CN113114588B - Data processing method and device, electronic equipment and storage medium - Google Patents

Data processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113114588B
CN113114588B CN202110399866.4A CN202110399866A CN113114588B CN 113114588 B CN113114588 B CN 113114588B CN 202110399866 A CN202110399866 A CN 202110399866A CN 113114588 B CN113114588 B CN 113114588B
Authority
CN
China
Prior art keywords
address
server
information
traffic analysis
application discovery
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110399866.4A
Other languages
Chinese (zh)
Other versions
CN113114588A (en
Inventor
张世轩
蔡元昊
钱华钩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202110399866.4A priority Critical patent/CN113114588B/en
Publication of CN113114588A publication Critical patent/CN113114588A/en
Application granted granted Critical
Publication of CN113114588B publication Critical patent/CN113114588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2408Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure provides a data processing method and device, electronic equipment and a storage medium, and relates to the field of cloud computing. The specific implementation scheme is as follows: determining address information and a target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server; updating a server address set corresponding to the target service type in a service information list based on the address information of the traffic analysis server; and in the case of receiving the traffic from the data center, distributing the traffic according to the service information list. The embodiment of the disclosure can improve the traffic distribution efficiency.

Description

Data processing method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to the field of cloud computing.
Background
IDC (Internet Data Center) is the basis of current Internet services, and carries various Internet services derived from high and new technologies such as cloud computing, big Data, artificial intelligence, and the like. As the amount of internet data increases, the problem of internet data security is becoming more and more prominent. In order to meet the requirements of DDoS (Distributed Denial of Service) attack detection, intrusion detection, supervision requirements and the like, the flow of the IDC in and out needs to be copied in multiple ways and Distributed to different services for specific type of flow analysis. To reduce the size of the analysis server cluster and reduce costs, programmable switches may be used to implement traffic distribution. Generally, the programmable switch may distribute traffic based on a distribution policy configured by the operation and maintenance personnel.
Disclosure of Invention
The disclosure provides a data processing method, a data processing device, an electronic device and a storage medium.
According to an aspect of the present disclosure, there is provided a data processing method including:
determining address information and a target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server;
updating a server address set corresponding to the target service type in a service information list based on the address information of the traffic analysis server;
and in the case of receiving the traffic from the data center, distributing the traffic according to the service information list.
According to another aspect of the present disclosure, there is provided a data processing method including:
sending application discovery data to the switch;
the application discovery data is used for indicating the address information of the flow analysis server and the target service type; the address information of the flow analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list is used to distribute traffic.
According to another aspect of the present disclosure, there is provided a data processing apparatus including:
the information determining module is used for determining the address information and the target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server;
the list updating module is used for updating a server address set corresponding to the target service type in the service information list based on the address information of the traffic analysis server;
and the flow distribution module is used for distributing the flow according to the service information list under the condition of receiving the flow from the data center.
According to another aspect of the present disclosure, there is provided a data processing apparatus including:
a sending module, configured to send application discovery data to a switch;
the application discovery data is used for indicating the address information of the flow analysis server and the target service type; the address information of the flow analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list is used to distribute traffic.
According to another aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of any of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform a method in any of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, performs the method in any of the embodiments of the present disclosure.
According to the techniques of this disclosure, a traffic analysis server may indicate to a switch address information of the traffic analysis server and a corresponding target service type by sending application discovery data. The switch may update each set of server addresses corresponding to each service type in the service information list according to the application discovery data, thereby distributing traffic of the data center using the service information list. The service information list is automatically updated and maintained by receiving and sending the discovery data, operation and maintenance personnel do not need to log in the switch to configure a distribution strategy, the cost is reduced, faults caused by manual errors are avoided, and the distribution efficiency is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic diagram of a data processing method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a data processing method provided by another embodiment of the present disclosure;
FIG. 3 is a schematic diagram of an example application of the present disclosure;
FIG. 4 is a schematic diagram of a data processing apparatus provided by an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a data processing apparatus provided by another embodiment of the present disclosure;
FIG. 6 is a schematic diagram of a data processing apparatus provided in yet another embodiment of the present disclosure;
fig. 7 is a block diagram of an electronic device for implementing a data processing method of an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 shows a schematic diagram of a data processing method according to an embodiment of the present disclosure. As shown in fig. 1, the data processing method may include:
step S11, determining the address information and the target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server;
step S12, updating a server address set corresponding to the target service type in a service information list based on the address information of the traffic analysis server;
and step S13, distributing mirror image flow according to the service information list under the condition of receiving the flow data from the data center.
Illustratively, the above method may be implemented by a switch or a group of switches. The switch or the switch group is connected between the data center and the flow distribution server and used for acquiring the flow of the data center in and out, copying the flow to obtain multiple mirror image flows, and distributing the multiple mirror image flows to the flow analysis servers of different service types to complete the flow analysis of a specific type. Wherein the data center may include IDCs. The switch may comprise a programmable switch.
Illustratively, the application discovery data may be data for discovering an online condition of the service generated based on a preset protocol. The preset Protocol may be referred to as an Application Discovery Protocol (ADP). Accordingly, the Application Discovery Data may also be referred to as an Application Discovery Protocol Data Unit (ADPDU).
Illustratively, multiple fields of information may be included in the application discovery data. The plurality of fields includes, for example, at least one of a destination address, a source address, a protocol identification, a service identification, and the like. Wherein, the source address in the application discovery data can be used for determining the address information of the flow analysis server, and the service identification can be used for determining the target service type.
For example, the destination address, the source address, or the address information of the traffic analysis server may be a MAC (Media Access Control) address or an IP (Internet Protocol) address.
Illustratively, a plurality of server address sets corresponding to a plurality of service types may be included in the service information list, so that the switch determines the number and addresses of traffic analysis servers of one or more specific service types from the service information list, determines the number of copies of mirror copy traffic based on the number of traffic analysis servers, and distributes the traffic of the data center to the traffic analysis servers of the specific service types based on the addresses of the traffic analysis servers.
Illustratively, the traffic analysis server sends the application discovery data while online or periodically after online. The switch updates the service information list each time it receives application discovery data. Therefore, when a certain service cluster needs to be expanded and a server is online, the switch can update the service information list in time through interaction of application discovery data, so as to distribute traffic based on a traffic forwarding strategy corresponding to the updated service information list.
As can be seen, according to the data processing method of the embodiment of the present disclosure, the traffic analysis server may indicate, to the switch, the address information of the traffic analysis server and the corresponding target service type by sending the application discovery data. The switch may update each set of server addresses corresponding to each service type in the service information list according to the application discovery data, thereby distributing traffic of the data center using the service information list. The service information list is automatically updated and maintained by receiving and sending the discovery data, operation and maintenance personnel do not need to log in a switch to configure a distribution strategy, the cost is reduced, and faults caused by manual errors are avoided.
In an exemplary embodiment, the step S12, updating, in the service information list, a set of server addresses corresponding to the target service type based on the address information of the traffic analysis server, includes:
and adding the address information of the traffic analysis server in a server address set corresponding to the target service type in the service information list.
For example, the address information of the traffic analysis server is address a, and the target service type is type 1; and if the server address set corresponding to the type 1 in the service information list contains the addresses B and C, and if the address A is not contained, the address A is added to the server address set corresponding to the type 1. Then, if the traffic of the data center needs to be distributed to the traffic analysis server of type 1, at least one of the addresses a, B, and C may be determined according to the service information list, and the traffic may be distributed to the corresponding traffic analysis server.
According to the above embodiment, the updating of the service information list includes adding the address information of the traffic analysis server to a set of server addresses corresponding to the target service type. Therefore, when a newly added flow analysis server is on line, the address information of the newly added flow analysis server can be recorded in the service information list in time so as to improve the accuracy of flow distribution.
In some scenarios, the application discovery data may include not only a destination address, a source address, a protocol identifier, a service identifier, and the like, but also information validity time. The updating of the server address set in the service information list includes not only adding, deleting and modifying the addresses in the server address set, but also recording the effective time of each address in the server address set.
Specifically, in step S12, updating the server address set corresponding to the target service type in the service information list based on the address information of the traffic analysis server includes:
and updating the effective time of the address information of the traffic analysis server to the information effective time in the application discovery data in the server address set corresponding to the target service type in the service information list.
For example, when the address a is already included in the server address set corresponding to the target service type in the service information list and the valid time record of the address a is 12, if the application discovery data is received at 12. Address a is looked up in the server address set corresponding to type 1, and the validity time of address a is updated to 12.
For example, if the server address set corresponding to the target service type does not include the address information of the traffic analysis server indicated by the application discovery data, the address information of the traffic analysis server may be added to the server address set corresponding to the target service type in the service information list, and then the valid time of the address information of the traffic analysis server may be updated to the information valid time in the application discovery packet in the server address set corresponding to the target service type in the service information list.
If the server address set corresponding to the target service type includes the address information of the traffic analysis server indicated by the application discovery data, the valid time of the address information of the traffic analysis server may be directly updated to the information valid time in the application discovery packet in the server address set corresponding to the target service type in the service information list.
According to the above embodiment, the updating of the service information list includes recording the valid time of the address in the server address set. Based on this, the switch can discover that the traffic analysis server is offline in time. For example, in the case that the traffic analysis server exits the service group or a failure, a crash, or the like occurs, the switch can discover in time. The method is beneficial to timely fault isolation and flow distribution strategy change, and the change efficiency and the fault isolation efficiency are improved.
Exemplarily, the data processing method further includes:
and in response to the current time exceeding the effective time of the address information of the traffic analysis server, deleting the address information of the traffic analysis server or marking the traffic analysis server as offline in a server address set corresponding to the target service type.
For example, the valid time of the address a in the service information list is 12, and if 12.
According to the embodiment, the switch deletes the corresponding address information or marks off-line in the service information list under the condition that the traffic analysis server is found to be invalid, so that the distribution strategy can be changed, and the change efficiency is improved.
Illustratively, the application discovery data may also include rights verification information. Correspondingly, the step S11 of determining the address information and the target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server includes:
under the condition that application discovery data from a traffic analysis server are received, verifying the authority of the application discovery data based on authority verification information in the application discovery data;
in case of verifying the authority to discover data by the application, address information of the traffic analysis server and a target service type are determined based on the application discovery data.
According to the embodiment, the switch can carry out authority verification on the application discovery data, and execute subsequent processing under the condition that the verification is passed. Therefore, the reliability of the service information list can be improved, and the flow distribution quality can be improved.
An embodiment of the present disclosure further provides a data processing method, as shown in fig. 2, the method may include:
step S21, sending application discovery data to the switch;
the application discovery data is used for indicating the address information and the target service type of the traffic analysis server; the address information of the flow analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list is used to distribute traffic from the data center.
Illustratively, the above method may be implemented by a traffic analysis server.
Exemplarily, the step S21 of sending the application discovery data to the switch may include:
and sending the application discovery data to the switch under the condition that the service is on line.
According to the embodiment, the switch can find the data sensing service to be on line in time based on the application, so that the distribution strategy can be adjusted in time, and the distribution efficiency is improved.
Illustratively, the traffic analysis server may also periodically send application discovery data to the switch.
Therefore, through the interaction between the switch and the flow analysis server, the distribution strategy can be not required to be changed manually, the distribution efficiency is improved, and the cost is reduced. A specific application example is given below.
As shown in fig. 3, the traffic analysis server 30 sends application discovery data ADPDU to the switch 31. The data plane 311 of the switch 31 receives the ADPDU and reports it to the control plane 312 of the switch 31. The control plane 312 is aware of the overall network logic based on the ADPDU and updates the service information list based on the ADPDU. After each update, the control plane 312 sends the service information list to the data plane 311,. The data plane 311 completes the traffic distribution according to the list.
Wherein the ADPDU may include a plurality of fields. Each field contains TLV (type, length, value) format information. Here, the TLV format information contains the following:
(1) A field type of 7 bits (bit) in length;
(2) Data part length information indicating a length of the data part; the length of the data part length information is 9 bits;
(3) And a data portion having a length of 0 to 511 bytes.
Specifically, the plurality of fields include:
(1) Service type identification (Server name): the field is a mandatory field, and the field type may be 0, and is used to determine the service type of the server or to determine the service cluster to which the server belongs.
(2) Information effective time (TTL): the field is a mandatory field, and the field type may be 1.
(3) Authentication information (Auth info): this field is an optional field and the field type may be 2. Only the authenticated switch will process the ADPDU.
(4) IP segment (IP range): this field is used to indicate the required detected IP segments and the unneeded switches may not send this field to reduce waste of resources.
(5) End flag (End Of ADPDU): the field is a mandatory field, and the field type may be 127, which is used to mark the end of the message.
In addition, the ADPDU may further include an extended field (Reserved), a custom field (Self-define), and the like, which supports the user to extend or customize fields in the ADPDU as required.
An exemplary ADPDU message format is as follows:
Figure BDA0003019737880000081
wherein, the ethertype 0x88dd indicates that the message is an ADPDU. And the data plane of the switch analyzes the received message, and forwards the message with the Ethernet type of 0x88dd to the control plane virtual network card. And the control plane monitors the virtual network card, filters the ADPDU, and performs format verification and authority verification on the ADPDU. The control plane traverses each field in the ADPDU, updates the overall state of the network, generates a new service information list and sends the new service information list to the data plane.
As implementations of the foregoing methods, an embodiment of the present disclosure further provides a data processing apparatus. As shown in fig. 4, the apparatus includes:
an information determining module 410, configured to determine address information and a target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server;
a list updating module 420, configured to update a server address set corresponding to the target service type in the service information list based on the address information of the traffic analysis server;
and a traffic distribution module 430, configured to distribute traffic according to the service information list when the traffic from the data center is received.
Illustratively, as shown in FIG. 5, the list update module 420 includes:
an address adding unit 421, configured to add address information of the traffic analysis server in a server address set corresponding to the target service type in the service information list.
Illustratively, as shown in fig. 5, the application discovery data includes an information validity time; the list update module 420 includes:
a time updating unit 422, configured to update the valid time of the address information of the traffic analysis server to the information valid time in the application discovery packet in the server address set corresponding to the target service type in the service information list.
Illustratively, as shown in fig. 5, the data processing apparatus further includes:
and the information deleting module 510 is configured to delete address information of the traffic analysis server from the server address set corresponding to the target service type in response to that the current time exceeds the valid time of the address information of the traffic analysis server.
Illustratively, as shown in fig. 5, the application discovery data includes rights verification information; the information determination module 410 includes:
an authority verification unit 411 configured to verify an authority of the application discovery data based on authority verification information in the application discovery data in a case where the application discovery data is received from the traffic analysis server;
an information determining unit 412 for determining address information of the traffic analysis server and a target service type based on the application discovery data in case of verifying the authority to discover the data through the application.
An embodiment of the present disclosure further provides a data processing apparatus, and as shown in fig. 6, the apparatus includes:
a sending module 610, configured to send application discovery data to a switch;
the application discovery data is used for indicating the address information and the target service type of the traffic analysis server; the address information of the flow analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list is used to distribute traffic from the data center.
Illustratively, the sending module 610 is configured to:
and sending application discovery data to the switch under the condition that the service is on line.
The functions of each unit, module or sub-module in each device in the embodiments of the present disclosure may refer to the corresponding description in the above method embodiments, and are not described herein again.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
Fig. 7 illustrates a schematic block diagram of an example electronic device 800 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 7, the electronic device 700 includes a computing unit 701, which may perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 702 or a computer program loaded from a storage unit 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the electronic device 700 can be stored. The calculation unit 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
A plurality of components in the electronic device 700 are connected to the I/O interface 705, including: an input unit 706 such as a keyboard, a mouse, or the like; an output unit 707 such as various types of displays, speakers, and the like; a storage unit 708 such as a magnetic disk, optical disk, or the like; and a communication unit 709 such as a network card, a modem, a wireless communication transceiver, etc. The communication unit 709 allows the electronic device 700 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
Computing unit 701 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 701 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The calculation unit 701 executes the respective methods and processes described above, such as the data processing method. For example, in some embodiments, the data processing method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 708. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 700 via the ROM 702 and/or the communication unit 709. When the computer program is loaded into the RAM 703 and executed by the computing unit 701, one or more steps of the data processing method described above may be performed. Alternatively, in other embodiments, the computing unit 701 may be configured to perform the data processing method by any other suitable means (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel, sequentially or in different orders, and are not limited herein as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (16)

1. A method of data processing, comprising:
determining address information and a target service type of a traffic analysis server based on received application discovery data from the traffic analysis server; wherein the application discovery data is used to discover service presence;
updating a server address set corresponding to the target service type in a service information list based on the address information of the traffic analysis server;
under the condition that the flow from a data center is received, distributing the flow according to the service information list;
wherein the service information list includes a plurality of server address sets corresponding to a plurality of service types, and the distributing the traffic according to the service information list includes:
and determining the number and the address of the traffic analysis servers of at least one specific service type according to the service information list, determining the number of copies of mirror copy traffic based on the number, and distributing the traffic from the data center to the traffic analysis servers of at least one specific service type based on the address.
2. The method of claim 1, wherein the updating a set of server addresses corresponding to the target service type in a service information list based on address information of the traffic analysis server comprises:
and adding the address information of the flow analysis server in a server address set corresponding to the target service type in the service information list.
3. The method of claim 1 or 2, wherein the application discovery data comprises an information validity time;
the updating, in a service information list, a set of server addresses corresponding to the target service type based on the address information of the traffic analysis server includes:
and updating the effective time of the address information of the traffic analysis server to the effective time of the information in the application discovery data in a server address set corresponding to the target service type in a service information list.
4. The method of claim 3, further comprising:
and in response to that the current time exceeds the effective time of the address information of the traffic analysis server, deleting the address information of the traffic analysis server from the server address set corresponding to the target service type.
5. The method of claim 1 or 2, wherein the application discovery data comprises rights verification information;
the determining address information and a target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server includes:
under the condition that application discovery data from a traffic analysis server are received, verifying the authority of the application discovery data based on authority verification information in the application discovery data;
and under the condition that the authority of the application discovery data is verified, determining the address information and the target service type of the traffic analysis server based on the application discovery data.
6. A method of data processing, comprising:
sending application discovery data to the switch;
the application discovery data is used for indicating the address information of the flow analysis server and the type of the target service and discovering the online condition of the service; the address information of the traffic analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list comprises a plurality of server address sets corresponding to a plurality of service types, and is used for determining the number and the addresses of the traffic analysis servers of at least one specific service type, determining the number of the mirror copy traffic based on the number, and distributing the traffic from the data center based on the addresses.
7. The method of claim 6, wherein the sending application discovery data to the switch comprises:
and sending the application discovery data to the switch under the condition that the service is on line.
8. A data processing apparatus comprising:
the information determining module is used for determining the address information and the target service type of the traffic analysis server based on the received application discovery data from the traffic analysis server; wherein the application discovery data is used to discover service presence;
a list updating module, configured to update a server address set corresponding to the target service type in a service information list based on address information of the traffic analysis server;
the flow distribution module is used for distributing the flow according to the service information list under the condition of receiving the flow from the data center;
wherein the service information list includes a plurality of server address sets corresponding to a plurality of service types, and the traffic distribution module is further configured to:
and determining the number and the address of the traffic analysis servers of at least one specific service type according to the service information list, determining the number of copies of mirror copy traffic based on the number, and distributing the traffic from the data center to the traffic analysis servers of at least one specific service type based on the address.
9. The apparatus of claim 8, wherein the list update module comprises:
an address adding unit, configured to add address information of the traffic analysis server to a server address set corresponding to the target service type in the service information list.
10. The apparatus of claim 8 or 9, wherein the application discovery data comprises an information validity time;
the list update module includes:
and a time updating unit, configured to update the valid time of the address information of the traffic analysis server to the information valid time in the application discovery data in a server address set corresponding to the target service type in a service information list.
11. The apparatus of claim 10, further comprising:
and the information deleting module is used for responding to the condition that the current time exceeds the effective time of the address information of the traffic analysis server, and deleting the address information of the traffic analysis server in the server address set corresponding to the target service type.
12. The apparatus according to claim 8 or 9, wherein the application discovery data comprises rights verification information;
the information determination module includes:
the permission verification unit is used for verifying the permission of the application discovery data based on permission verification information in the application discovery data under the condition that the application discovery data from a traffic analysis server is received;
an information determination unit configured to determine address information of the traffic analysis server and a target service type based on the application discovery data in a case where the authority of the application discovery data is verified.
13. A data processing apparatus comprising:
a sending module, configured to send application discovery data to a switch;
the application discovery data is used for indicating the address information of the flow analysis server and the type of the target service and discovering the online condition of the service; the address information of the traffic analysis server and the target service type are used for updating a server address set corresponding to the target service type in a service information list of the switch; the service information list comprises a plurality of server address sets corresponding to a plurality of service types, and is used for determining the number and the addresses of the traffic analysis servers of at least one specific service type, determining the number of the mirror copy traffic based on the number, and distributing the traffic from the data center based on the addresses.
14. The apparatus of claim 13, wherein the means for transmitting is configured to:
and sending the application discovery data to the switch under the condition that the service is on line.
15. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
16. A non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of any one of claims 1-7.
CN202110399866.4A 2021-04-14 2021-04-14 Data processing method and device, electronic equipment and storage medium Active CN113114588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110399866.4A CN113114588B (en) 2021-04-14 2021-04-14 Data processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110399866.4A CN113114588B (en) 2021-04-14 2021-04-14 Data processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113114588A CN113114588A (en) 2021-07-13
CN113114588B true CN113114588B (en) 2023-02-17

Family

ID=76717792

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110399866.4A Active CN113114588B (en) 2021-04-14 2021-04-14 Data processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113114588B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113535187B (en) * 2021-07-16 2024-03-22 北京百度网讯科技有限公司 Service online method, service updating method and service providing method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104717314A (en) * 2013-12-17 2015-06-17 腾讯科技(深圳)有限公司 IP management method and system, client-side and server
CN106034330A (en) * 2015-03-17 2016-10-19 网宿科技股份有限公司 Mobile terminal flow processing method based on content distribution network, apparatus and system thereof
EP3399695A1 (en) * 2017-05-05 2018-11-07 Servicenow, Inc. Unified device and service discovery across multiple network types
CN110113188A (en) * 2019-04-22 2019-08-09 腾讯科技(深圳)有限公司 Across subdomain communication O&M method, total O&M server and medium
CN110377419A (en) * 2019-06-11 2019-10-25 北京达佳互联信息技术有限公司 A kind of server calls method, apparatus and electronic equipment
CN111164953A (en) * 2017-09-29 2020-05-15 西门子股份公司 Method and switch for providing name service in industrial automation system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104717314A (en) * 2013-12-17 2015-06-17 腾讯科技(深圳)有限公司 IP management method and system, client-side and server
CN106034330A (en) * 2015-03-17 2016-10-19 网宿科技股份有限公司 Mobile terminal flow processing method based on content distribution network, apparatus and system thereof
EP3399695A1 (en) * 2017-05-05 2018-11-07 Servicenow, Inc. Unified device and service discovery across multiple network types
CN111164953A (en) * 2017-09-29 2020-05-15 西门子股份公司 Method and switch for providing name service in industrial automation system
CN110113188A (en) * 2019-04-22 2019-08-09 腾讯科技(深圳)有限公司 Across subdomain communication O&M method, total O&M server and medium
CN110377419A (en) * 2019-06-11 2019-10-25 北京达佳互联信息技术有限公司 A kind of server calls method, apparatus and electronic equipment

Also Published As

Publication number Publication date
CN113114588A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
US11153184B2 (en) Technologies for annotating process and user information for network flows
CN111865642B (en) Multi-cluster configuration controller for software defined network
RU2562438C2 (en) Network system and network management method
US9667653B2 (en) Context-aware network service policy management
US9906557B2 (en) Dynamically generating a packet inspection policy for a policy enforcement point in a centralized management environment
US11057423B2 (en) System for distributing virtual entity behavior profiling in cloud deployments
US9571569B2 (en) Method and apparatus for determining virtual machine migration
US8554980B2 (en) Triggered notification
US20130332601A1 (en) Dynamic logging
US20220200844A1 (en) Data processing method and apparatus, and computer storage medium
US10470111B1 (en) Protocol to detect if uplink is connected to 802.1D noncompliant device
CN113114588B (en) Data processing method and device, electronic equipment and storage medium
US9372708B2 (en) Synchronizing multicast groups
CN106453367B (en) SDN-based method and system for preventing address scanning attack
CN112350939B (en) Bypass blocking method, system, device, computer equipment and storage medium
CN111010362B (en) Monitoring method and device for abnormal host
US20220141080A1 (en) Availability-enhancing gateways for network traffic in virtualized computing environments
WO2021109851A1 (en) Network communication method, apparatus and device, and storage medium
CN114978563A (en) Method and device for blocking IP address
CN112217718A (en) Service processing method, device, equipment and storage medium
CN114978580B (en) Network detection method and device, storage medium and electronic equipment
JP2012080217A (en) Terminal detection device, server device, terminal detection method, and program
US20240056451A1 (en) Communication system, anomaly detection apparatus, anomaly detection method, and program
CN111866089A (en) Network communication proxy method, device and computer readable storage medium
WO2018035770A1 (en) Network anomaly processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant