CN112202712A - Service recovery method based on distributed health state detection in cloud protection field - Google Patents
Service recovery method based on distributed health state detection in cloud protection field Download PDFInfo
- Publication number
- CN112202712A CN112202712A CN202010874384.5A CN202010874384A CN112202712A CN 112202712 A CN112202712 A CN 112202712A CN 202010874384 A CN202010874384 A CN 202010874384A CN 112202712 A CN112202712 A CN 112202712A
- Authority
- CN
- China
- Prior art keywords
- health
- protection
- request
- address
- protection node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000036541 health Effects 0.000 title claims abstract description 58
- 238000001514 detection method Methods 0.000 title claims abstract description 33
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000011084 recovery Methods 0.000 title claims abstract description 12
- 239000000523 sample Substances 0.000 claims abstract description 36
- 238000007689 inspection Methods 0.000 claims abstract description 16
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000003862 health status Effects 0.000 claims 7
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a service recovery method based on distributed health state detection in the field of cloud protection, which comprises the following steps: the method comprises the steps of firstly, preparing to use a DNS system, secondly, normally using, thirdly, carrying out health check, fourthly, switching a standby address, and enabling a health check probe to initiate health check to a protection node A to judge the quality condition of the protection node A. According to the service recovery method based on distributed health state detection in the cloud protection field, health inspection is conducted on a protection node A through a health inspection probe, then judgment is conducted through detection data through a quality analysis system, if the judgment result shows that the protection node A is unavailable, a B.B.B.B address is automatically changed into a main state through a DNS, meanwhile, the A.A.A.A.A.A address is adjusted to be in a standby state, manual participation is not needed, and the problems that a DNS needs to be replaced by a common cloud protection system, a large amount of manpower is needed, and the replacement time is long are solved.
Description
Technical Field
The invention relates to the technical field of cloud protection, in particular to a service recovery method based on distributed health state detection in the field of cloud protection.
Background
DDoS attacks, i.e. distributed denial of service attacks, refers to combining multiple computers as an attack platform by means of client or server technology, launching DDoS attacks on one or more targets, thereby exponentially improving the power of denial of service attacks, generally, an attacker installs a DDoS main control program on one computer using a theft account, a set time main control program will communicate with a large number of agent programs, the agent programs have been installed on many computers on a network, the agent programs launch attacks upon receiving instructions, the main control program can activate hundreds or thousands of times of agent program operations within a few seconds by using client or server technology, the DNS system is a distributed host information database, and in a client or server mode, a service directory system for querying domain names or IP addresses on the Internet, upon receiving a request, it may translate the domain name of another host to an IP address or vice versa.
At present, a plurality of protection nodes are generally adopted in a cloud protection system aiming at DDoS attack in the market, customer traffic is called to one of the nodes through a DNS for forwarding and protection, when the node fails, operation and maintenance personnel are required to manually change the DNS to direct the traffic to a standby node of the node so as to recover the failure, and due to the fact that a large amount of manual intervention exists, the switching speed is slow, 10 minutes is less, 30 minutes is more, and great influence is caused on customer service.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a service recovery method based on distributed health state detection in the field of cloud protection, and solves the problems that a common cloud protection system needs a large amount of manpower and needs a long replacement time when a DNS (domain name system) needs to be replaced.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a service recovery method based on distributed health state detection in the field of cloud protection comprises the following steps:
step one, preparing to use a DNS system: after an enterprise purchases cloud protection service, a service provider allocates A.A.A.A.A.A and B.B.B.B addresses to the enterprise, and the enterprise changes the resolution address of a domain name into the two addresses in a DNS system, wherein the main IP is A.A.A.A.A, and the standby IP is B.B.B.B;
step two, normal use: a user accesses the DNS system to obtain an address of A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A user initiates a request to the address of A.A.A.A.A.A.A.A.A.A. www.xxx.com domain name access is carried out through the protection node A;
step three, health examination: the health inspection probe initiates health inspection to the protection node A, judges the quality condition of the protection node A, reports the detected data to a quality analysis system after the health inspection probe detects each time, the quality analysis system further judges according to the data reported by the probe, if the judgment result shows that the protection node A is unavailable, the protection node A is considered to have a fault, and the DNS is informed to switch a standby address;
step four, switching the standby address: after receiving the switching request of the quality analysis system, the DNS system automatically changes the B.B.B.B address into the primary state, simultaneously adjusts the A.A.A.A.A.A address into the standby state, and after the user initiates a request for www.xxx.com again, the DNS system allocates the B.B.B.B.B address to the user, and the user accesses the protection node B and further accesses the WEB source server.
Preferably, n health check probes are set in the third step, and the n health check probes are distributed in different operator networks.
Preferably, in the third step, the frequency of the health examination probe is 20ms each time.
Preferably, in the third step, when the number of health check probes fed back to the protection node a as being unavailable exceeds m, the protection node a is considered to be in failure.
Preferably, the m is set by a related technician according to actual use requirements.
Preferably, in the second step, after receiving the request, the protection node a determines whether the request is an attack, if so, intercepts the request, otherwise, forwards the request to the final WEB source server.
Preferably, in the fourth step, after receiving the request, the protecting node B determines whether the request is an attack, and if so, intercepts the request, otherwise, forwards the request to the final WEB source server.
Preferably, the detection data of the health monitoring probes 1 to n are reported to a quality analysis system, and the quality analysis system judges according to all the detection data.
(III) advantageous effects
The invention provides a service recovery method based on distributed health state detection in the field of cloud protection. Compared with the prior art, the method has the following beneficial effects:
(1) the service recovery method based on distributed health state detection in the cloud protection field comprises the steps of initiating health check to a protection node A through a health check probe, judging the quality condition of the protection node A, reporting detection data to a quality analysis system after each detection of the health check probe is finished, further judging by the quality analysis system according to the data reported by the probe, considering that the protection node A fails if the judgment result shows that the protection node A is unavailable, informing a DNS (domain name system) to switch a standby address, automatically changing a B.B.B.B.B.B address into a main state after the DNS system receives a switching request of the quality analysis system, adjusting the A.A.A.A.A.A address into a standby state, allocating the B.B.B.B.B.B.B.B address to a user after the user initiates a request for www.xxx.com again, accessing the protection node B by the user, further accessing a WEB server, and performing health check on the protection node A through the health check probe, the quality analysis system judges through the detection data, if the judgment result shows that the protection node A is unavailable, the B.B.B.B address is automatically changed into a main state through the DNS, and meanwhile, the A.A.A.A.A.A address is adjusted into a standby state without manual participation, so that the problems that a large amount of manpower is needed and the replacement time is long when the DNS needs to be replaced in a common cloud protection system are solved.
(2) The health examination is initiated to the protection node A through the health examination probe, the quality condition of the protection node A is judged, n health examination probes are arranged and distributed in different operator networks, the detection data of the health monitoring probes 1-n are reported to a quality analysis system, the quality analysis system judges through all the detection data, the n health examination probes are distributed in different operator networks and used for simulating the access behavior of a real user, the detection data of the health monitoring probes 1-n are reported to the quality analysis system, the quality analysis system judges through all the detection data, and the judgment accuracy is guaranteed.
(3) According to the service recovery method based on distributed health state detection in the field of cloud protection, when the number of health examination probes fed back to the protection node A to be unavailable exceeds m, m is set by related technical personnel according to actual use requirements, the protection node A is considered to be in fault, when the number of health examination probes fed back to the protection node A to be unavailable exceeds m, the protection node A is considered to be in fault, the use fault caused by internal information misinformation is prevented, and meanwhile, the use range is enlarged by setting m.
Drawings
FIG. 1 is a schematic diagram of a cloud protection system for DDoS according to the present invention;
fig. 2 is a diagram of the implementation principle and process of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, an embodiment of the present invention provides a technical solution: a service recovery method based on distributed health state detection in the field of cloud protection comprises the following steps:
step one, preparing to use a DNS system: after an enterprise purchases cloud protection service, a service provider allocates A.A.A.A.A.A and B.B.B.B addresses to the enterprise, and the enterprise changes the resolution address of a domain name into the two addresses in a DNS system, wherein the main IP is A.A.A.A.A, and the standby IP is B.B.B.B;
step two, normal use: a user accesses a DNS system to obtain an address of A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.;
step three, health examination: the health inspection probes initiate health inspection to the protection node A, the health inspection frequency of the health inspection probes is 20ms each time, the health inspection probes are n, the n health inspection probes are distributed in different operator networks and used for simulating the access behavior of a real user and judging the quality condition of the protection node A, after the detection of the n health inspection probes is finished each time, the detection data are reported to a quality analysis system, the quality analysis system further judges according to the data reported by all the probes, if the number of the health inspection probes which are fed back to the protection node A and are unavailable exceeds m, the m is set by related technical personnel according to actual use requirements, the protection node A is considered to be in fault, and the DNS is informed to switch a standby address;
step four, switching the standby address: after receiving the switching request of the quality analysis system, the DNS system automatically changes the B.B.B.B address into a primary state, simultaneously adjusts the A.A.A.A.A.A.A address into a standby state, after the user initiates a request to www.xxx.com again, the DNS system allocates the B.B.B.B.B address to the user, the user accesses the protection node B, after receiving the request, the protection node B judges whether the request is an attack, if so, the protection node B intercepts the request, otherwise, the request is forwarded to a final WEB source server, and then the WEB source server is accessed.
And those not described in detail in this specification are well within the skill of those in the art.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A service recovery method based on distributed health state detection in the field of cloud protection is characterized by comprising the following steps: the method comprises the following steps:
step one, preparing to use a DNS system: after an enterprise purchases cloud protection service, a service provider allocates A.A.A.A.A.A and B.B.B.B addresses to the enterprise, and the enterprise changes the resolution address of a domain name into the two addresses in a DNS system, wherein the main IP is A.A.A.A.A, and the standby IP is B.B.B.B;
step two, normal use: a user accesses the DNS system to obtain an address of A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A user initiates a request to the address of A.A.A.A.A.A.A.A.A.A. www.xxx.com domain name access is carried out through the protection node A;
step three, health examination: the health inspection probe initiates health inspection to the protection node A, judges the quality condition of the protection node A, reports the detected data to a quality analysis system after the health inspection probe detects each time, the quality analysis system further judges according to the data reported by the probe, if the judgment result shows that the protection node A is unavailable, the protection node A is considered to have a fault, and the DNS is informed to switch a standby address;
step four, switching the standby address: after receiving the switching request of the quality analysis system, the DNS system automatically changes the B.B.B.B address into the primary state, simultaneously adjusts the A.A.A.A.A.A address into the standby state, and after the user initiates a request for www.xxx.com again, the DNS system allocates the B.B.B.B.B address to the user, and the user accesses the protection node B and further accesses the WEB source server.
2. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: in the third step, n health check probes are set, and the n health check probes are distributed in different operator networks.
3. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: in the third step, the frequency of health examination of the health examination probe is 20ms each time.
4. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: in the third step, when the number of the health check probes which are fed back to the protection node A as unavailable exceeds m, the protection node A is considered to be in fault.
5. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 4, wherein: the m is set by the relevant technical personnel according to the actual use requirement.
6. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: in the second step, after receiving the request, the protection node A judges whether the request is an attack or not, if so, the protection node A intercepts the request, otherwise, the protection node A forwards the request to a final WEB source server.
7. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: in the fourth step, after receiving the request, the protection node B determines whether the request is an attack, if so, intercepts the request, otherwise, forwards the request to the final WEB source server.
8. The method for recovering services based on distributed health status detection in the field of cloud protection according to claim 1, wherein: the detection data of the health monitoring probes 1-n are reported to a quality analysis system, and the quality analysis system judges according to all the detection data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010874384.5A CN112202712A (en) | 2020-08-26 | 2020-08-26 | Service recovery method based on distributed health state detection in cloud protection field |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010874384.5A CN112202712A (en) | 2020-08-26 | 2020-08-26 | Service recovery method based on distributed health state detection in cloud protection field |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112202712A true CN112202712A (en) | 2021-01-08 |
Family
ID=74006246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010874384.5A Pending CN112202712A (en) | 2020-08-26 | 2020-08-26 | Service recovery method based on distributed health state detection in cloud protection field |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112202712A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114629874A (en) * | 2022-02-28 | 2022-06-14 | 天翼安全科技有限公司 | Cloud protection node switching method, system, equipment and medium of source station server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639366A (en) * | 2014-12-31 | 2015-05-20 | 北京奇虎科技有限公司 | DNS (domain name server) disaster tolerance system islanding response automatic switching method and device |
| US20160164911A1 (en) * | 2014-12-09 | 2016-06-09 | At&T Intellectual Property I, L.P. | System and Method to Diffuse Denial-of-Service Attacks Using Virtual Machines |
| CN108599996A (en) * | 2018-04-03 | 2018-09-28 | 武汉斗鱼网络科技有限公司 | Fault handling method, device and the terminal of data-base cluster |
| CN110798469A (en) * | 2016-09-19 | 2020-02-14 | 贵州白山云科技股份有限公司 | Safety protection method and device for DNS (Domain name Server) |
| CN111131126A (en) * | 2018-10-30 | 2020-05-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN111464648A (en) * | 2020-04-02 | 2020-07-28 | 聚好看科技股份有限公司 | Distributed local DNS system and domain name query method |
-
2020
- 2020-08-26 CN CN202010874384.5A patent/CN112202712A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160164911A1 (en) * | 2014-12-09 | 2016-06-09 | At&T Intellectual Property I, L.P. | System and Method to Diffuse Denial-of-Service Attacks Using Virtual Machines |
| CN104639366A (en) * | 2014-12-31 | 2015-05-20 | 北京奇虎科技有限公司 | DNS (domain name server) disaster tolerance system islanding response automatic switching method and device |
| CN110798469A (en) * | 2016-09-19 | 2020-02-14 | 贵州白山云科技股份有限公司 | Safety protection method and device for DNS (Domain name Server) |
| CN108599996A (en) * | 2018-04-03 | 2018-09-28 | 武汉斗鱼网络科技有限公司 | Fault handling method, device and the terminal of data-base cluster |
| CN111131126A (en) * | 2018-10-30 | 2020-05-08 | 中国电信股份有限公司 | Attack detection method and device |
| CN111464648A (en) * | 2020-04-02 | 2020-07-28 | 聚好看科技股份有限公司 | Distributed local DNS system and domain name query method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114629874A (en) * | 2022-02-28 | 2022-06-14 | 天翼安全科技有限公司 | Cloud protection node switching method, system, equipment and medium of source station server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11729205B2 (en) | Network isolation by policy compliance evaluation | |
| US8020045B2 (en) | Root cause analysis method, apparatus, and program for IT apparatuses from which event information is not obtained | |
| JP5610400B2 (en) | Node detection apparatus, node detection method, and program | |
| US8200842B1 (en) | Automatic traffic control using dynamic DNS update | |
| CN102694696B (en) | The method of dns server abnormality detection and device | |
| CN105681358A (en) | Domain name hijacking detection method, device and system | |
| CN112104498A (en) | DNS service quality evaluation method, device, medium and equipment | |
| CN104468207B (en) | The method, apparatus and system of terminal management | |
| CN111683162B (en) | IP address management method based on flow identification | |
| CN108933693B (en) | Domain name service system fault processing method and system | |
| CN109688242B (en) | Cloud protection system and method | |
| US11824716B2 (en) | Systems and methods for controlling the deployment of network configuration changes based on weighted impact | |
| CN109729058B (en) | Traffic hijacking analysis method and device | |
| CN106888277A (en) | A kind of domain name inquiry method and device | |
| CN113347037A (en) | Data center access method and device | |
| CN112202712A (en) | Service recovery method based on distributed health state detection in cloud protection field | |
| CN113472577B (en) | Cluster inspection method, device and system | |
| US20020143917A1 (en) | Network management apparatus and method for determining network events | |
| CN111371914A (en) | IP library generation method, domain name resolution method, electronic device and readable storage medium | |
| CN105939202A (en) | Method and device for managing life cycle of device | |
| CN114666373A (en) | Maintenance method of Internet of things terminal and related equipment | |
| CN114615015A (en) | Method, device, equipment and medium for determining repair priority of service system | |
| KR101247988B1 (en) | System and method for measuring service quality of web server | |
| CN114039778A (en) | Request processing method, device, equipment and readable storage medium | |
| CN100578486C (en) | Method and apparatus for delegating responses to conditions in computing systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210108 |
|
| RJ01 | Rejection of invention patent application after publication |