CN114826969B - Network connectivity checking method, device, equipment and storage medium - Google Patents
Network connectivity checking method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114826969B CN114826969B CN202210267590.9A CN202210267590A CN114826969B CN 114826969 B CN114826969 B CN 114826969B CN 202210267590 A CN202210267590 A CN 202210267590A CN 114826969 B CN114826969 B CN 114826969B
- Authority
- CN
- China
- Prior art keywords
- cloud server
- network
- configuration
- checking
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000007689 inspection Methods 0.000 claims abstract description 17
- 230000000903 blocking effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 abstract description 19
- 238000004904 shortening Methods 0.000 abstract description 4
- 230000002349 favourable effect Effects 0.000 abstract description 2
- 238000011835 investigation Methods 0.000 abstract description 2
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 11
- 238000005129 volume perturbation calorimetry Methods 0.000 description 11
- 230000009286 beneficial effect Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 208000001613 Gambling Diseases 0.000 description 1
- RJKFOVLPORLFTN-LEKSSAKUSA-N Progesterone Chemical compound C1CC2=CC(=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H](C(=O)C)[C@@]1(C)CC2 RJKFOVLPORLFTN-LEKSSAKUSA-N 0.000 description 1
- 108010015780 Viral Core Proteins Proteins 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
Abstract
One or more embodiments of the present specification provide a network connectivity checking method, apparatus, device, and storage medium. The method comprises the following steps: responding to a network connectivity checking instruction, determining a source cloud server and a destination cloud server, and acquiring a designated port of the destination cloud server; checking network-related configurations in the destination cloud server and/or the source cloud server, and checking configurations of network links corresponding to designated ports from the source cloud server to the destination cloud server; and obtaining and outputting a network connectivity check result between the source cloud server and the destination cloud server. The embodiment realizes the investigation of the connection problem caused by the configuration error, realizes the simultaneous scanning of the internal and external environments and the configuration of the cloud server, and is favorable for locating the root cause of the problem through one-time inspection process, thereby improving the inspection accuracy, shortening the problem solving period and improving the inspection efficiency.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of cloud server technologies, and in particular, to a method, an apparatus, a device, and a storage medium for checking network connectivity.
Background
Cloud computing services are services in which a large number of computing resources connected by a network are uniformly managed and scheduled to form a computing resource pool for users as required. The user obtains the required resources and services through the network in an on-demand and easily-extensible manner.
The cloud server (or called an instance) is an important component of the cloud computing service, and integrates three major core elements of internet application in the traditional sense: computing, storing and networking, and providing public Internet infrastructure services for various Internet users. The normal communication of the network among the cloud servers is an important basis for providing services for users.
Disclosure of Invention
In view of this, one or more embodiments of the present specification provide a network connectivity checking method, apparatus, device, and storage medium.
In order to achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:
according to a first aspect of one or more embodiments of the present specification, there is provided a network connectivity checking method, comprising:
responding to a network connectivity checking instruction, determining a source cloud server and a destination cloud server, and acquiring a designated port of the destination cloud server;
Checking network-related configurations in the destination cloud server and/or the source cloud server, and checking configurations of network links corresponding to designated ports from the source cloud server to the destination cloud server;
and obtaining and outputting a network connectivity check result between the source cloud server and the destination cloud server.
According to a second aspect of one or more embodiments of the present specification, there is provided a network connectivity check apparatus comprising:
the information acquisition module is used for responding to the network connectivity checking instruction, determining a source cloud server and a destination cloud server and acquiring a designated port of the destination cloud server;
a configuration checking module, configured to check a configuration related to a network in the destination cloud server and/or the source cloud server, and check a configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server;
and the checking result output module is used for obtaining and outputting a network connectivity checking result between the source cloud server and the destination cloud server.
According to a third aspect of one or more embodiments of the present specification, there is provided an electronic device comprising:
A processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of the first aspect by executing the executable instructions.
According to a fourth aspect of one or more embodiments of the present description, there is provided a computer program product having stored thereon computer instructions which, when executed by a processor, perform the steps of the method according to the first aspect.
The embodiment provides a network connectivity checking method, a device, equipment and a storage medium, which realize automatic network connectivity checking process, a user only needs to specify a source cloud server and a destination cloud server, input a specified port of the destination cloud server to be accessed and trigger a network connectivity checking instruction, and then related equipment can respond to the network connectivity checking instruction to execute the network connectivity checking method, thereby being beneficial to reducing a threshold for the user to check network problem faults.
Drawings
Fig. 1 is a schematic view of a scenario in which a cloud server performs network connectivity checking according to an exemplary embodiment.
Fig. 2 is a flow chart of a method for checking network connectivity according to an exemplary embodiment.
FIG. 3 is a schematic diagram of an interactive interface provided by an exemplary embodiment.
Fig. 4 is a schematic structural diagram of an electronic device according to an exemplary embodiment.
Fig. 5 is a block diagram of a network connectivity check apparatus provided by an example embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with aspects of one or more embodiments of the present description as detailed in the accompanying claims.
It should be noted that: in other embodiments, the steps of the corresponding method are not necessarily performed in the order shown and described in this specification. In some other embodiments, the method may include more or fewer steps than described in this specification. Furthermore, individual steps described in this specification, in other embodiments, may be described as being split into multiple steps; while various steps described in this specification may be combined into a single step in other embodiments.
For ease of understanding, the terms related to this description will be explained first:
cloud server: a computing service product is an important component of cloud computing services.
Examples: cloud servers are known, and different instance specifications provide different computing capabilities.
Host machine: the cloud server essentially pools and virtualizes resources such as calculation, storage and network on the physical machine through a virtualization technology, packages the resources into a virtual machine similar to the physical machine, and provides services to the outside. Wherein a user using a public cloud cannot see the host.
Virtual network card: each cloud server is assigned with a network card by default when being created, and is used for assigning IP addresses to realize network access of the instance.
Guest OS: the operating system of an instance refers to the OS running within the instance.
Private network (Virtual Private Cloud, VPC for short): an isolated network environment, the user can completely control own private network, such as selecting IP address range, configuring routing table and gateway, etc., belonging to the inter-working of instance internal networks in the same private network, and the private networks are logically and completely isolated.
Virtual switch: subscribers can divide a private network into one or more subnetworks by creating virtual switches under the VPC. And the different virtual switches in the same proprietary network are in intranet intercommunication. When the ECS instance is created, the corresponding VPC and virtual switch must be specified, otherwise, the ECS instance cannot be created.
IP address: IP addresses are the primary way users access an instance or access a service deployed on an instance. Examples of proprietary network VPC types are two types of IP addresses, a private IP address and a public IP address: (1) private IP address: when the instance is created, the cloud service platform automatically assigns a private IP address to be according to the VPC and virtual switch specified by the instance. Instances within the same VPC may be accessed through private IP addresses. If the user accesses the instance through the private IP of the instance and can access successfully, the method is called intranet intercommunication. (2) public network IP address: the cloud server supports two types of public network IP addresses, namely a public network IP address and an elastic public network IP address (EIP for short) which are automatically allocated by the system. The system automatically allocated public network IP address can be released along with the release of the instance, and the elastic public network IP address can be repeatedly bound and unbound with different instances, so that the elastic public network IP still exists after the release of the instance. If a user accesses an instance through the instance's public network IP, it is referred to as public network access.
Safety group: the virtual firewall has the capabilities of state monitoring and data packet filtering, can be used for controlling the input flow and the output flow of the instance, and improves the security of the instance. Instances must join at least one security group.
Security group rules: for specifying that access policies to the public or private network are to be allowed or forbidden for ECS instances within the security group. The security group rule is an N-tuple defining a detailed authorization policy, and is specifically as follows: (1) authorization policy: allowing or rejecting access requests of a certain port; (2) priority: the smaller the value, the higher the priority; (3) protocol type: mainly comprises different network protocols including TCP, UDP, ICMP, GRE and other network protocols; (4) port range: designating a port for accessing an instance; (5) authorizing the object: may be a specified IP address, a block of CIDR addresses, a security group, or the like, representing the targeted object.
Currently, one implementation is to seek customer service assistance to solve the problem when a user encounters a cloud server network inaccessible. Considering that the reasons that the network between cloud servers cannot be connected or the network delay is high may be caused by multiple reasons, after a user submits a network fault report to a customer service team, the customer service team needs to submit the network fault report to a plurality of research and development teams for manual investigation, the solution period is long, the network service is point-to-point service, the service efficiency is low, and the user experience is poor.
Another way is to make a diagnosis of network connectivity by sending a request packet and waiting for a response, such as a ping. The inventors have found that in cloud computing, a user can control the virtual network environment according to actual needs, including selecting an IP location range, creating a sub-network, configuring a routing table, and a network gateway, and peer-to-peer connection through a VPC, or combining multiple VPCs, and so on. With rich controls and function groups, a user can configure a flexible network environment. However, as cloud computing configuration becomes more and more complex, network connection problems caused by incorrect configuration are more and more, but in the related art, a network connectivity detection method by sending a data packet (such as a ping method) cannot identify the network connection problems caused by incorrect configuration, and the connectivity detection method only focuses on network links, ignores the network service state of the cloud server, and may cause an inaccessible problem even if the cloud server is incorrectly configured, and the accuracy of the detection method is not high.
Based on the problems of the related art, the present disclosure provides a network connectivity checking method to implement an automatic network connectivity checking process, and a user only needs to specify a source cloud server and a destination cloud server, input a specified port of the destination cloud server to be accessed, and trigger a network connectivity checking instruction, so that related devices can automatically check a configuration related to a network in the destination cloud server and/or the source cloud server based on the network connectivity checking method, and automatically check a configuration of a network link corresponding to the specified port from the source cloud server to the destination cloud server, thereby obtaining and outputting a network connectivity checking result between the source cloud server and the destination cloud server. The embodiment realizes the automatic network connectivity checking process, is beneficial to reducing the threshold for a user to check network problem faults, does not need to send any data packet, checks the connection problems caused by configuration errors by checking configuration, checks the network link connectivity between cloud servers, diagnoses the configuration of the cloud servers and the network, realizes the simultaneous scanning of the internal and external environments and the configuration of the cloud servers, has more complete checking coverage, and is beneficial to locating the root cause of the problems through one-time checking process, thereby shortening the problem solving period and improving the checking efficiency while improving the checking accuracy.
By way of example, the network connectivity check methods provided by the embodiments of the present description may be executable by electronic devices including, but not limited to, personal computers, laptop computers, cellular telephones, camera phones, smart phones, personal digital assistants, media players, navigation devices, email devices, game consoles, tablet computers, wearable devices, or a combination of any of several of these devices. In one example, the electronic device includes a memory storing executable instructions for performing the network connectivity check method, the executable instructions being executable by the processor, and a processor.
The network connectivity checking method provided by the embodiment of the present application may be executed by a cloud server, for example, the network connectivity checking method provided by the embodiment of the present application may be integrated into a web application, through which a network connectivity checking service is provided for a user, the web application may be executed by a cloud server, when a user needs to check a network connection problem between any two cloud servers, a source cloud server and a destination cloud server may be specified in the web application, a specified port of the destination cloud server that needs to be accessed is input, and a network connectivity checking instruction is triggered, and the cloud server may implement checking on relevant configurations of the source cloud server and the destination cloud server by running the web application. The cloud server for executing the web application can check the configuration in the destination cloud server and/or the source cloud server under the condition of having related rights, and the related rights can be specifically limited according to the actual application scene; in one example, for example, a cloud server for executing the web application and a destination cloud server and a source cloud server belong to the same product developed by the same cloud platform; in another example, the destination cloud server or the source cloud server may provide a check interface for the cloud server executing the web application to check the configuration of the destination cloud server or the source cloud server based on the check interface.
In a possible application scenario, for example, referring to fig. 1, if a user needs to check network connectivity between an instance B and an instance C, a source cloud server and a destination cloud server may be specified in a network connectivity check service (such as the web application described above) provided by an associated cloud platform, a designated port of the destination cloud server that needs to be accessed is input, for example, an instance B is designated as the source cloud server, and an instance C is designated as the destination cloud server, and the cloud platform may output a network connectivity check result between the instance B and the instance C by executing the network connectivity check service, checking a configuration related to a network in the instance B and/or the instance C, and checking a configuration of a network link corresponding to the designated port from the instance B to the instance C. The instance B and/or the instance C are provided for the cloud platform, so that the cloud platform has relevant authority to check the cloud platform; for example, if instance C is an instance provided by the cloud platform, the platform may check the configuration related to the network in instance C.
Referring to fig. 2, fig. 2 is a flowchart of a network connectivity checking method according to an embodiment of the present application, where the network connectivity checking method is exemplarily described by an electronic device, and the method includes:
In step S101, in response to the network connectivity check instruction, a source cloud server and a destination cloud server are determined, and a designated port of the destination cloud server is acquired.
In step S102, a configuration related to a network in the destination cloud server and/or the source cloud server is checked, and a configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server is checked.
In step S103, a network connectivity check result between the source cloud server and the destination cloud server is obtained and output.
The embodiment realizes the automatic network connectivity checking process, is beneficial to reducing the threshold for a user to check network problem faults, does not need to send any data packet, checks the connection problems caused by configuration errors by checking configuration, checks the network link connectivity between cloud servers, diagnoses the configuration of the cloud servers and the network, realizes the simultaneous scanning of the internal and external environments and the configuration of the cloud servers, has more complete checking coverage, and is beneficial to locating the root cause of the problems through one-time checking process, thereby shortening the problem solving period and improving the checking efficiency while improving the checking accuracy.
It may be understood that the triggering manner of the network connectivity check instruction in the embodiment of the present disclosure is not limited, and may be specifically set according to an actual application scenario, for example, the triggering manner of the network connectivity check instruction includes, but is not limited to, clicking, long pressing, sliding, and other operations. For example, referring to fig. 3, an interactive interface for checking network connectivity is shown, in which a user may designate a source cloud server and a destination cloud server for checking network connectivity according to actual needs, and a port of the destination cloud server that needs to be accessed, and after the designating is completed, a "ok" button is clicked to trigger a network connectivity checking instruction.
The electronic equipment can respond to the network connectivity checking instruction, determine a source cloud server and a destination cloud server, and acquire a designated port of the destination cloud server; and further checking the configuration related to the network in the destination cloud server and/or the source cloud server, and checking the configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server. The embodiment realizes the simultaneous scanning of the internal and external environments and the configuration of the cloud server, not only diagnoses the configuration of the network link, but also diagnoses the configuration of the target cloud server and/or the source cloud server, has more complete inspection coverage, and is beneficial to locating the root cause of the problem through one inspection process, thereby shortening the problem solving period and improving the inspection efficiency while improving the inspection accuracy.
In one possible implementation manner, for the destination cloud server, it may be checked whether a configuration of the destination cloud server related to a network is consistent with a first reference configuration, where the first reference configuration indicates configuration information corresponding to the destination cloud server when the source cloud server and the destination cloud server can normally communicate. For the source cloud server, whether the configuration of the source cloud server and the network related configuration is consistent with a second reference configuration or not can be checked, wherein the second reference configuration indicates configuration information corresponding to the source cloud server when the source cloud server and the destination cloud server can normally communicate. It can be appreciated that only the configuration of the destination cloud server itself may be selected for inspection according to actual needs, only the configuration of the source cloud server itself may be selected for inspection, or both may be selected for inspection. For a network link corresponding to a designated port from the source cloud server to the destination cloud server, detecting whether a configuration of the network link is consistent with a third reference configuration; and the third reference configuration indicates configuration information corresponding to a network link when the source cloud server and the destination cloud server can normally communicate. It may be appreciated that the first reference configuration, the second reference configuration, and the third reference configuration may be specifically set according to an actual application scenario, which is not limited in any way in the embodiments of the present disclosure.
In the case that the configuration of the destination cloud server itself related to the network is consistent with the first reference configuration, the configuration of the source cloud server itself related to the network is consistent with the second reference configuration, and the configuration of the network link is consistent with the third reference configuration, it may be determined that normal access is possible between the two cloud servers. If the inspection results of any one of the three are inconsistent, for example, the cloud servers are improperly configured, or the configuration of related switches on the network link is problematic, normal access between the two cloud servers may not be possible, so that the embodiment realizes comprehensive inspection of 2 endpoints (the destination cloud server and/or the source cloud server) and a directional network link, and is favorable for rapidly and accurately locating the root cause of the problem through one inspection process.
For example, if the inspection result of any one of the three is inconsistent, the finally output network connectivity inspection result may include a configuration item for inconsistent comparison, so that a user can specify a specific reason why the network between the source cloud server and the destination cloud server cannot be connected.
In an exemplary embodiment, the network-related configuration in the destination cloud server or the network-related configuration in the source cloud server includes at least one of:
(1) Running state or configuration information of at least one service related to the network in an operating system (Guest OS) of the cloud server; as with fig. 1, the electronic device may check whether the operating state or configuration information of at least one service related to the network within the operating system (Guest OS) of example B and/or example C is correct.
Checking the running state or configuration information of at least one service related to the network in an operating system (Guest OS) of the cloud server, such as checking whether the running state of at least one service related to the network is a preset running state (such as an on state or an off state), or checking whether the configuration information of at least one service related to the network is consistent with the preset configuration information.
Illustratively, the operating state or configuration information of the at least one service associated with the network includes, but is not limited to: the cloud server comprises a virtual network card loading state, network address configuration information, routing configuration information, a virtual firewall state, a DHCP service state or an SSH service state.
For the checking of the loading state of the virtual network card, for example, whether the virtual network card of the cloud server can normally load data, and/or whether the virtual network card has a packet loss condition, etc., if the virtual network card cannot load data or has the packet loss condition, the virtual network card may cause that the cloud servers cannot normally access.
For the checking of the network address configuration information, for example, checking whether the IP address is consistent with a preset IP address and/or checking whether the subnet mask configuration is consistent with a preset subnet mask, if not, normal access between cloud servers may be disabled.
Checking route configuration information, such as checking whether a specified route is open, may result in the cloud server not having normal access if the specified route is not open.
For the checking of the state of the virtual firewall, such as checking the running state and configuration rules of the virtual firewall, if the virtual firewall is in an open state and is set to mask the rules accessed from the outside, the cloud server network may not be accessed.
For checking the DHCP service status, for example, checking whether the DHCP service is in an on state, if the DHCP service is not on, the cloud server may not obtain the correct IP address.
For checking the SSH service state, for example, checking whether the running state of the SSH service is in an on state, whether a critical directory or a file on which the SSH service depends exists, whether the access right of a corresponding file is configured correctly, or the like, if the SSH service is in an off state, or the dependent critical directory or file does not exist, or the access right of the corresponding file is configured incorrectly, normal access between cloud servers may be impossible.
(2) And the selling state of each component forming the cloud server is used for indicating whether the component is in the service life or not. The components comprising the cloud server include, but are not limited to, a processor (e.g., CPU), memory, cloud disk, and network bandwidth; the payment modes of different components can be controlled independently, for example, a CPU, a memory and a cloud disk can be purchased in a package year and month, and the bandwidth is purchased according to quantity (namely, the payment is carried out after the use), if the account number of a user has arrears, the cloud server can still operate normally, but the access of the network bandwidth can be limited by a system, so that the cloud server cannot access.
Exemplary, checking the selling state of each component constituting the cloud server, such as checking whether each component constituting the cloud server has an arrearage condition; as with fig. 1, the electronic device may check each component that makes up example B, and/or each component that makes up example C for an arrearage condition. In this embodiment, the checking process of the configuration of the cloud server also covers the checking of the selling states of the components that form the cloud server, so that the checking range is more comprehensive, and the quick and accurate positioning of the root cause of the problem is facilitated.
(3) Operational status or configuration information of one or more security services of a cloud server, the security services being used to protect the cloud server from security attacks. The relevant cloud computing service may provide one or more security services to protect the cloud server from security attacks as little as possible. In the case that the running state of one or more security services on the cloud server is abnormal (such as the cloud server is under security attack) or is configured incorrectly, the normal access process of the cloud server is also affected. As with fig. 1, the electronic device may check whether the operational state or configuration information of one or more security services of example B and/or example C is correct.
For the running state or configuration information of one or more security services of the cloud server, it may be checked whether the running state of one or more security services is a preset state and/or whether the configuration information of one or more security services is consistent with the preset configuration information.
Illustratively, the operating state or configuration information of the one or more security services of the cloud server includes, but is not limited to: security group configuration information, network attack status or blocking status; the network attack state indicates the influence degree of the cloud server under the network attack; and the forbidden state indicates whether the service corresponding to the cloud server accords with a preset specification.
Checking for the security group configuration information, such as checking whether security group rules are consistent with preset rules. The user can limit the access limit of other resources to the cloud server by configuring the rules of the security group, and can also be used for limiting the access limit of the cloud server to other resources. One cloud server can be configured with multiple security groups, each security group can be configured with multiple access restriction rules, and finally the access state of the cloud server is the effect of superposition of all security group rules associated with the cloud server. Therefore, improper configuration of the security group can affect accessibility of the cloud server to the inside and the outside, and the embodiment is beneficial to positioning the configuration error problem through one-time checking process by covering the checking process of the configuration information of the security group.
For network attack, taking DDoS attack as an example, if the cloud server is under DDoS attack and the attack traffic is large, the cloud server may enter a black hole state, i.e. the cloud server cannot process any traffic and cannot be accessed. Thus, at the check for the network attack state, it may be checked whether the cloud server enters the black hole state to determine the accessibility of the cloud server.
For checking the blocking state, if the service corresponding to the cloud server does not meet the preset specification, the cloud server may be blocked, for example, network access blocking is performed on an instance of illegal service (such as pornography, gambling, etc.), and after the cloud server is blocked, the external device or other cloud servers cannot access a specific port of the cloud server. Thus, the accessibility of the cloud server may be determined by detecting whether the cloud server is disabled.
In this embodiment, the checking process of the configuration of the cloud server also covers the checking of the running state or configuration information of one or more security services of the cloud server, so that the checking range is more comprehensive, and the method is helpful for quickly and accurately locating the root cause of the problem.
(4) And the network card session number corresponding to the cloud server is on the host where the cloud server is located. One host may include one or more cloud servers, and the cloud servers with different specifications have different corresponding upper limits of network capabilities, and network access abnormality of the cloud servers may be caused when the upper limits of the limits are exceeded. The network capacity upper limit corresponding to the cloud server is embodied by the network card session number corresponding to the cloud server on the host where the cloud server is located.
For the checking of the network card session number corresponding to the cloud server on the host where the cloud server is located, for example, it can be checked that the current network card session number of the cloud server exceeds the session connection upper limit corresponding to the specification of the cloud server, if the current network card session number exceeds the session connection upper limit, new session access cannot be established, and the cloud server cannot be connected.
In an exemplary embodiment, the checking procedure of the configuration of the network link may be checking the hardware configuration of one or more devices corresponding to the network link and the software configuration on the devices. The configuration of the network link includes at least one of:
(1) And the source cloud server or the destination cloud server respectively locates at least one service running state or configuration information in the virtual network.
Checking the running state or configuration information of at least one service in the virtual network where the source cloud server or the destination cloud server is located, for example, checking whether the running state of the at least one service is normal (whether the running state is a preset state) or checking whether the configuration information of the at least one service is consistent with the preset configuration information.
Illustratively, the operating state or configuration information of at least one service in the virtual network includes, but is not limited to: the operation state of the VPC network, the AVS forwarding condition, ACL configuration information or security group configuration information, etc.
With respect to the checking of the operation state of the VPC network, it may be checked whether the VPC network is operating properly, and if so, it indicates that the operation state of the VPC network is correct. For the checking of AVS forwarding situations, it may be checked whether there are packet loss or delay situations in AVS forwarding. For the checking of the ACL configuration information, it may be checked whether access to the cloud server is allowed in the access control list of the switch, and if so, it indicates that the ACL configuration information is correct. For the checking of the security group configuration information, for example, whether the access direction of the security group rule configuration associated with the cloud server to the current network link is released or not can be checked, and if the access direction is released, the security group configuration information is correct.
(2) And the running states or configuration information of the network equipment and the network service on the host machine where the source cloud server and the destination cloud server are respectively located.
Checking the running state or configuration information of the network device and the network service, for example, checking whether the running state of the network device (such as a network card) is normal or whether the configuration information is consistent with preset configuration information; and checking whether the running state of the network service is normal or whether the configuration information is consistent with the preset configuration information.
The network equipment comprises a network card example, and the physical network card on the host machine is abnormal due to the virtual bug or other reasons, and the cloud server on the host machine cannot be normally accessed, so that whether the network card works normally can be checked.
(3) And the running state and configuration information of the switch in the network link.
Checking the running state of the switch and the configuration information thereof in the network link, such as checking whether the running state of the switch is normal or whether the configuration information of the switch is consistent with preset configuration information.
Illustratively, the switches in the network links include, but are not limited to, an access stratum switch (ASW), a convergence switch (PSW), a Distributed Switch (DSW).
The present embodiment implements diagnosis of the configuration of the network link corresponding to the designated port from the source cloud server to the destination cloud server, and relates to the virtual network provided by the virtualization service, the network physical device and network service of the host machine, and the physical network device (i.e. the switch) in the network link as shown in fig. 1. Only if all services and devices on the network link are working properly (i.e. configured correctly) is the link interworking.
Fig. 4 is a schematic block diagram of an apparatus according to an exemplary embodiment. Referring to fig. 4, at the hardware level, the device includes a processor 402, an internal bus 404, a network interface 406, a memory 408, and a nonvolatile memory 410, although other hardware required by other services is possible. One or more embodiments of the present description may be implemented in a software-based manner, such as by the processor 402 reading a corresponding computer program from the non-volatile memory 410 into the memory 408 and then running. Of course, in addition to software implementation, one or more embodiments of the present disclosure do not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but may also be hardware or a logic device.
Referring to fig. 5, the network connectivity checking apparatus may be applied to the device shown in fig. 4 to implement the technical solution of the present specification. Wherein the network connectivity checking apparatus may include:
an information acquisition module 21, configured to determine a source cloud server and a destination cloud server in response to a network connectivity check instruction, and acquire a designated port of the destination cloud server;
A configuration checking module 22, configured to check a configuration related to a network in the destination cloud server and/or the source cloud server, and check a configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server;
and the checking result output module 23 is used for obtaining and outputting a network connectivity checking result between the source cloud server and the destination cloud server.
In an embodiment, the configuration checking module is specifically configured to:
checking whether the configuration of the destination cloud server and the network is consistent with a first reference configuration and/or checking whether the configuration of the source cloud server and the network is consistent with a second reference configuration; the method comprises the steps of,
checking whether the configuration of the network link is consistent with a third reference configuration; the first reference configuration, the second reference configuration and the third reference configuration indicate configuration information when the source cloud server and the destination cloud server can normally communicate.
In an embodiment, the configuration related to the network in the destination cloud server or the configuration related to the network in the source cloud server includes at least one of the following:
Operating state or configuration information of at least one service related to the network in an operating system of the cloud server;
the vending state of each component forming the cloud server is used for indicating whether the component is in a use validity period or not;
operating state or configuration information of one or more security services of a cloud server, wherein the security services are used for preventing the cloud server from being influenced by security attacks; or alternatively
And the network card session number corresponding to the cloud server is on the host where the cloud server is located.
In an embodiment, the running state or configuration information of at least one service related to the network in the operating system of the cloud server includes any one or more of the following:
the method comprises the steps of loading a virtual network card of a cloud server, configuring information of a network address, configuring information of a route, virtual firewall state, DHCP service state or SSH service state;
the running state or configuration information of the one or more security services of the cloud server comprises any one or more of the following:
security group configuration information, network attack status or blocking status; the network attack state indicates the influence degree of the cloud server under the network attack; and the forbidden state indicates whether the service corresponding to the cloud server accords with a preset specification.
In an embodiment, the configuration of the network link includes at least one of:
the running state or configuration information of at least one service in the virtual network where the source cloud server and the destination cloud server are respectively located;
the running states or configuration information of network equipment and network services on a host computer where the source cloud server and the destination cloud server are respectively located; or,
and the running state and configuration information of the switch in the network link.
In some embodiments, embodiments of the present specification further provide a computer device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any of the above by executing the executable instructions.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as a memory, comprising instructions executable by a processor of an apparatus to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
A non-transitory computer readable storage medium, which when executed by a processor of a terminal, enables the terminal to perform the above-described method.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, read only compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by the computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
The foregoing description of the preferred embodiment(s) is (are) merely intended to illustrate the embodiment(s) of the present invention, and it is not intended to limit the embodiment(s) of the present invention to the particular embodiment(s) described.
Claims (10)
1. A network connectivity check method, comprising:
responding to a network connectivity checking instruction, determining a source cloud server and a destination cloud server, and acquiring a designated port of the destination cloud server;
checking network-related configuration in the destination cloud server through an inspection interface provided by the destination cloud server, and/or checking network-related configuration in the source cloud server through an inspection interface provided by the source cloud server, and checking configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server;
and obtaining and outputting a network connectivity check result between the source cloud server and the destination cloud server.
2. The method of claim 1, the checking network-related configurations in the destination cloud server and/or the source cloud server, comprising:
Checking whether the configuration of the destination cloud server and the network is consistent with a first reference configuration and/or checking whether the configuration of the source cloud server and the network is consistent with a second reference configuration;
the checking the configuration of the network link corresponding to the designated port from the source cloud server to the destination cloud server includes:
checking whether the configuration of the network link is consistent with a third reference configuration; the first reference configuration, the second reference configuration and the third reference configuration indicate configuration information when the source cloud server and the destination cloud server can normally communicate.
3. The method of claim 1, the network-related configuration in the destination cloud server or the network-related configuration in the source cloud server comprising at least one of:
operating state or configuration information of at least one service related to the network in an operating system of the cloud server;
the vending state of each component forming the cloud server is used for indicating whether the component is in a use validity period or not;
operating state or configuration information of one or more security services of a cloud server, wherein the security services are used for preventing the cloud server from being influenced by security attacks; or alternatively
And the network card session number corresponding to the cloud server is on the host where the cloud server is located.
4. A method according to claim 3, wherein the operating state or configuration information of at least one service related to the network in the operating system of the cloud server comprises any one or more of:
the method comprises the steps of loading a virtual network card of a cloud server, configuring information of a network address, configuring information of a route, virtual firewall state, DHCP service state or SSH service state;
the running state or configuration information of the one or more security services of the cloud server comprises any one or more of the following:
security group configuration information, network attack status or blocking status; the network attack state indicates the influence degree of the cloud server under the network attack; and the forbidden state indicates whether the service corresponding to the cloud server accords with a preset specification.
5. The method of claim 1, the configuration of the network link comprising at least one of:
the running state or configuration information of at least one service in the virtual network where the source cloud server and the destination cloud server are respectively located;
the running states or configuration information of network equipment and network services on a host computer where the source cloud server and the destination cloud server are respectively located; or,
And the running state and configuration information of the switch in the network link.
6. A network connectivity check apparatus comprising:
the information acquisition module is used for responding to the network connectivity checking instruction, determining a source cloud server and a destination cloud server and acquiring a designated port of the destination cloud server;
a configuration checking module, configured to check a configuration related to a network in the destination cloud server through an checking interface provided by the destination cloud server, and/or check a configuration related to a network in the source cloud server through an checking interface provided by the source cloud server, and check a configuration of a network link corresponding to a designated port from the source cloud server to the destination cloud server;
and the checking result output module is used for obtaining and outputting a network connectivity checking result between the source cloud server and the destination cloud server.
7. The apparatus of claim 6, the configuration checking module being specifically configured to:
checking whether the configuration of the destination cloud server and the network is consistent with a first reference configuration and/or checking whether the configuration of the source cloud server and the network is consistent with a second reference configuration; the method comprises the steps of,
Checking whether the configuration of the network link is consistent with a third reference configuration; the first reference configuration, the second reference configuration and the third reference configuration indicate configuration information when the source cloud server and the destination cloud server can normally communicate.
8. The apparatus of claim 6, the network-related configuration in the destination cloud server or the network-related configuration in the source cloud server comprising at least one of:
operating state or configuration information of at least one service related to the network in an operating system of the cloud server;
the vending state of each component forming the cloud server is used for indicating whether the component is in a use validity period or not;
operating state or configuration information of one or more security services of a cloud server, wherein the security services are used for preventing the cloud server from being influenced by security attacks; or alternatively
And the network card session number corresponding to the cloud server is on the host where the cloud server is located.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1 to 5 by executing the executable instructions.
10. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210267590.9A CN114826969B (en) | 2022-03-17 | 2022-03-17 | Network connectivity checking method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210267590.9A CN114826969B (en) | 2022-03-17 | 2022-03-17 | Network connectivity checking method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114826969A CN114826969A (en) | 2022-07-29 |
| CN114826969B true CN114826969B (en) | 2024-02-06 |
Family
ID=82531132
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210267590.9A Active CN114826969B (en) | 2022-03-17 | 2022-03-17 | Network connectivity checking method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114826969B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115378853B (en) * | 2022-08-23 | 2023-06-16 | 支付宝(杭州)信息技术有限公司 | Network monitoring method, device and equipment |
| CN115695045B (en) * | 2022-12-14 | 2023-06-06 | 深圳富联富桂精密工业有限公司 | Dynamic configuration method and device for security group and computer readable storage medium |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8670299B1 (en) * | 2010-12-29 | 2014-03-11 | Juniper Networks, Inc. | Enhanced service status detection and fault isolation within layer two networks |
| CN103891252A (en) * | 2011-09-16 | 2014-06-25 | 高通股份有限公司 | Systems and methods for network quality estimation, connectivity detection, and load management |
| CN104683163A (en) * | 2013-11-27 | 2015-06-03 | 东莞市微云***科技有限公司 | Cloud terminal network connectivity checking method, cloud terminal network connectivity checking system, and cloud terminal equipment |
| CN106452880A (en) * | 2016-10-19 | 2017-02-22 | 深圳市深信服电子科技有限公司 | Network wiring detection method and apparatus thereof |
| CN109257254A (en) * | 2018-09-21 | 2019-01-22 | 平安科技(深圳)有限公司 | Network connectivty inspection method, device, computer equipment and storage medium |
| CN110430100A (en) * | 2019-08-27 | 2019-11-08 | 中国工商银行股份有限公司 | Network connectivty detection method and device |
| CN111327720A (en) * | 2020-02-21 | 2020-06-23 | 北京百度网讯科技有限公司 | Network address conversion method, device, gateway equipment and storage medium |
| CN112003754A (en) * | 2020-08-25 | 2020-11-27 | 北京浪潮数据技术有限公司 | Visual node registration method for OpenStack cluster |
| CN112104490A (en) * | 2020-09-03 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network communication method and device based on cloud server and electronic device |
| CN112910726A (en) * | 2021-01-20 | 2021-06-04 | 浪潮云信息技术股份公司 | Cloud environment flow monitoring method, device and system |
| CN113259152A (en) * | 2021-04-19 | 2021-08-13 | 北京奇艺世纪科技有限公司 | Network diagnosis method, network diagnosis device, electronic equipment and storage medium |
| WO2021248318A1 (en) * | 2020-06-09 | 2021-12-16 | 深圳市欢太科技有限公司 | Cloud service system, network switching control method and related device |
| US11218421B1 (en) * | 2021-04-07 | 2022-01-04 | Wanclouds Inc. | Methods and systems for migrating virtual private cloud (VPC) resources across public cloud environments |
| CN113938378A (en) * | 2021-09-17 | 2022-01-14 | 浪潮思科网络科技有限公司 | Method, device and medium for verifying network device configuration in cloud network environment |
| CN113992578A (en) * | 2021-09-09 | 2022-01-28 | 新华三大数据技术有限公司 | Method, device and equipment for switching servers by cloud desktop terminal and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8832818B2 (en) * | 2011-02-28 | 2014-09-09 | Rackspace Us, Inc. | Automated hybrid connections between multiple environments in a data center |
| US11695665B2 (en) * | 2019-07-09 | 2023-07-04 | Vmware, Inc. | Cross-cloud connectivity checks |
| US11050647B1 (en) * | 2019-12-16 | 2021-06-29 | Vmware, Inc. | Simulation-based cross-cloud connectivity checks |
| US11190424B2 (en) * | 2020-01-15 | 2021-11-30 | Vmware, Inc. | Container-based connectivity check in software-defined networking (SDN) environments |
-
2022
- 2022-03-17 CN CN202210267590.9A patent/CN114826969B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8670299B1 (en) * | 2010-12-29 | 2014-03-11 | Juniper Networks, Inc. | Enhanced service status detection and fault isolation within layer two networks |
| CN103891252A (en) * | 2011-09-16 | 2014-06-25 | 高通股份有限公司 | Systems and methods for network quality estimation, connectivity detection, and load management |
| CN104683163A (en) * | 2013-11-27 | 2015-06-03 | 东莞市微云***科技有限公司 | Cloud terminal network connectivity checking method, cloud terminal network connectivity checking system, and cloud terminal equipment |
| CN106452880A (en) * | 2016-10-19 | 2017-02-22 | 深圳市深信服电子科技有限公司 | Network wiring detection method and apparatus thereof |
| CN109257254A (en) * | 2018-09-21 | 2019-01-22 | 平安科技(深圳)有限公司 | Network connectivty inspection method, device, computer equipment and storage medium |
| CN110430100A (en) * | 2019-08-27 | 2019-11-08 | 中国工商银行股份有限公司 | Network connectivty detection method and device |
| CN111327720A (en) * | 2020-02-21 | 2020-06-23 | 北京百度网讯科技有限公司 | Network address conversion method, device, gateway equipment and storage medium |
| WO2021248318A1 (en) * | 2020-06-09 | 2021-12-16 | 深圳市欢太科技有限公司 | Cloud service system, network switching control method and related device |
| CN112003754A (en) * | 2020-08-25 | 2020-11-27 | 北京浪潮数据技术有限公司 | Visual node registration method for OpenStack cluster |
| CN112104490A (en) * | 2020-09-03 | 2020-12-18 | 杭州安恒信息安全技术有限公司 | Network communication method and device based on cloud server and electronic device |
| CN112910726A (en) * | 2021-01-20 | 2021-06-04 | 浪潮云信息技术股份公司 | Cloud environment flow monitoring method, device and system |
| US11218421B1 (en) * | 2021-04-07 | 2022-01-04 | Wanclouds Inc. | Methods and systems for migrating virtual private cloud (VPC) resources across public cloud environments |
| CN113259152A (en) * | 2021-04-19 | 2021-08-13 | 北京奇艺世纪科技有限公司 | Network diagnosis method, network diagnosis device, electronic equipment and storage medium |
| CN113992578A (en) * | 2021-09-09 | 2022-01-28 | 新华三大数据技术有限公司 | Method, device and equipment for switching servers by cloud desktop terminal and storage medium |
| CN113938378A (en) * | 2021-09-17 | 2022-01-14 | 浪潮思科网络科技有限公司 | Method, device and medium for verifying network device configuration in cloud network environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114826969A (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114826969B (en) | Network connectivity checking method, device, equipment and storage medium | |
| CN109067877B (en) | Control method for cloud computing platform deployment, server and storage medium | |
| US11516050B2 (en) | Monitoring network traffic using traffic mirroring | |
| EP3804227B1 (en) | Monitoring connectivity and latency of a virtual network | |
| US20150143470A1 (en) | Managing an interface between an application and a network | |
| US11438252B2 (en) | Packet drop detection in local networking stack through packet correlation | |
| US11374978B2 (en) | Methods and systems for establishment of security policy between SDN application and SDN controller | |
| US20180167285A1 (en) | Deploying a networking test tool in a cloud computing system | |
| US11979384B2 (en) | Dynamic proxy response from application container | |
| CN106201769B (en) | Server system, non-provisional computer-readable recording mediums and the method to enhance the memory fault-tolerant rate in server system | |
| JP6138337B2 (en) | Test system and test method for reducing performance test cost in cloud environment | |
| EP3545451B1 (en) | Automatic forwarding of access requests and responses thereto | |
| CN106161396B (en) | A kind of method and device for realizing virtual machine network access control | |
| CN112187671A (en) | Network access method and related equipment thereof | |
| US9916225B1 (en) | Computer implemented system and method and computer program product for testing a software component by simulating a computing component using captured network packet information | |
| Asif et al. | ROCA: Auto‐resolving overlapping and conflicts in Access Control List policies for Software Defined Networking | |
| CN111818081B (en) | Virtual encryption machine management method, device, computer equipment and storage medium | |
| Zhan et al. | CIADL: cloud insider attack detector and locator on multi-tenant network isolation: an OpenStack case study | |
| KR102184114B1 (en) | Method and apparatus for providing network security service | |
| CN109039823B (en) | Network system firewall detection method, device, equipment and storage medium | |
| US20220217050A1 (en) | Policy management across multiple cloud computing environments within a network | |
| CN114244555A (en) | Method for adjusting security policy | |
| CN106375330B (en) | Data detection method and device | |
| US11799856B2 (en) | Application identification | |
| WO2024087638A1 (en) | Processing method for data packet, and related apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |