CN114928537B - Network equipment configuration method, device and storage medium - Google Patents

Network equipment configuration method, device and storage medium Download PDF

Info

Publication number
CN114928537B
CN114928537B CN202210534405.8A CN202210534405A CN114928537B CN 114928537 B CN114928537 B CN 114928537B CN 202210534405 A CN202210534405 A CN 202210534405A CN 114928537 B CN114928537 B CN 114928537B
Authority
CN
China
Prior art keywords
information
configuration
equipment
auditing
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210534405.8A
Other languages
Chinese (zh)
Other versions
CN114928537A (en
Inventor
郭晓琳
杨艳松
王宏鼎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202210534405.8A priority Critical patent/CN114928537B/en
Publication of CN114928537A publication Critical patent/CN114928537A/en
Application granted granted Critical
Publication of CN114928537B publication Critical patent/CN114928537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality

Abstract

The application provides a network equipment configuration method, a device and a storage medium, wherein the method is applied to a software defined network SDN system, and the SDN system comprises an SDN controller, at least one network equipment and auditing equipment; the method comprises the steps of checking configuration authorities corresponding to account information in synchronization application information after the synchronization application information of network equipment is obtained, and sending equipment configuration information in the synchronization application information to an SDN controller for storage after the account information is checked to have the configuration authorities, so that the synchronization of the equipment configuration information in the SDN controller and the equipment configuration information of the network equipment is realized. The method solves the problem that equipment configuration information of the nonstandard service is lost due to upgrading of the SDN controller in a time period from completing equipment configuration of nonstandard service associated network equipment by adopting a manual configuration method to arranging and issuing of nonstandard service completion service configuration information by the SDN controller.

Description

Network equipment configuration method, device and storage medium
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for configuring a network device, and a storage medium.
Background
The software defined network (Software Defined Network, SDN) system realizes the automatic management of the configuration and service execution of network equipment such as a switch, a router and the like, and brings great convenience to the operation management of the network.
As shown in fig. 1, the configuration of each network device 13 in the SDN system is generally configured automatically based on service configuration information laid out and issued by the SDN controller 12. Specifically, the SDN controller 12 obtains service requirement information of a service from a service requirement device 11 (such as a service platform of an operator client). Based on the service requirement information, the SDN controller 12 composes and obtains service configuration information corresponding to the service requirement information. Wherein the service configuration information includes a device identifier of the network device 13 associated with the service configuration information and device configuration information corresponding to the device identifier. The SDN controller 12 issues service configuration information to the associated network device 13. The network device 13 completes its own device configuration based on the service configuration information. However, if the service requirement information of a certain service a exceeds the arrangement functional range of the SDN controller 12, that is, when the service a is a non-standard service, the SDN controller 12 cannot perform arrangement of the corresponding service configuration information based on the service requirement information of the non-standard service. In order to ensure timely and normal operation of the service a, a method of manual configuration directly on the network device 13 is generally adopted, and the SDN controller 12 is bypassed to directly perform device configuration on the network device 13 associated with the service a. After the SDN controller 12 upgrades and realizes the arrangement of the service configuration information of the service a, the SDN controller 12 arranges and issues the service configuration information of the service a to realize the configuration of the network device 13 related to the service a and the automatic management of service execution.
From the time period from the completion of equipment configuration of the nonstandard service associated network equipment by adopting a manual configuration method to the arrangement and issuing of the nonstandard service completion service configuration information by the SDN controller, the upgrading (such as service change or service delivery) of the SDN controller can cause the loss of the equipment configuration information of the nonstandard service, thereby influencing the normal operation of the nonstandard service.
Disclosure of Invention
The application provides a network equipment configuration method, a device and a storage medium, which are used for solving the problem that equipment configuration information of non-standard service is lost due to upgrading of an SDN controller in a time period from completing equipment configuration of the non-standard service associated network equipment by adopting a manual configuration method to arranging and issuing of service configuration information of the non-standard service completed by the SDN controller.
In a first aspect, the present application provides a network device configuration method, applied to a software defined network SDN system, where the SDN system includes an SDN controller, at least one network device and an auditing device; the method comprises the following steps:
the auditing equipment acquires the synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information comprises equipment configuration information which is manually completed on the network equipment and account information of a user executing the manual configuration;
and the auditing equipment checks the configuration authority corresponding to the account information, and sends the equipment configuration information to the SDN controller in response to the account information having the configuration authority.
Optionally, the device configuration information includes a device configuration command;
the auditing device checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller in response to the account information having the configuration authority, including:
the auditing equipment compares the user identification code of the account information and the equipment configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has configuration permission in response to the fact that the equipment configuration command in the user identification code and the corresponding equipment configuration information belongs to the preset authorized manual configuration command set;
the auditing equipment sends the equipment configuration information to the SDN controller;
the authorized manual configuration command set comprises the corresponding relation between the user identification code of each account information and the authorized manual configuration command.
Optionally, after the auditing device determines that the account information has configuration rights, the method further includes:
the auditing equipment captures actual equipment configuration information of the network equipment from the network equipment based on equipment identification of the network equipment in the equipment configuration information, compares the equipment configuration information with the actual equipment configuration information, and sends the equipment configuration information to the SDN controller in response to the fact that the actual equipment configuration information contains the equipment configuration information.
Optionally, before the auditing device checks the configuration authority corresponding to the account information, the method further includes:
the auditing equipment checks the operation authority of the user corresponding to the account information based on the account information, and checks the configuration authority corresponding to the account information in response to the manually configured operation authority of the user corresponding to the account information.
Optionally, after the auditing device checks the operation authority of the user corresponding to the account information based on the account information, the method further includes:
and responding to the account information, corresponding to the operation authority which is not manually configured by the user, sending application rejection information to the network equipment by the auditing equipment so as to terminate the synchronous application of the network equipment.
Optionally, after the auditing device checks the configuration authority corresponding to the account information, the method further includes:
and the auditing equipment sends application rejection information to the network equipment to terminate the synchronous application of the network equipment in response to the account information does not have the configuration authority.
Optionally, after the auditing device sends the device configuration information to the SDN controller, the method further includes:
the auditing equipment receives the synchronous confirmation information sent by the SDN controller and sends the synchronous confirmation information to the network equipment; the synchronization confirmation information is sent after the SDN controller stores the device configuration information sent by the auditing device.
In a second aspect, the present application provides an auditing device configured by a network device, which is applied to a software defined network SDN system, where the SDN system includes an SDN controller, at least one network device and the auditing device; the auditing apparatus includes: the message processing module and the auditing processing module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the message processing module is used for acquiring the synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information comprises equipment configuration information which is manually completed on the network equipment and account information of a user executing the manual configuration;
the auditing processing module is used for checking the configuration permission corresponding to the account information, and sending the equipment configuration information to the SDN controller in response to the account information having the configuration permission.
In a third aspect, the present application provides a network device configuration auditing apparatus, including:
a processor and a memory;
the memory stores executable instructions executable by the processor;
wherein the processor executes the executable instructions stored by the memory, causing the processor to perform the method as described above.
In a fourth aspect, the present application provides a storage medium having stored therein computer-executable instructions for performing the method as described above when executed by a processor.
According to the network equipment configuration method, the network equipment configuration device and the storage medium, after the synchronization application information of the network equipment is obtained, the configuration authority corresponding to the account information in the synchronization application information is checked, after the account information is checked and confirmed to have the configuration authority, the equipment configuration information in the synchronization application information is sent to the SDN controller to be stored, and therefore synchronization of the equipment configuration information in the SDN controller and the equipment configuration information of the network equipment is achieved. The method and the device solve the problem that in a time period from completing equipment configuration of the nonstandard service associated network device by adopting a manual configuration method to arranging and issuing nonstandard service completion service configuration information by the SDN controller, equipment configuration information in the SDN controller is asynchronous with equipment configuration information of the network device, and equipment configuration information of nonstandard service is lost due to upgrading of the SDN controller.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
FIG. 1 is a diagram of a prior art SDN system architecture;
fig. 2 is an SDN system architecture diagram provided in an embodiment of the present application;
fig. 3 is a flowchart of a network device configuration method provided in an embodiment of the present application;
fig. 4 is a schematic diagram of an audit device configured by a network device according to an embodiment of the present application;
fig. 5 is a block diagram of a network device configuration auditing apparatus according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Currently, in an SDN system provided by an operator for a customer, after development is completed, the SDN controller and the SDN control system are upgraded according to the customer requirements, so as to meet the running requirements of the customer on newly increased personalized services (i.e. non-standard services). Because the SDN controller and the SDN control system are updated with a certain research and development time, timeliness of the updating of the SDN controller and the SDN control system cannot meet timeliness requirements of non-standard business operation of clients. Therefore, in order to ensure that the non-standard service can normally operate before the SDN controller 12 performs development and upgrade (implementing arrangement of non-standard service configuration information), as shown in fig. 1, a method of manually adding device configuration information directly on the network device 13 is generally adopted to manually configure the network device 13 associated with the non-standard service.
Based on the consideration of security and stability of the network system, in an SDN system provided by an operator for its customer, the SDN controller 12 does not accept manual arrangement of service configuration information on the SDN controller 12, nor accept a manner of acquiring device configuration information of the network device 13 from the network device 13 for storage and issuing, so as to avoid network security risks caused by non-compliant network device configuration (such as network device configuration performed by a non-authorized person or account), and avoid network stability risks caused by operation pressure of the SDN controller 12 caused by manual arrangement of service configuration information. Therefore, after the device configuration is performed on the non-standard service related network device by adopting the manual configuration method, the device configuration information of the non-standard service cannot be synchronized into the database of the SDN controller 12. That is, the device configuration information stored in the SDN controller 12 is unsynchronized with the actual device configuration information of the network device from the time of completing manual configuration of the non-standard service-associated network device to the time of the SDN controller issuing the orchestration of the non-standard service completion service configuration information. Since the SDN controller 12 needs to use the stored relevant service configuration information to reset the device configuration information of the corresponding network device during the upgrade process of the SDN controller, such as service change or service delivery. If the service change or the service delivery involves the network device associated with the nonstandard service, after the SDN controller 12 is upgraded, the device configuration information stored in the SDN controller 12 is unsynchronized with the actual device configuration information of the network device, which results in loss of the device configuration information of the unsynchronized nonstandard service, so that the nonstandard service cannot operate normally.
In this regard, the present application proposes a network device configuration method, by acquiring synchronization application information of a network device, and checking configuration rights corresponding to account information in the synchronization application information, if the account information has the configuration rights, sending device configuration information in the synchronization application information to an SDN controller, so as to store the device configuration information in the SDN controller, thereby solving a problem that an upgrade (such as a service change or a service delivery) of the SDN controller results in loss of device configuration information of a non-standard service.
The network device configuration method provided in the present application is described below with reference to some embodiments.
Fig. 2 is an SDN system architecture diagram provided in an embodiment of the present application. As shown in fig. 2, the system includes: the service requirement device 11, the SDN controller 12, the network device 13 and the auditing device 14. The SDN controller 12 is respectively connected with the service demand device 11, the network device 13 and the auditing device 14, and the auditing device 14 is connected with the network device 13. The network device 13 is a network device or a plurality of network devices (such as the network device 1, the network device 2, the network device 3, …, and the network devices n, n are natural numbers shown in fig. 2). The service requirement device 11 may be a service platform of the client side.
The SDN controller 12 acquires service demand information from the service demand device 11 and determines whether the acquired service demand information is service demand information of a standard service or service demand information of a non-standard service.
If the acquired service requirement information is the service requirement information of the standard service, the SDN system performs the following operations:
based on the service requirement information, the SDN controller 12 composes and obtains service configuration information corresponding to the service requirement information. Wherein the service configuration information comprises an identification of at least one network device 13 associated with the service configuration information and device configuration information corresponding to the identification. The SDN controller 12 issues service configuration information to the corresponding network device 13. The network device 13 completes its own device configuration based on the identifier of the network device 13 and the device configuration information corresponding to the identifier.
If the acquired service requirement information is the service requirement information of the nonstandard service, before the SDN controller 12 upgrades to implement the scheduling and issuing of the service configuration information of the nonstandard service, the relevant operation of the SDN system is as follows:
based on the service configuration information of the non-standard service, manual configuration is performed on the network device 13 associated with the non-standard service. The network device 13 sends the synchronization application information to the auditing device 14 after manual configuration is completed. The synchronization application information includes device configuration information manually completed on the network device 13 and account information of the user performing the manual configuration. After the auditing device 14 obtains the synchronization application information of the network device 13, the configuration authority corresponding to the account information is checked, and the auditing device 14 responds to the account information with the configuration authority and sends the device configuration information to the SDN controller 12. The SDN controller 12 stores the device configuration information after receiving it, so as to synchronize the configuration in the SDN controller 12 with the configuration of the network device 13. Synchronization of the configuration in the SDN controller 12 and the configuration of the network device 13 can avoid losing device configuration information of the nonstandard service caused by upgrading (such as service change or service delivery) of the SDN controller 12 in a period from completing device configuration of the nonstandard service associated network device 13 by adopting a manual configuration method to arranging and issuing non-standard service completion service configuration information by the SDN controller 12.
The device configuration information comprises device basic information, a device configuration command and a configuration module attribute to which the device configuration command belongs; device base information includes, but is not limited to, device identification, device loopback address (loopback IP), device name, device model number, device version number; the device configuration command may be a manually configured new configuration command or may be all configuration commands on a configuration module to which the new configuration command belongs; configuration module attributes such as physical interface configuration, logical interface configuration, intermediate system to intermediate system protocol (Intermediate System to Intermediate System, abbreviated as ISIS) configuration, border gateway protocol (Border Gateway Protocol, abbreviated as BGP) configuration, etc.
According to the network device configuration method provided by the embodiment of the application, after the synchronization application information of the network device is obtained, the configuration authority corresponding to the account information in the synchronization application information is checked, and after the account information is checked to have the configuration authority, the device configuration information in the synchronization application information is sent to the SDN controller to be stored, so that the synchronization of the device configuration information in the SDN controller 12 and the device configuration information of the network device 13 is realized. The method provided by the embodiment of the application solves the problem that equipment configuration information of the nonstandard service is lost due to upgrading of the SDN controller in a time period from completing equipment configuration of nonstandard service associated network equipment by adopting a manual configuration method to arranging and issuing of the nonstandard service completion service configuration information by the SDN controller, and ensures stable and normal operation of the nonstandard service.
The method for configuring the network device provided in the present application is described in detail below with reference to fig. 3. Fig. 3 is a flowchart of a network device configuration method provided in an embodiment of the present application. The execution subject of the embodiment shown in fig. 3 is the auditing apparatus 13 in the embodiment shown in fig. 2. As shown in fig. 3, the method is applied to a Software Defined Network (SDN) system; as shown in fig. 2, the SDN system comprises an SDN controller 12, at least one network device 13 and an auditing device 14; the method comprises the following steps:
s301, the auditing equipment acquires synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information includes device configuration information manually completed on the network device and account information of a user performing the manual configuration.
Specifically, the auditing device 14 acquires the synchronization application information of the network device 13; wherein, the synchronization application information is sent by the network device 13 after the network device 13 is manually configured; the synchronization application information includes device configuration information manually completed on the network device 13 and account information of a user performing manual configuration.
S302, checking configuration rights corresponding to account information by the auditing equipment, and sending the equipment configuration information to the SDN controller in response to the account information having the configuration rights.
Specifically, the auditing device 14 checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller 12 in response to the account information having the configuration authority, so that the SDN controller 12 stores the device configuration information conveniently, so as to achieve synchronization of the device configuration information in the SDN controller 12 and the device configuration information of the network device 13.
Optionally, the device configuration information includes a device configuration command; the auditing device 14 compares the user identification code of the account information and the device configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has configuration authority in response to the user identification code and the device configuration command in the corresponding device configuration information belong to the preset authorized manual configuration command set. The auditing device 14 sends device configuration information to the SDN controller 12.
The authorized manual configuration command set comprises the corresponding relation between the user identification code of each account information and the authorized manual configuration command.
Further, after the auditing device 14 determines that the account information has the configuration authority, the auditing device 14 captures actual device configuration information of the network device 13 from the network device 13 based on the device identifier of the network device 13 in the device configuration information, compares the device configuration information with the actual device configuration information, and sends the device configuration information to the SDN controller 12 in response to the fact that the device configuration information contains the device configuration information. Otherwise, if the actual device configuration information does not include or only includes a part of the content in the device configuration information, the auditing device 14 sends alert information to the network device 13 to prompt for correction of the device configuration information in the synchronization application information in response to the actual device configuration information not including or only including a part of the content in the device configuration information.
After the auditing device 14 determines that the account information has the configuration authority, the auditing device 14 captures the actual device configuration information of the network device 13 from the network device 13 and compares the device configuration information in the synchronous application information. The auditing device 14 sends the device configuration information to the SDN controller 12 for storage after determining that the actual device configuration information includes the device configuration information, so that the situation that the device configuration information in the SDN controller 12 is not synchronized with the device configuration information of the network device 13 due to a reporting error of the device configuration information in the synchronization application information can be avoided.
Optionally, after the auditing device 14 checks the configuration authority corresponding to the account information, in response to the account information not having the configuration authority, the auditing device 14 sends application rejection information to the network device 13 to terminate the synchronization application of the network device 13.
Generally, the account information includes an operation authority of the user corresponding to the account, such as at least one of a manual configuration authority and a reference authority. In order to avoid the user who does not have the manual configuration authority from violating the rule to manually configure the network device 13, the auditing device 14 may first check the operation authority corresponding to the account information after receiving the synchronization application information sent by the network device 13.
Optionally, before the auditing device 14 checks the configuration authority corresponding to the account information, the auditing device 14 checks the operation authority of the user corresponding to the account information based on the account information, and in response to the user corresponding to the account information having the manually configured operation authority, checks the configuration authority corresponding to the account information.
Illustratively, the auditing device 14 examines the operational rights of the account information corresponding user based on the set of user rights and the user identification code in the account information to determine whether the account information corresponding user has manually configured operational rights. The user authority set comprises the corresponding relation between the user identification codes of all users and the operation authorities; the operation authority comprises at least one of manual configuration authority and consulting authority.
Optionally, after checking the operation authority of the user corresponding to the account information based on the account information, the auditing device 14 responds to the fact that the user corresponding to the account information does not have the manually configured operation authority, if the user corresponding to the account information only has the reference authority, the auditing device 14 sends application rejection information to the network device 13 to terminate the synchronization application of the network device 13.
The auditing device 14 firstly checks the operation authority of the user corresponding to the account information, and can quickly identify the manual configuration of the illegal network device by the user without the manual configuration operation authority so as to terminate the synchronous application of the network device 13. After checking and determining that the user corresponding to the account information has the manually configured operation authority, the auditing device 14 checks the configuration authority corresponding to the account information by comparing the user identification code of the account information and the device configuration information corresponding to the account information with the preset authorized manual configuration command set, so that the manual configuration operation of the user having the manually configured operation authority can be ensured to be within the authorized manual configuration authority range.
Optionally, after the auditing device 14 sends the device configuration information to the SDN controller 12, the auditing device 14 receives the synchronization confirmation information sent by the SDN controller 12 and sends the synchronization confirmation information to the network device 13. The synchronization confirmation information is sent by the SDN controller 12 after storing the device configuration information sent by the verification device 14. The synchronization confirmation information may include an index code of the device configuration information in the SDN controller 12 database, so as to facilitate the necessary query.
After the network device 13 receives the synchronization confirmation information, that is, the synchronization application characterizing the network device 13 is completed, synchronization between the device configuration information of the network device 13 and the device configuration information in the SDN controller 12 is realized, that is, the device configuration information of the nonstandard service, which is manually configured on the network device 13, is ensured to be lost in a time period before the SDN controller 12 issues the service configuration information of the nonstandard service, so that stable and normal operation of the nonstandard service is ensured without being lost due to upgrading (such as service change or service delivery) of the SDN controller 12.
According to the network device configuration method provided by the embodiment of the application, after the synchronization application information of the network device is obtained, the operation authority of the user corresponding to the account information, the configuration authority corresponding to the account information and the device configuration information are checked, and after the account information is checked to have the configuration authority and the device configuration information for applying synchronization is checked, the device configuration information in the synchronization application information is sent to the SDN controller to be stored, so that the synchronization of the device configuration information in the SDN controller 12 and the device configuration information of the network device 13 is realized. The method provided by the embodiment of the application can quickly identify the manual configuration of the illegal network equipment by the user without the manual configuration operation authority, and timely terminate the synchronous application of the network equipment 13; in addition, the situation that the device configuration information in the SDN controller 12 is not synchronized with the device configuration information of the network device 13 due to the reporting error of the device configuration information in the synchronization application information can be avoided. The method provided by the embodiment of the application solves the problem that equipment configuration information of the nonstandard service is lost due to upgrading of the SDN controller in a time period from completing equipment configuration of nonstandard service associated network equipment by adopting a manual configuration method to arranging and issuing of the nonstandard service completion service configuration information by the SDN controller, and ensures stable and normal operation of the nonstandard service.
The embodiment of the application also provides auditing equipment for network equipment configuration. The auditing device is applied to a Software Defined Network (SDN) system. The SDN system comprises an SDN controller, at least one network device and auditing equipment configured by the network device. Fig. 4 is a schematic diagram of an audit device configured by a network device according to an embodiment of the present application. As shown in fig. 4, the auditing apparatus includes: message processing module 41, audit processing module 42.
The message processing module 41 is configured to obtain synchronization application information of the network device 13. The synchronization application information is sent by the network device 13 after the network device 13 is manually configured; the synchronization application information includes device configuration information manually completed on the network device 13 and account information of a user performing manual configuration.
And an audit processing module 42, configured to check the configuration rights corresponding to the account information, and send the device configuration information to the SDN controller 12 in response to the account information having the configuration rights.
Further, the audit processing module 42 includes a transceiver sub-module 421, a configuration check sub-module 422, and a user check sub-module 423.
The transceiver sub-module 421 is configured to send the synchronization application information to the configuration checking sub-module 422; or, the account information is sent to the user checking sub-module 423, and after receiving the user confirmation information sent by the user checking sub-module 423, the synchronization application information is sent to the configuration checking sub-module 422. The user confirmation information is confirmation information sent after the user checking sub-module 423 checks the operation authority of the user corresponding to the account information and determines that the user corresponding to the account information has the manual configuration operation authority.
A user checking sub-module 423, configured to edit and store a correspondence between a user identifier of each user in the user authority set and an operation authority; and is further configured to check, based on the user permission set and the user identification code in the account information, the operation permission of the user corresponding to the account information sent by the transceiver sub-module 421, and determine whether the operation permission is manually configured for the user corresponding to the account information. Responsive to the account information having manual configuration operation rights for the user, the user check sub-module 423 transmits user confirmation information to the transceiver sub-module 421; in response to the account information corresponding to the user not having manual configuration operation authority, the user checking sub-module 423 transmits user negative information to the transceiving sub-module 421. Wherein editing includes at least one of adding, deleting, altering; the operation authority comprises at least one authority of manual configuration authority and consulting authority.
The configuration checking sub-module 422 is configured to edit and store the correspondence between each user identification code in the authorized manual configuration command set and the authorized manual configuration command. And the device configuration command set is used for comparing the user identification code of the account information and the device configuration information corresponding to the account information with the authorized manual configuration command set to determine whether the device configuration command in the user identification code and the corresponding device configuration information belongs to the authorized manual configuration command set. In response to the user identification code and the corresponding device configuration information that the device configuration command belongs to the authorized manual configuration command set, the configuration checking sub-module 422 sends configuration confirmation information to the transceiver sub-module 421; in response to the user identification code and the corresponding device configuration information, the device configuration command does not belong to the authorized manual configuration command set, the configuration checking sub-module 422 sends configuration denial information to the transceiver sub-module 421;
the transceiver sub-module 421 is further configured to send the configuration confirmation information and the corresponding device configuration information to the SDN controller 12 shown in fig. 2 after receiving the configuration confirmation information sent by the configuration checking sub-module 422, and send the synchronization confirmation information to the network device 13 corresponding to the synchronization confirmation information through the message processing module 41 after receiving the synchronization confirmation information sent by the SDN controller 12.
Optionally, the transceiver sub-module 421 may be further configured to send audit confirmation information to the message processing module 41 after receiving the configuration confirmation information sent by the configuration checking sub-module 422; after receiving the configuration denial information sent by the configuration checking sub-module 422 or the user denial information sent by the user checking sub-module 423, sending application denial information to the message processing module 41 to terminate the synchronization application of the network device 13 as shown in fig. 2;
the message processing module 41 is further configured to send the audit acknowledgement information and the corresponding device configuration information thereof to the SDN controller 12 shown in fig. 2 after receiving the audit acknowledgement information sent by the transceiver sub-module 421, and send the synchronization acknowledgement information to the network device 13 corresponding to the synchronization acknowledgement information after receiving the synchronization acknowledgement information sent by the SDN controller 12; after receiving the application rejection information sent by the transceiver sub-module 421, sending the application rejection information to the network device 13 corresponding to the application rejection information; the synchronization confirmation information is sent after the SDN controller 12 stores the device configuration information sent by the message processing module 41.
Optionally, as shown in fig. 4, the auditing device further includes a device collection module 43.
The device collection module 43 is configured to obtain and store device base information of the network device 13 from the network device 13 shown in fig. 2, so as to facilitate management of the network device 13, and is further configured to grasp actual device configuration information of the network device 13 from the network device 13. Wherein the device base information includes a device identification.
The transceiver sub-module 421 is further configured to send the device configuration information in the synchronization application information to the device collection module 43.
The device collection module 43 is further configured to compare the device configuration information in the synchronization application information with the actual device configuration information corresponding to the device identifier in the device configuration information, and send the grabbing confirmation information to the transceiver sub-module 421 after determining that the actual device configuration information includes the device configuration information of the synchronization application information;
the transceiver sub-module 421 is further configured to send the audit confirmation information to the message processing module 41 after receiving the capture confirmation information sent by the device collection module 43.
The auditing device of the network device configuration provided in the embodiment of the present application has a similar implementation principle and technical effect to those of the embodiment shown in fig. 3, and this embodiment is not described here again.
The embodiment of the application also provides a network equipment configuration auditing device. Fig. 5 is a block diagram of a network device configuration auditing apparatus according to an embodiment of the present application. As shown in fig. 5, the auditing device includes a processor 51 and a memory 52, where the memory 52 stores instructions executable by the processor 51, so that the processor 51 can be used to execute the technical scheme of the above method embodiment, and the implementation principle and technical effect are similar, and the embodiment is not repeated here. It should be understood that the processor 51 may be a central processing unit (in english: central Processing Unit, abbreviated as CPU), or may be other general purpose processors, digital signal processors (in english: digital Signal Processor, abbreviated as DSP), application specific integrated circuits (in english: application Specific Integrated Circuit, abbreviated as ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution. The memory 52 may include a high-speed random access memory (in english: random Access Memory, abbreviated as RAM), and may further include a Non-volatile memory (in english: NVM), such as at least one magnetic disk memory, and may also be a U-disk, a removable hard disk, a read-only memory, a magnetic disk, or an optical disk.
The embodiment of the application also provides a storage medium, wherein computer execution instructions are stored in the storage medium, and when the computer execution instructions are executed by a processor, the network equipment configuration method is realized. The storage medium may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random-Access Memory (SRAM), electrically erasable programmable Read-Only Memory (EEPROM), erasable programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (English: application Specific Integrated Circuits; ASIC). It is also possible that the processor and the storage medium reside as discrete components in an electronic device or a master device.
The embodiments of the present application also provide a program product, such as a computer program, which when executed by a processor implements a network device configuration method covered by the present application.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the essence of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The network equipment configuration method is characterized by being applied to a Software Defined Network (SDN) system, wherein the SDN system comprises an SDN controller, at least one network equipment and auditing equipment; the method comprises the following steps:
the SDN controller acquires service demand information and judges whether the service demand information is the service demand information of standard service or the service demand information of non-standard service;
if the service requirement information is the service requirement information of the nonstandard service, the SDN system performs manual configuration on network equipment associated with the nonstandard service based on the service configuration information of the nonstandard service, and the network equipment sends synchronous application information to the auditing equipment after completing the manual configuration;
the auditing equipment acquires the synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information comprises equipment configuration information which is manually completed on the network equipment and account information of a user executing the manual configuration;
and the auditing equipment checks the configuration authority corresponding to the account information, and sends the equipment configuration information to the SDN controller in response to the account information having the configuration authority.
2. The method of claim 1, wherein the device configuration information comprises a device configuration command;
the auditing device checks the configuration authority corresponding to the account information, and sends the device configuration information to the SDN controller in response to the account information having the configuration authority, including:
the auditing equipment compares the user identification code of the account information and the equipment configuration information corresponding to the account information with a preset authorized manual configuration command set, and determines that the account information has configuration permission in response to the fact that the equipment configuration command in the user identification code and the corresponding equipment configuration information belongs to the preset authorized manual configuration command set;
the auditing equipment sends the equipment configuration information to the SDN controller;
the authorized manual configuration command set comprises the corresponding relation between the user identification code of each account information and the authorized manual configuration command.
3. The method of claim 2, wherein after the auditing device determines that the account information has configuration rights, the method further comprises:
the auditing equipment captures actual equipment configuration information of the network equipment from the network equipment based on equipment identification of the network equipment in the equipment configuration information, compares the equipment configuration information with the actual equipment configuration information, and sends the equipment configuration information to the SDN controller in response to the fact that the actual equipment configuration information contains the equipment configuration information.
4. A method according to any one of claims 1-3, wherein before the auditing device checks the configuration rights corresponding to the account information, the method further comprises:
the auditing equipment checks the operation authority of the user corresponding to the account information based on the account information, and checks the configuration authority corresponding to the account information in response to the manually configured operation authority of the user corresponding to the account information.
5. The method of claim 4, wherein after the auditing device checks the operation rights of the account information for the user based on the account information, the method further comprises:
and responding to the account information, corresponding to the operation authority which is not manually configured by the user, sending application rejection information to the network equipment by the auditing equipment so as to terminate the synchronous application of the network equipment.
6. A method according to any of claims 1-3, wherein after the auditing device checks the configuration rights corresponding to the account information, the method further comprises:
and the auditing equipment sends application rejection information to the network equipment to terminate the synchronous application of the network equipment in response to the account information does not have the configuration authority.
7. A method according to any of claims 1-3, wherein after the auditing device sends the device configuration information to the SDN controller, the method further comprises:
the auditing equipment receives the synchronous confirmation information sent by the SDN controller and sends the synchronous confirmation information to the network equipment; the synchronization confirmation information is sent after the SDN controller stores the device configuration information sent by the auditing device.
8. An auditing device of network device configuration is characterized by being applied to a Software Defined Network (SDN) system, wherein the SDN system comprises an SDN controller, at least one network device and the auditing device; the auditing apparatus includes: the message processing module and the auditing processing module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the SDN controller acquires service demand information and judges whether the service demand information is the service demand information of standard service or the service demand information of non-standard service;
if the service requirement information is the service requirement information of the nonstandard service, the SDN system performs manual configuration on network equipment associated with the nonstandard service based on the service configuration information of the nonstandard service, and the network equipment sends synchronous application information to the auditing equipment after completing the manual configuration;
the message processing module is used for acquiring the synchronous application information of the network equipment; the synchronization application information is sent by the network equipment after the network equipment is manually configured; the synchronization application information comprises equipment configuration information which is manually completed on the network equipment and account information of a user executing the manual configuration;
the auditing processing module is used for checking the configuration permission corresponding to the account information, and sending the equipment configuration information to the SDN controller in response to the account information having the configuration permission.
9. A network device configuration auditing apparatus, comprising:
a processor and a memory;
the memory stores executable instructions executable by the processor;
wherein execution of the executable instructions stored by the memory by the processor causes the processor to perform the method of any one of claims 1-7.
10. A storage medium having stored therein computer-executable instructions which, when executed by a processor, are adapted to carry out the method of any one of claims 1 to 7.
CN202210534405.8A 2022-05-17 2022-05-17 Network equipment configuration method, device and storage medium Active CN114928537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210534405.8A CN114928537B (en) 2022-05-17 2022-05-17 Network equipment configuration method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210534405.8A CN114928537B (en) 2022-05-17 2022-05-17 Network equipment configuration method, device and storage medium

Publications (2)

Publication Number Publication Date
CN114928537A CN114928537A (en) 2022-08-19
CN114928537B true CN114928537B (en) 2023-06-13

Family

ID=82809224

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210534405.8A Active CN114928537B (en) 2022-05-17 2022-05-17 Network equipment configuration method, device and storage medium

Country Status (1)

Country Link
CN (1) CN114928537B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7457870B1 (en) * 2004-02-27 2008-11-25 Packeteer, Inc. Methods, apparatuses and systems facilitating classification of web services network traffic
CN109462502A (en) * 2018-10-30 2019-03-12 新华三技术有限公司合肥分公司 Configuration information saves control method, device and the SDN controller of instruction
CN110457891A (en) * 2019-07-22 2019-11-15 安徽智恒信科技股份有限公司 A kind of authority configuration interface display method, device, terminal and storage medium
CN111327446A (en) * 2018-12-17 2020-06-23 北京华为数字技术有限公司 Configuration data processing method, software defined network device, system and storage medium
CN111510483A (en) * 2020-04-09 2020-08-07 眸芯科技(上海)有限公司 Configuration synchronization system between different network domains in chip test and application
CN114070738A (en) * 2021-09-27 2022-02-18 新华三大数据技术有限公司 Equipment configuration auditing method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11026198B2 (en) * 2019-09-16 2021-06-01 Silicon Valley Bank 5G signals detection using neural network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7457870B1 (en) * 2004-02-27 2008-11-25 Packeteer, Inc. Methods, apparatuses and systems facilitating classification of web services network traffic
CN109462502A (en) * 2018-10-30 2019-03-12 新华三技术有限公司合肥分公司 Configuration information saves control method, device and the SDN controller of instruction
CN111327446A (en) * 2018-12-17 2020-06-23 北京华为数字技术有限公司 Configuration data processing method, software defined network device, system and storage medium
CN110457891A (en) * 2019-07-22 2019-11-15 安徽智恒信科技股份有限公司 A kind of authority configuration interface display method, device, terminal and storage medium
CN111510483A (en) * 2020-04-09 2020-08-07 眸芯科技(上海)有限公司 Configuration synchronization system between different network domains in chip test and application
CN114070738A (en) * 2021-09-27 2022-02-18 新华三大数据技术有限公司 Equipment configuration auditing method and device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SDN-based architecture to support Synchroization in a 5G framework;Paola Lovanna,Stefano Ruffini;2016 IEEE ISPCS;全文 *
基于Android终端的用户信息同步平台设计与实现;郑金光;信息科技;全文 *
基于W935XX的2.4G数字无绳软件***的构建;秦昌江;中国优秀硕士学位论文数据库;全文 *

Also Published As

Publication number Publication date
CN114928537A (en) 2022-08-19

Similar Documents

Publication Publication Date Title
USRE49585E1 (en) Certificate based profile confirmation
JP5516821B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication
EP3564808B1 (en) Data configuration method and data configuration apparatus
CN100499652C (en) Communication apparatus and authentication apparatus and method, and operation method
CN107111510B (en) Method and device for operating VNF packet
WO2020119729A1 (en) Base station starting method and apparatus, and computer storage medium and device
WO2022142153A1 (en) Electricity meter upgrading method and system, smart meter, and storage medium
CN111414612A (en) Security protection method and device for operating system mirror image and electronic equipment
CN114928537B (en) Network equipment configuration method, device and storage medium
WO2020169005A1 (en) Access control
CN112286574A (en) Method and device for counting application program versions, terminal equipment and storage medium
CN111935260A (en) Account synchronization method and device, electronic equipment and storage medium
CN111786995A (en) Account password management method, management middleware, system, equipment and storage medium
CN112953951B (en) User login verification and security detection method and system based on domestic CPU
CN114048443A (en) User identity verification method and device and computer storage medium
CN116614323B (en) Cloud storage enterprise network management method and system based on Rclone
CN116506224B (en) File uploading method and device, computer equipment and storage medium
CN117857333A (en) Terminal network equipment zero contact configuration method based on Internet of things card Ukey
CN116055106A (en) Method and system for unified management of login rights
CN115604602A (en) Service opening method, network element management equipment and storage medium
US20120317298A1 (en) Scripting environment for network device
CN115455401A (en) Management method and management device for out-of-band equipment, electronic equipment and storage medium
CN118019002A (en) Method, device, equipment and storage medium for remotely accessing campus network
CN116401721A (en) Data processing method, system, equipment and storage medium
CN117725564A (en) Software management method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant