local area network included by the physical server according to the identifier of the virtual local area network corresponding to the determined port identifier of the physical server; determining an established virtual machine identifier corresponding to the virtual local area network identifier included in the physical server from a virtual machine manager data table according to the virtual local area network identifier included in the physical server, and obtaining a mapping relation between the established virtual machine identifier on the physical server and the physical server identifier; and obtaining a first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server.
Optionally, the first mapping relationship further includes a mapping relationship between an identifier of the virtual machine established on the physical server and an identifier of the virtual extensible local area network; the second mapping relation also comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network;
an obtaining unit 401, configured to: acquiring a flow rule configuration table of a virtual switch in a physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between an identifier of a virtual local area network and an identifier of a virtual extensible local area network, wherein the identifier of the virtual local area network is included in a physical server;
a processing unit 402 for: determining a mapping relation between the identification of the established virtual machine on the physical server and the identification of the virtual extensible local area network according to the identification of the established virtual machine corresponding to the identification of the virtual local area network included in the determined physical server and a flow rule configuration table of the virtual switch; and obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the physical server, the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server, and the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the virtual extensible local area network.
Optionally, the processing unit 402 is configured to: when the fact that at least one virtual machine identifier meets any one or more of the following preset conditions is determined, the first mapping relation is determined to be different from the second mapping relation; wherein the preset conditions include: the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation; the identifier of the virtual machine exists in a first mapping relation and a second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation; the virtual machine identifier exists in the first mapping relation and the second mapping relation, and the virtual machine identifier is different from the physical server identifier corresponding to the first mapping relation.
Optionally, the monitoring unit 403 is configured to: monitoring the virtual machines on the physical servers in the network system, and determining that the virtual machines on the physical servers change through the processing unit 402; wherein the virtual machine change comprises any one or more of the following: the method comprises the steps of creating and deleting a virtual machine, changing the identifier of a virtual local area network corresponding to the virtual machine, changing the identifier of a virtual extensible local area network corresponding to the virtual machine, and changing the identifier of a physical server corresponding to the virtual machine.
The above can be seen: the first mapping relation obtained from the physical server comprises the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server; the second mapping relation obtained from the cloud computing management platform comprises a mapping relation between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine and the identifier of the physical server, which is issued to the physical server by the cloud computing management platform; comparing the first mapping relation with the second mapping relation, if the comparison result is different, determining that the virtual machine is abnormal, and compared with a mode in the prior art that the virtual machine is detected to be abnormal only according to the state of the virtual machine recorded on the cloud computing management platform, the method provided by the scheme can accurately detect the abnormal virtual machine on the physical server.
it should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
these computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
it will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A virtual machine abnormity monitoring method is applied to a network system comprising at least one physical server, wherein each physical server comprises at least one virtual machine, and the method comprises the following steps of:
Acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server;
Acquiring a second mapping relation from the cloud computing management platform; the second mapping relationship comprises a mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the physical server;
determining that the virtual machine is abnormal when the first mapping relation is determined to be different from the second mapping relation;
Before obtaining the first mapping relationship from the physical server, the method further includes: monitoring the virtual machine on the physical server in the network system, and determining that the virtual machine on the physical server changes; wherein the virtual machine change comprises any one or more of the following: the virtual machine is created and deleted, the identification of the virtual local area network corresponding to the virtual machine is changed, the identification of the virtual extensible local area network corresponding to the virtual machine is changed, and the identification of the physical server corresponding to the virtual machine is changed.
2. The method of claim 1, wherein the first mapping relationship further comprises a mapping relationship between an identification of an established virtual machine on the physical server and an identification of a virtual local area network to which the virtual machine belongs; the second mapping relationship also includes a mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the virtual local area network to which the virtual machine belongs;
The obtaining the first mapping relationship from the physical server includes:
Collecting port identification of the physical server;
determining the identifier of the virtual local area network included by the physical server according to the determined identifier of the virtual local area network corresponding to the port identifier of the physical server;
Acquiring a virtual machine manager data table in the physical server; the virtual machine manager data table comprises a mapping relation between an identifier of a virtual machine established in the network system and an identifier of a virtual local area network to which the virtual machine belongs;
determining an established virtual machine identifier corresponding to the virtual local area network identifier included in the physical server from the virtual machine manager data table according to the virtual local area network identifier included in the physical server, and obtaining a mapping relation between the established virtual machine identifier on the physical server and the physical server identifier;
And obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server.
3. the method of claim 2, wherein the first mapping further comprises a mapping between an identification of an established virtual machine on the physical server and an identification of a virtual extensible local area network; the second mapping relationship also comprises a mapping relationship between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network;
The obtaining the first mapping relationship according to the mapping relationship between the identifier of the virtual machine established on the physical server and the physical server, and the identifier of the virtual machine established corresponding to the identifier of the virtual local area network included in the physical server includes:
acquiring a flow rule configuration table of a virtual switch in the physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between an identifier of a virtual local area network and an identifier of a virtual extensible local area network, wherein the identifier of the virtual local area network is included in the physical server;
Determining a mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the virtual extensible local area network according to the determined identifier of the established virtual machine corresponding to the identifier of the virtual local area network included in the physical server and a flow rule configuration table of the virtual switch;
and obtaining the first mapping relation according to the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server, the identifier of the virtual machine established corresponding to the identifier of the virtual local area network included in the physical server, and the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network.
4. the method of claim 3, wherein the determining that the first mapping is different from the second mapping comprises:
when the fact that the identification of at least one virtual machine meets any one or more of the following preset conditions is determined, the first mapping relation is determined to be different from the second mapping relation; wherein the preset conditions include:
the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation;
the identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation;
The identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation;
the identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the physical server corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the physical server corresponding to the identifier of the virtual machine in the second mapping relation.
5. an apparatus for monitoring virtual machine anomaly, adapted to a network system including at least one physical server, each physical server including at least one virtual machine thereon; the device includes: an acquisition unit and a processing unit; wherein:
The acquiring unit is used for acquiring a first mapping relation from a physical server; the first mapping relation comprises a mapping relation between an identifier of a virtual machine established on the physical server and an identifier of the physical server; acquiring a second mapping relation from the cloud computing management platform; the second mapping relationship comprises a mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the physical server;
the processing unit is used for determining that the virtual machine has an exception when the first mapping relation is determined to be different from the second mapping relation;
wherein the device further comprises a monitoring unit for: monitoring the virtual machine on the physical server in the network system, and determining that the virtual machine on the physical server changes through a processing unit; wherein the virtual machine change comprises any one or more of the following: the virtual machine is created and deleted, the identification of the virtual local area network corresponding to the virtual machine is changed, the identification of the virtual extensible local area network corresponding to the virtual machine is changed, and the identification of the physical server corresponding to the virtual machine is changed.
6. the apparatus of claim 5, wherein the first mapping further comprises a mapping between an identification of an established virtual machine on the physical server and an identification of a virtual local area network to which the virtual machine belongs; the second mapping relationship also includes a mapping relationship between the identifier of the virtual machine corresponding to the instruction for creating the virtual machine, which is issued to the physical server by the cloud computing management platform, and the identifier of the virtual local area network to which the virtual machine belongs;
The acquisition unit is configured to:
Collecting port identification of the physical server;
acquiring a virtual machine manager data table in the physical server; the virtual machine manager data table comprises a mapping relation between an identifier of a virtual machine established in the network system and an identifier of a virtual local area network to which the virtual machine belongs;
The processing unit is configured to:
Determining the identifier of the virtual local area network included by the physical server according to the determined identifier of the virtual local area network corresponding to the port identifier of the physical server;
Determining an established virtual machine identifier corresponding to the virtual local area network identifier included in the physical server from the virtual machine manager data table according to the virtual local area network identifier included in the physical server, and obtaining a mapping relation between the established virtual machine identifier on the physical server and the physical server identifier;
and obtaining the first mapping relation according to the mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the established virtual machine corresponding to the identifier of the virtual local area network in the physical server.
7. the apparatus of claim 6, wherein the first mapping further comprises a mapping between an identification of an established virtual machine on the physical server and an identification of a virtual extensible local area network; the second mapping relationship also comprises a mapping relationship between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network;
The acquisition unit is configured to:
Acquiring a flow rule configuration table of a virtual switch in the physical server; the flow rule configuration table of the virtual switch comprises a mapping relation between an identifier of a virtual local area network and an identifier of a virtual extensible local area network, wherein the identifier of the virtual local area network is included in the physical server;
the processing unit is configured to:
determining a mapping relation between the identifier of the established virtual machine on the physical server and the identifier of the virtual extensible local area network according to the determined identifier of the established virtual machine corresponding to the identifier of the virtual local area network included in the physical server and a flow rule configuration table of the virtual switch;
and obtaining the first mapping relation according to the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the physical server, the identifier of the virtual machine established corresponding to the identifier of the virtual local area network included in the physical server, and the mapping relation between the identifier of the virtual machine established on the physical server and the identifier of the virtual extensible local area network.
8. the apparatus as recited in claim 7, said processing unit to:
when the fact that the identification of at least one virtual machine meets any one or more of the following preset conditions is determined, the first mapping relation is determined to be different from the second mapping relation; wherein the preset conditions include:
the identification of the virtual machine only exists in the first mapping relation or only exists in the second mapping relation;
The identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual local area network corresponding to the identifier of the virtual machine in the second mapping relation;
the identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the virtual extensible local area network corresponding to the identifier of the virtual machine in the second mapping relation;
the identifier of the virtual machine exists in the first mapping relation and the second mapping relation, and the identifier of the physical server corresponding to the identifier of the virtual machine in the first mapping relation is different from the identifier of the physical server corresponding to the identifier of the virtual machine in the second mapping relation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610889136.1A CN106487633B (en) | 2016-10-11 | 2016-10-11 | method and device for monitoring abnormity of virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610889136.1A CN106487633B (en) | 2016-10-11 | 2016-10-11 | method and device for monitoring abnormity of virtual machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106487633A CN106487633A (en) | 2017-03-08 |
| CN106487633B true CN106487633B (en) | 2019-12-06 |
Family
ID=58270609
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610889136.1A Active CN106487633B (en) | 2016-10-11 | 2016-10-11 | method and device for monitoring abnormity of virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106487633B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566152B (en) * | 2017-06-13 | 2020-03-31 | ***股份有限公司 | Method and device for virtual network link detection |
| CN109800052B (en) * | 2018-12-15 | 2020-11-24 | 深圳先进技术研究院 | Anomaly detection and positioning method and device applied to distributed container cloud platform |
| US11522905B2 (en) | 2019-09-11 | 2022-12-06 | International Business Machines Corporation | Malicious virtual machine detection |
| CN113067809B (en) * | 2021-03-15 | 2023-05-16 | 公安部第三研究所 | Environment safety detection system and method for cloud platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825891A (en) * | 2014-02-19 | 2014-05-28 | 曙光云计算技术有限公司 | Security flaw scanning system under cloud network environment |
| CN104461683A (en) * | 2014-11-07 | 2015-03-25 | 华为技术有限公司 | Verification method, device and system for virtual machine illegal configuration |
| CN105162667A (en) * | 2015-09-10 | 2015-12-16 | 华为技术有限公司 | Method and device for configuration of virtual machine |
| CN105760214A (en) * | 2016-04-19 | 2016-07-13 | 华为技术有限公司 | Equipment state and resource information monitoring method, related equipment and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9787633B2 (en) * | 2013-12-05 | 2017-10-10 | Vmware, Inc. | System and method for dynamically configuring a DHCP server in a virtual network environment |
-
2016
- 2016-10-11 CN CN201610889136.1A patent/CN106487633B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825891A (en) * | 2014-02-19 | 2014-05-28 | 曙光云计算技术有限公司 | Security flaw scanning system under cloud network environment |
| CN104461683A (en) * | 2014-11-07 | 2015-03-25 | 华为技术有限公司 | Verification method, device and system for virtual machine illegal configuration |
| CN105162667A (en) * | 2015-09-10 | 2015-12-16 | 华为技术有限公司 | Method and device for configuration of virtual machine |
| CN105760214A (en) * | 2016-04-19 | 2016-07-13 | 华为技术有限公司 | Equipment state and resource information monitoring method, related equipment and system |
Non-Patent Citations (1)
| Title |
|---|
| 云环境下安全监控机制关键技术研究;白鑫;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160315;第41-42页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106487633A (en) | 2017-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200244554A1 (en) | System and method of detecting hidden processes by analyzing packet flows | |
| US10057112B2 (en) | Fault detection of service chains in a SDN/NFV network environment | |
| CN110865867B (en) | Method, device and system for discovering application topological relation | |
| US10474508B2 (en) | Replication management for hyper-converged infrastructures | |
| CN106487633B (en) | method and device for monitoring abnormity of virtual machine | |
| US10700947B2 (en) | Life cycle management method and device for network service | |
| AU2015312382B2 (en) | Systems and methods for network analysis and reporting | |
| US10681046B1 (en) | Unauthorized device detection in a heterogeneous network | |
| US11438278B2 (en) | Container-aware application dependency identification | |
| EP3281360B1 (en) | Virtualized network function monitoring | |
| US20190171475A1 (en) | Automatic network configuration of a pre-configured hyper-converged computing device | |
| US8572607B2 (en) | System and method for performing designated service image processing functions in a service image warehouse | |
| US10263907B2 (en) | Managing virtual network ports | |
| JP6742327B2 (en) | Method, associated device, and system for processing alarm information | |
| EP3575975A1 (en) | Method and apparatus for operating smart network interface card | |
| CN112989330B (en) | Container intrusion detection method, device, electronic equipment and storage medium | |
| US10536518B1 (en) | Resource configuration discovery and replication system for applications deployed in a distributed computing environment | |
| CN112187671A (en) | Network access method and related equipment thereof | |
| CA2697152A1 (en) | Monitoring of newly added computer network resources having service level objectives | |
| BR112021000558A2 (en) | DIFFERENTIATION MECHANISM FOR DIGITAL FORENSIC SCIENCE | |
| CN110798341B (en) | Service opening method, device and system | |
| CN114138483B (en) | Virtualized resource management method, device, server, system and medium | |
| US20180081930A1 (en) | Maintaining storage profile consistency in a cluster having local and shared storage | |
| US10360614B1 (en) | Assessing and rating deployments of resources | |
| US11463300B2 (en) | Remediating false positives of intrusion detection systems with guest introspection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |