WO2014023245A1 - Flow prediction method and system and flow monitoring method and system - Google Patents

Flow prediction method and system and flow monitoring method and system Download PDF

Info

Publication number
WO2014023245A1
WO2014023245A1 PCT/CN2013/081072 CN2013081072W WO2014023245A1 WO 2014023245 A1 WO2014023245 A1 WO 2014023245A1 CN 2013081072 W CN2013081072 W CN 2013081072W WO 2014023245 A1 WO2014023245 A1 WO 2014023245A1
Authority
WO
WIPO (PCT)
Prior art keywords
traffic
application service
flow
target application
time
Prior art date
Application number
PCT/CN2013/081072
Other languages
French (fr)
Chinese (zh)
Inventor
陆钱春
范书田
黄传冠
张祖红
丁柏
唐兵兵
刘万慧
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2014023245A1 publication Critical patent/WO2014023245A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5019Ensuring fulfilment of SLA
    • H04L41/5025Ensuring fulfilment of SLA by proactively reacting to service quality change, e.g. by reconfiguration after service quality degradation or upgrade
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a traffic prediction method, system, and traffic monitoring method and system. Background technique
  • the network bearer capability and the scale of the applied services have always been complementary.
  • the network construction will provide an effective implementation platform for the promotion of new application technologies.
  • the application services will also be present as their system development needs.
  • Some networks have put forward higher resource requirements, thus pushing the network infrastructure into a new construction cycle. Then how to clearly and accurately match the application service with the resources (such as bandwidth) occupied by the application service, how to ensure that the limited resources can be properly applied to the main profit business is a problem to be solved.
  • Flow technology represented by network traffic (NetFlow) and Sflow, is a new solution to this challenge.
  • Flow records provide traditional information such as Simple Network Management Protocol (SNMP) and MIB. It includes at least the following fields: Internet Protocol (IP, Internet Protocol) address, destination IP address, source port, destination port, IP layer protocol type, top of the stack (ToS, Top of the Stack) service type, input physical port, Many of the other field fields we care about can be derived from these fields, such as various applications, application bandwidth, and so on.
  • IP Internet Protocol
  • ToS Top of the Stack
  • current traffic detection methods can only predict traffic for a single application, and the scope of application is narrow.
  • it is usually based on certain assumptions, or correlation coefficients, etc. These assumptions or coefficients will affect To the accuracy of the forecast. Summary of the invention
  • Embodiments of the present invention provide a traffic prediction method, system, and traffic monitoring method and system.
  • the embodiment of the present invention adopts the following technical solution.
  • the embodiment of the present invention provides a traffic prediction method, including:
  • collecting the target application service traffic information specifically includes:
  • the standard traffic data for setting the target application service specifically includes:
  • the target application service includes an average value of the flow rate corresponding to each preset time period; wherein the time range includes a plurality of preset time segments, and the preset time segment includes at least one of the time steps Long
  • the standard flow data is determined according to the average value corresponding to each preset time period.
  • predicting traffic information of the target application service according to the standard traffic data specifically includes:
  • the target application service includes at least one application service.
  • the traffic prediction method further includes: if the target application service includes multiple application services, at least two of the multiple application services correspond to different application protocols.
  • the embodiment of the invention further provides a traffic monitoring method, the method comprising:
  • comparing the predicted traffic information with the set traffic range specifically includes:
  • the flow range includes a plurality of different levels of flow ranges, each of the different levels of flow ranges corresponding to an alarm level.
  • performing an alarm action comprises: comparing the monitored flow rate with a set different flow rate range, and performing different alarm levels according to the comparison result.
  • An embodiment of the present invention provides a traffic prediction system, where the system includes: a traffic collection module, a standard data module, and a traffic prediction module;
  • a traffic collection module configured to collect target application service traffic information, and send the traffic information to a standard data module
  • a standard data module configured to: formulate standard traffic data of the application service according to the traffic information, and send the standard traffic data to a traffic prediction module;
  • the traffic prediction module is configured to predict traffic information of the application service according to the standard traffic data.
  • the traffic collection module is configured to set a time range for performing traffic collection on the target application service; determining a time step of the traffic collection in the time range; and performing the time step in the time range Collecting traffic data of the application service.
  • the standard data module is configured to determine that the target application service includes an average value of flow rates corresponding to each preset time period in the time range; the time range includes multiple presets. The time period, the preset time period includes at least one of the time steps; and the standard flow data is determined according to an average value corresponding to each preset time period.
  • the traffic prediction module is configured to construct a function of the target application service traffic according to the time according to the standard traffic data, and obtain predicted traffic information of the target application service according to the function.
  • the embodiment of the present invention further provides a traffic monitoring system, where the system includes: one or more traffic prediction systems, an alarm module, and a processing module;
  • the traffic prediction system is configured to predict traffic information occupied by the target application service within a set time, and send the predicted traffic information to the alarm module.
  • a processing module configured to compare the predicted traffic information with the set traffic range, and send the comparison result to the alarm module
  • the alarm module is configured to determine, according to the comparison result, whether the traffic information of the target application service in the set time is normal; if the traffic information is not in the traffic range, perform an alarm action.
  • the processing module is configured to monitor traffic occupied by the target application service in the set time; and determine an alarm level corresponding to the target service according to the traffic range;
  • the flow range includes a plurality of different levels of flow ranges, each of the different levels of flow ranges corresponding to an alarm level.
  • the alarm module is configured to compare the monitored flow rate with a set of different levels of flow ranges, and perform different alarm levels according to the comparison result.
  • the embodiments of the present invention provide a traffic prediction method, system, and traffic monitoring method and system, which can effectively prevent missed detection and error detection by performing traffic prediction on various applications and bandwidths supported by multiple protocols (NetFlow, sflow). It can monitor network anomalies more accurately and in real time, analyze resource utilization, and ensure network resources are detected in time to ensure that limited resources can be reasonably addressed. It is helpful to reduce the economic loss and increase profits by using the main profit business.
  • FIG. 1 is a schematic structural diagram 1 of an embodiment of a traffic prediction system according to the present invention.
  • FIG. 2 is a flowchart 1 of an embodiment of a traffic prediction method according to the present invention.
  • FIG. 3 is a schematic structural view 2 of an embodiment of a flow monitoring system according to the present invention.
  • FIG. 4 is a second flowchart of an embodiment of a traffic monitoring method according to the present invention.
  • FIG. 5 is a schematic diagram of a traffic monitoring grading alarm according to the present invention detailed description
  • the method includes: a traffic collection module, a standard data module, and a traffic prediction module; wherein, the traffic collection module is configured as an acquisition target Applying service traffic information, and transmitting the traffic information to a standard data module;
  • a standard data module configured to: according to the traffic information sent by the traffic collection module, formulate standard traffic data of the application service, and send the standard traffic data to a traffic prediction module;
  • the traffic prediction module is configured to predict a traffic prediction module of the traffic information of the application service according to the standard traffic data.
  • FIG. 2 is a flowchart of a traffic prediction method according to an embodiment of the present invention.
  • the method includes at least the following steps: collecting target application service traffic information; collecting information about traffic currently occupied by the target application service; and formulating the location according to the traffic information Determining the standard traffic data of the target application service; and predicting the traffic information of the target application service according to the standard traffic data.
  • the collecting target application service flow information includes: setting a time range for performing traffic collection on the target application service; determining a time for collecting the traffic within the time range. Step size; collecting the traffic data of the target application service according to the time step in the time range.
  • the time range refers to: an overall time span in the traffic collection; the time step refers to: how often the target application service traffic is collected in the time range of the traffic collection, that is, Collect traffic within each time step.
  • the time range and the time step can be formulated according to different schemes.
  • the determining the standard traffic data of the target application service includes: determining an average value of the flow rate corresponding to each preset time period of the target application service in the time range;
  • the time range includes a plurality of preset time segments, the preset time segments include at least one of the time steps, and the standard flow data is determined according to an average value corresponding to the preset time segments.
  • the division of the time period is not specifically limited, and may be divided according to actual application conditions. These averages and corresponding time periods are then constructed as flow baselines as standard flow data.
  • predicting the traffic information of the target application service according to the standard traffic data includes: constructing, according to the standard traffic data, a function of the target application service traffic according to a time change, and predicting, according to the function, the target application service Traffic information.
  • the average value of each time period obtained may be used as a point, and the points are interpolated, and the interpolation process is performed to obtain a function relationship between the flow rate and the time, so that The flow rate of the target application service can be predicted at any time, and the flow rate corresponding to the time can also be obtained according to the flow rate.
  • the target application service may be a single application or an application group composed of multiple applications. If the target application service includes multiple application services, that is, application groups, then at least two protocols support the application group.
  • the time range includes: at least one of 1 hour, 6 hours, 12 hours, 24 hours, one week, one month, and one year. It should be noted that the time range herein may be set according to different application service objects, and is not limited to the listed ones. The listed time ranges are only possible in the technical solution of the embodiment of the present invention. Several time ranges that are commonly used.
  • each application or application group can be determined according to various information included in the packet. The following is used as an example.
  • bandwidth traffic / time, so that the traffic of the application at each moment is recorded, and then the application or application group is aggregated and calculated, that is, the original data is obtained.
  • the time frame which depends on the time range of the traffic statistics and the step size of the record.
  • Equation 1 It can be seen from Equation 1 that this is a preset time step, so once the time range is clear, t is clear ; therefore, we only need to pay attention to the flow value of each time period recorded, here, Each 6 time steps is taken as a time period.
  • the baseline can be said to be the fitting of the empirical data. In this example, 60 baseline values are taken. Of course, the number of baseline values can be selected according to the actual situation. In fact, the flow rate can be roughly seen through the distribution of baseline values. The change can also roughly describe the flow trend graph.
  • the above method for obtaining the baseline value is a superior method, and the flow data in the 360 corresponding time steps recorded can be directly divided by the corresponding time step to obtain 360 flow rate data, and from the 360 flow rates.
  • Several of the data are selected as baseline values.
  • the baseline gives only empirical data for each time period. For more accurate flow trend predictions, baselines are needed for further statistics and analysis.
  • FIG. 3 is a schematic structural diagram of an embodiment of a traffic monitoring system according to an embodiment of the present invention.
  • the system includes at least: one or more traffic prediction systems, an alarm module, and a processing module;
  • the traffic prediction system is configured to predict a traffic value occupied by the target application service within a set time, and send the predicted traffic value to the alarm module;
  • the processing module is configured to compare the predicted traffic value with the set traffic range, and send the comparison result to the alarm module;
  • the alarm module is configured to determine, according to the comparison result, whether the traffic value of the target application service within the set time is normal; if the traffic value is not within the traffic range, perform an alarm action.
  • FIG. 4 is a flowchart of an embodiment of a traffic monitoring method according to an embodiment of the present invention, which includes at least a method for predicting traffic of a target application service in a set time according to an embodiment of the present invention; Comparing the predicted traffic information with the set traffic range; determining, according to the comparison result, the traffic information of the target application service within the set time Whether the information is normal; if the flow information is not within the flow range, an alarm action is performed.
  • comparing the predicted traffic information with the set traffic range includes: monitoring, by the target application service, traffic occupied by the set time; The range determines an alarm level corresponding to the target service;
  • the flow range includes a plurality of different levels of flow ranges, and the different levels of flow ranges each correspond to an alarm level.
  • performing an alarm action specifically includes: comparing the monitored flow rate with a set flow rate range, and performing different alarm levels according to the comparison result. .
  • the traffic in any time period is first predicted.
  • the flow for any period of time can be obtained by integrating the flow rate in the interval. For example, the flow rate L(a,b) from time point a to time point b is
  • the abnormality is monitored, and the flow calculated by the current statistical flow and the statistical analysis of the empirical data (ie, type 5) is simply processed, and the system provides the function of configuring the upper and lower limits of the flow, thereby more freely controlling the flow.
  • the abnormal traffic dynamic monitoring process for various applications and application groups under multi-protocol support can be seen in Figure 5.
  • the dynamic time channel is regularly and time-limited.
  • the current traffic collected in real time is time-transformed, and the current time is set to the position on the regular time period.
  • a hierarchical monitoring traffic range is established on the dynamic time channel, and different traffic ranges represent different alarm levels. When the preset traffic range exceeds the normal situation, or exceeds the normal situation, the corresponding alarm is executed.
  • the comparison behavior should be performed within a minimum alignment time range, ie, the time step. It can effectively avoid misdetection and missed measurement, and can improve the accuracy of monitoring.
  • the monitoring reference points move on the channel, update the monitoring basis, complete the comparison of current traffic and future speculation, to achieve the effect of monitoring abnormal traffic.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Quality & Reliability (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a flow prediction method and system and a flow monitoring method and system. Information about the flow occupied currently by a target application service is collected; according to the information about the flow, standard flow data of the target application service is established; and according to the standard flow data, flow information about the target application service is predicted. The present invention can be used to monitor an abnormal flow for various applications, bandwidths and the like in real time using a dynamic baseline channel, can effectively avoid the phenomena of missed detection and false drop, and can monitor abnormal network conditions in a more accurate and real-time manner, analyze the resource utilization situation, issue a hierarchical alarm in advance, and provide strong help for finding a network fault in time, ensuring that limited resources can be applied to a main profitable service reasonably, reducing economic losses and increasing the gains.

Description

一种流量预测方法、 ***及流量监测方法、 *** 技术领域  Traffic prediction method, system and flow monitoring method and system
本发明涉及通信技术领域, 尤其涉及一种流量预测方法、 ***及流量 监测方法、 ***。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a traffic prediction method, system, and traffic monitoring method and system. Background technique
网络承载能力与所提供的应用业务规模向来都是相辅相成的, 一方面 网络的建设将给新应用技术的推广提供有效的实施平台, 另一方面应用业 务也会随着自身***发展需要而对现有网络提出更高的资源需求, 从而推 动网络基础建设进入新的建设周期。 那么如何把应用业务与其所占用的资 源 (如带宽) 清晰、 准确的对应起来, 如何保证有限的资源能够被合理应 用的到主要利润业务中是待解决的问题。  The network bearer capability and the scale of the applied services have always been complementary. On the one hand, the network construction will provide an effective implementation platform for the promotion of new application technologies. On the other hand, the application services will also be present as their system development needs. Some networks have put forward higher resource requirements, thus pushing the network infrastructure into a new construction cycle. Then how to clearly and accurately match the application service with the resources (such as bandwidth) occupied by the application service, how to ensure that the limited resources can be properly applied to the main profit business is a problem to be solved.
以网络流量(NetFlow )和 Sflow为代表的 Flow技术, 正是为响应这 种挑战而出现的新型解决途径。 Flow记录能够提供传统简单网络管理协议 ( SNMP, Simple Network Management Protocol )、 MIB无法比拟的丰富信 息。 它至少包括以下几个字段: 互联网协议 ( IP, Internet Protocol )地址、 目的 IP地址、 源端口、 目的端口、 IP层协议类型、 堆栈顶部( ToS, Top of the Stack )服务类型、 输入物理端口, 由这些字段可以衍生出的很多其他我 们关心的栏位字段, 如各种应用、 应用的带宽等等。 而目前流量的检测方 法只能对单一的应用进行流量预测, 适用的范围较窄; 同时, 在流量预测 的过程中通常都是基于一定的假设, 或相关系数等等, 这些假设或系数会 影响到预测的准确性。 发明内容  Flow technology, represented by network traffic (NetFlow) and Sflow, is a new solution to this challenge. Flow records provide traditional information such as Simple Network Management Protocol (SNMP) and MIB. It includes at least the following fields: Internet Protocol (IP, Internet Protocol) address, destination IP address, source port, destination port, IP layer protocol type, top of the stack (ToS, Top of the Stack) service type, input physical port, Many of the other field fields we care about can be derived from these fields, such as various applications, application bandwidth, and so on. However, current traffic detection methods can only predict traffic for a single application, and the scope of application is narrow. At the same time, in the process of traffic prediction, it is usually based on certain assumptions, or correlation coefficients, etc. These assumptions or coefficients will affect To the accuracy of the forecast. Summary of the invention
本发明实施例提供一种流量预测方法、 ***及流量监测方法、 ***。 为了解决上述技术问题, 本发明实施例采用了如下技术方案, 本发明 实施例提供一种流量预测方法, 包括: Embodiments of the present invention provide a traffic prediction method, system, and traffic monitoring method and system. In order to solve the above technical problem, the embodiment of the present invention adopts the following technical solution. The embodiment of the present invention provides a traffic prediction method, including:
采集目标应用业务当前所占用流量的信息;  Collecting information about the traffic currently occupied by the target application service;
才艮据所述流量信息, 制定所述目标应用业务的标准流量数据; 才艮据所述标准流量数据, 预测所述目标应用业务的流量信息。  And formulating standard traffic data of the target application service according to the traffic information; and predicting traffic information of the target application service according to the standard traffic data.
优选地, 采集目标应用业务流量信息具体包括:  Preferably, collecting the target application service traffic information specifically includes:
设定对目标应用业务进行流量采集的时间范围;  Setting a time range for performing traffic collection on the target application service;
确定在所述时间范围内流量采集的时间步长;  Determining a time step of traffic collection over the time range;
在所述时间范围内按照所述时间步长采集所述应用业务的流量数据。 优选地, 制定目标应用业务的标准流量数据具体包括:  Collecting traffic data of the application service according to the time step in the time range. Preferably, the standard traffic data for setting the target application service specifically includes:
确定所述目标应用业务在所述时间范围包括各预设时间段对应的流速 平均值; 其中, 所述时间范围包括多个预设时间段, 所述预设时间段包括 至少一个所述时间步长;  Determining, in the time range, that the target application service includes an average value of the flow rate corresponding to each preset time period; wherein the time range includes a plurality of preset time segments, and the preset time segment includes at least one of the time steps Long
根据所述各预设时间段对应的平均值确定标准流量数据。  The standard flow data is determined according to the average value corresponding to each preset time period.
优选地, 根据所述标准流量数据预测目标应用业务的流量信息具体包 括:  Preferably, predicting traffic information of the target application service according to the standard traffic data specifically includes:
根据所述标准流量数据构建目标应用业务流量根据时间变化的函数, 才艮据所述函数预测得到所述目标应用业务的流量信息。  And constructing a function of the target application service traffic according to the time according to the standard traffic data, and predicting, according to the function, the traffic information of the target application service.
优选地, 目标应用业务包括至少一个应用业务。  Preferably, the target application service includes at least one application service.
优选地, 所述流量预测方法还包括: 若所述目标应用业务包括多个应 用业务时, 所述多个应用业务中至少有两个对应不同的应用协议。  Preferably, the traffic prediction method further includes: if the target application service includes multiple application services, at least two of the multiple application services correspond to different application protocols.
本发明实施例还提供一种流量监测方法, 该方法包括:  The embodiment of the invention further provides a traffic monitoring method, the method comprising:
按照上述对流量预测方法预测设定时间内目标应用业务所占用的流量 信息;  Predicting the traffic information occupied by the target application service within the set time according to the foregoing traffic prediction method;
将预测得到的所述流量信息和设定的流量范围进行比较; 根据比较结果判断所述目标应用业务在所述设定时间内的流量信息是 否正常; Comparing the predicted flow information with a set flow range; Determining, according to the comparison result, whether the traffic information of the target application service in the set time is normal;
若所述流量信息不在所述流量范围内, 则执行报警动作。  If the flow information is not within the flow range, an alarm action is performed.
优选地, 将预测得到的所述流量信息和设定的流量范围进行比较具体 包括:  Preferably, comparing the predicted traffic information with the set traffic range specifically includes:
对所述目标应用业务在所述设定时间内所占用的流量进行监测;; 根据 所述流量范围确定所述目标业务对应的报警等级;  And monitoring the traffic occupied by the target application service in the set time; determining an alarm level corresponding to the target service according to the traffic range;
所述流量范围包括多个不同等级的流量范围, 所述不同等级的流量范 围各自对应一种报警等级。  The flow range includes a plurality of different levels of flow ranges, each of the different levels of flow ranges corresponding to an alarm level.
优选地, 若所述流量值不在所述流量范围内, 则执行报警动作包括: 根据监测到的流量与设定不同等级的流量范围进行比较, 并根据比较结果 执行不同报警等级。  Preferably, if the flow rate value is not within the flow rate range, performing an alarm action comprises: comparing the monitored flow rate with a set different flow rate range, and performing different alarm levels according to the comparison result.
本发明实施例提供了一种流量预测***, 该***包括: 流量采集模块、 标准数据模块和流量预测模块; 其中,  An embodiment of the present invention provides a traffic prediction system, where the system includes: a traffic collection module, a standard data module, and a traffic prediction module;
流量采集模块, 配置为采集目标应用业务流量信息, 并将所述流量信 息发送至标准数据模块;  a traffic collection module, configured to collect target application service traffic information, and send the traffic information to a standard data module;
标准数据模块, 配置为根据所述流量信息, 制定所述应用业务的标准 流量数据, 并将所述标准流量数据发送至流量预测模块;  a standard data module, configured to: formulate standard traffic data of the application service according to the traffic information, and send the standard traffic data to a traffic prediction module;
流量预测模块, 配置为根据所述标准流量数据预测所述应用业务的流 量信息。  The traffic prediction module is configured to predict traffic information of the application service according to the standard traffic data.
优选地, 所述流量采集模块, 配置为设定对目标应用业务进行流量采 集的时间范围; 确定在所述时间范围内流量采集的时间步长; 在所述时间 范围内按照所述时间步长采集所述应用业务的流量数据。  Preferably, the traffic collection module is configured to set a time range for performing traffic collection on the target application service; determining a time step of the traffic collection in the time range; and performing the time step in the time range Collecting traffic data of the application service.
优选地, 所述标准数据模块, 配置为确定所述目标应用业务在所述时 间范围包括各预设时间段对应的流速平均值; 所述时间范围包括多个预设 时间段, 所述预设时间段包括至少一个所述时间步长; 根据所述各预设时 间段对应的平均值确定标准流量数据。 Preferably, the standard data module is configured to determine that the target application service includes an average value of flow rates corresponding to each preset time period in the time range; the time range includes multiple presets. The time period, the preset time period includes at least one of the time steps; and the standard flow data is determined according to an average value corresponding to each preset time period.
优选地, 所述流量预测模块, 配置为根据所述标准流量数据构建目标 应用业务流量根据时间变化的函数, 根据所述函数得到所述目标应用业务 的预测流量信息。  Preferably, the traffic prediction module is configured to construct a function of the target application service traffic according to the time according to the standard traffic data, and obtain predicted traffic information of the target application service according to the function.
本发明实施例还提供了一种流量监测***, 该***包括: 一个或多个 流量预测***、 告警模块和处理模块; 其中,  The embodiment of the present invention further provides a traffic monitoring system, where the system includes: one or more traffic prediction systems, an alarm module, and a processing module;
上述流量预测***, 配置为预测在设定时间内目标应用业务所占用的 流量信息, 并将预测到的流量信息发送至告警模块;  The traffic prediction system is configured to predict traffic information occupied by the target application service within a set time, and send the predicted traffic information to the alarm module.
处理模块, 配置为将预测得到的所述流量信息和设定的流量范围进行 比较, 并将比较结果发送至告警模块;  a processing module, configured to compare the predicted traffic information with the set traffic range, and send the comparison result to the alarm module;
告警模块, 配置为根据比较结果判断所述目标应用业务在所述设定时 间内的流量信息是否正常; 若所述流量信息不在所述流量范围内, 则执行 报警动作。  The alarm module is configured to determine, according to the comparison result, whether the traffic information of the target application service in the set time is normal; if the traffic information is not in the traffic range, perform an alarm action.
优选地, 所述处理模块, 配置为对所述目标应用业务在所述设定时间 内所占用的流量进行监测; 根据所述流量范围确定所述目标业务对应的报 警等级;  Preferably, the processing module is configured to monitor traffic occupied by the target application service in the set time; and determine an alarm level corresponding to the target service according to the traffic range;
所述流量范围包括多个不同等级的流量范围, 所述不同等级的流量范 围各自对应一种报警等级。  The flow range includes a plurality of different levels of flow ranges, each of the different levels of flow ranges corresponding to an alarm level.
优选地, 所述告警模块, 配置为根据监测到的流量与设定不同等级的 流量范围进行比较, 并根据比较结果执行不同报警等级。  Preferably, the alarm module is configured to compare the monitored flow rate with a set of different levels of flow ranges, and perform different alarm levels according to the comparison result.
本发明实施例提供一种流量预测方法、 ***及流量监测方法、 ***, 通过对多协议 (NetFlow, sflow)支持下的各种应用、 带宽等进行流量预测, 能有效避免漏检、 错检现象, 可以更准确、 实时地监测到网络异常状况, 分析资源利用情况, 为及时发现网络故障、 保证有限的资源能够被合理应 用的到主要利润业务, 减少经济损失、 增加收益提供有力帮助。 附图说明 The embodiments of the present invention provide a traffic prediction method, system, and traffic monitoring method and system, which can effectively prevent missed detection and error detection by performing traffic prediction on various applications and bandwidths supported by multiple protocols (NetFlow, sflow). It can monitor network anomalies more accurately and in real time, analyze resource utilization, and ensure network resources are detected in time to ensure that limited resources can be reasonably addressed. It is helpful to reduce the economic loss and increase profits by using the main profit business. DRAWINGS
图 1为本发明流量预测***的一实施例的结构示意图一;  1 is a schematic structural diagram 1 of an embodiment of a traffic prediction system according to the present invention;
图 2为本发明流量预测方法的一实施例的流程图一;  2 is a flowchart 1 of an embodiment of a traffic prediction method according to the present invention;
图 3为本发明流量监测***的一实施例的结构示意图二;  3 is a schematic structural view 2 of an embodiment of a flow monitoring system according to the present invention;
图 4为本发明流量监测方法的一实施例的流程图二;  4 is a second flowchart of an embodiment of a traffic monitoring method according to the present invention;
图 5为本发明流量监测分级告警示意图。 具体实施方式  FIG. 5 is a schematic diagram of a traffic monitoring grading alarm according to the present invention detailed description
下面结合附图, 对本发明的具体实施方式作进一步的详细说明。  The specific embodiments of the present invention are further described in detail below with reference to the accompanying drawings.
本发明实施例流量预测***如图 1 所示, 在本发明流量预测***的一 种实施例中, 包括: 流量采集模块、 标准数据模块和流量预测模块; 其中, 流量采集模块, 配置为采集目标应用业务流量信息, 并将所述流量信 息发送至标准数据模块;  The traffic prediction system of the embodiment of the present invention is shown in FIG. 1. In an embodiment of the traffic prediction system of the present invention, the method includes: a traffic collection module, a standard data module, and a traffic prediction module; wherein, the traffic collection module is configured as an acquisition target Applying service traffic information, and transmitting the traffic information to a standard data module;
标准数据模块, 配置为根据流量采集模块发来的所述流量信息, 制定 所述应用业务的标准流量数据, 并将所述标准流量数据发送至流量预测模 块;  a standard data module, configured to: according to the traffic information sent by the traffic collection module, formulate standard traffic data of the application service, and send the standard traffic data to a traffic prediction module;
流量预测模块, 配置为根据所述标准流量数据预测所述应用业务的流 量信息的流量预测模块。  The traffic prediction module is configured to predict a traffic prediction module of the traffic information of the application service according to the standard traffic data.
如图 2所示为本发明实施例流量预测方法的流程图, 该方法至少包括 以下步骤: 采集目标应用业务流量信息; 采集目标应用业务当前所占用流 量的信息; 根据所述流量信息, 制定所述目标应用业务的标准流量数据; 才艮据所述标准流量数据, 预测所述目标应用业务的流量信息。  FIG. 2 is a flowchart of a traffic prediction method according to an embodiment of the present invention. The method includes at least the following steps: collecting target application service traffic information; collecting information about traffic currently occupied by the target application service; and formulating the location according to the traffic information Determining the standard traffic data of the target application service; and predicting the traffic information of the target application service according to the standard traffic data.
在一实施例中, 所述采集目标应用业务流量信息包括: 设定对目标应 用业务进行流量采集的时间范围; 确定在所述时间范围内流量采集的时间 步长; 在所述时间范围内按照所述时间步长, 采集所述目标应用业务的流 量数据。 In an embodiment, the collecting target application service flow information includes: setting a time range for performing traffic collection on the target application service; determining a time for collecting the traffic within the time range. Step size; collecting the traffic data of the target application service according to the time step in the time range.
具体地, 所述时间范围是指: 在流量采集中的总体时间跨度; 所述时间步长是指: 在流量采集的时间范围内每隔多长时间进行一次 目标应用业务流量的采集, 也就是采集每个时间步长内的流量。 此处, 所 述时间范围和所述时间步长可以才艮据不同的方案进行制定。  Specifically, the time range refers to: an overall time span in the traffic collection; the time step refers to: how often the target application service traffic is collected in the time range of the traffic collection, that is, Collect traffic within each time step. Here, the time range and the time step can be formulated according to different schemes.
在一实施例中, 所述制定目标应用业务的标准流量数据包括: 确定所 述目标应用业务在所述时间范围各个预设时间段对应的流速平均值;  In an embodiment, the determining the standard traffic data of the target application service includes: determining an average value of the flow rate corresponding to each preset time period of the target application service in the time range;
其中, 所述时间范围包括多个预设时间段, 所述预设时间段包括至少 一个所述时间步长; 根据所述各预设时间段对应的平均值确定标准流量数 据。  The time range includes a plurality of preset time segments, the preset time segments include at least one of the time steps, and the standard flow data is determined according to an average value corresponding to the preset time segments.
具体地, 对标准流量数据的制定, 需要在预先确定的时间范围内划分 时间段, 也就是确定要获取多少个流速值, 每个时间段对应一个流速值。 所以对时间段的划分没有具体限定, 可以根据实际中的应用情况进行划分。 然后将这些平均值和对应的时间段构建成流量基线, 作为标准流量数据。  Specifically, for the formulation of the standard flow data, it is necessary to divide the time period within a predetermined time range, that is, determine how many flow rate values are to be acquired, and each time period corresponds to one flow rate value. Therefore, the division of the time period is not specifically limited, and may be divided according to actual application conditions. These averages and corresponding time periods are then constructed as flow baselines as standard flow data.
在一实施例中, 根据所述标准流量数据预测目标应用业务的流量信息 包括: 根据所述标准流量数据, 构建目标应用业务流量根据时间变化的函 数, 根据所述函数预测得到所述目标应用业务的流量信息。  In an embodiment, predicting the traffic information of the target application service according to the standard traffic data includes: constructing, according to the standard traffic data, a function of the target application service traffic according to a time change, and predicting, according to the function, the target application service Traffic information.
具体地, 在此实施例中, 可以根据所得到的各个时间段的平均值, 作 为一个个的点, 并对这些点进行插值处理, 插值处理后获得流速和时间之 间的函数关系, 这样便可对目标应用业务的任意时间的流速进行预测, 同 样根据流速的大小也能获得对应时间的流量大小。  Specifically, in this embodiment, the average value of each time period obtained may be used as a point, and the points are interpolated, and the interpolation process is performed to obtain a function relationship between the flow rate and the time, so that The flow rate of the target application service can be predicted at any time, and the flow rate corresponding to the time can also be obtained according to the flow rate.
在一种实施例中, 所述目标应用业务可以是单一的应用, 也可以是多 个应用组成的应用组。 如果目标应用业务包括多个应用业务, 也就是应用 组时, 那么至少有两个协议支持该应用组。 在一实施例中, 时间范围包括: 1小时、 6小时、 12小时、 24小时、 一周、 一个月、 一年中的至少一种。 需要说明的是此处的时间范围可以根 据在应用业务对象的不同而进行设定, 并不仅限于所列出的几种, 所列出 的几种时间范围只是在本发明实施例技术方案中可能常用到的几种时间范 围。 In an embodiment, the target application service may be a single application or an application group composed of multiple applications. If the target application service includes multiple application services, that is, application groups, then at least two protocols support the application group. In an embodiment, the time range includes: at least one of 1 hour, 6 hours, 12 hours, 24 hours, one week, one month, and one year. It should be noted that the time range herein may be set according to different application service objects, and is not limited to the listed ones. The listed time ranges are only possible in the technical solution of the embodiment of the present invention. Several time ranges that are commonly used.
下面结合上述多种实施例, 并具体举例进行进一步说明, 需要说明的 是下述中的说明只是一种举例, 本发明技术方案并不仅限于此。  In the following, in combination with the above various embodiments, and further specific examples, it is to be noted that the following description is only an example, and the technical solution of the present invention is not limited thereto.
NetFlow, SFlow报文中并没有应用字段, 但根据报文中包括的各种信 息可以确定出各应用或应用组, 以下以其中一种方式为例进行说明, 例如: 报文中包括端口与协议字段, 由这两个字段可以衍生出: 端口 +协议 =应用。 同时, 带宽 =流量 /时间, 从而记录各个时刻应用的流量, 再将应用或应用组 进行汇聚、 计算, 即有了原始数据。  There is no application field in the NetFlow or SFlow packet. However, each application or application group can be determined according to various information included in the packet. The following is used as an example. For example, the packet includes the port and protocol. Fields, derived from these two fields: Port+Protocol=Application. At the same time, bandwidth = traffic / time, so that the traffic of the application at each moment is recorded, and then the application or application group is aggregated and calculated, that is, the original data is obtained.
在基线的制定过程中与基线息息相关的是时间范围, 它需要依赖流量 统计的时间范围以及记录的步长。 这里我们可能关心的范围有 7种, 分别 Qi, i=0,...6其中 Q0: 1小时、 Ql : 6小时、 Q2: 12小时、 Q3: 24小时、 Q4: 一 周、 Q5: —个月、 Q6: —年。 可以将记录流量的步长记为 t;, i=0,...6。 What is relevant to the baseline during the development of the baseline is the time frame, which depends on the time range of the traffic statistics and the step size of the record. Here we may care about 7 types, Qi, i=0,...6 where Q0: 1 hour, Ql: 6 hours, Q2: 12 hours, Q3: 24 hours, Q4: one week, Q5: one Month, Q6: - Year. The step size of the recorded traffic can be recorded as t ; , i=0,...6.
为了实现标准化, 这里所有时间都以秒记, 并且取 60个基线值, 每个 点的取值记为 Bj, j=0,...59。 那么, 无论时间范围是多少, 每两个基线值之 间的时间步长(记为 T ); 同时, 不同时间范围 Q0至 Q6所对应的时间步 长 t; 可以分别取为 [10s, 6*10s, 12*10s, ...], 那么无论时间范围是多少都 可以记录 360 个点, 我们把每个点的流量值记为 X^ , 其中, k=0,...K; m=0, ...359, 这里的下标 k表示当前时间记录的流量和之前记录对应时间内 记录的流量。 以 24小时为例, 当 k=l时, 表示不仅统计了当前 24小时内 的流量信息, 为了经验数据的准确性, 还统计了前一个 24小时内对应时间 段的流量信息。 需要说明的是, 上述中基线值的数量, 以及不同时间范围内步长的大 小, 以及所记录的点的个数等具体数据并非是唯一数据, 仅仅是一种优选 的方案。 In order to achieve standardization, all the time here is recorded in seconds, and 60 baseline values are taken. The value of each point is recorded as Bj, j=0,...59. Then, regardless of the time range, the time step between each two baseline values (denoted as T); at the same time, the time step t corresponding to different time ranges Q0 to Q6 ; can be taken as [10s, 6* respectively) 10s, 12*10s, ...], then 360 points can be recorded regardless of the time range. We record the flow value of each point as X^, where k=0,...K; m= 0, ...359, where the subscript k represents the traffic recorded at the current time and the traffic recorded in the corresponding time of the previous record. Taking 24 hours as an example, when k=l, it means that not only the traffic information in the current 24 hours is counted, but also the traffic information of the corresponding time period in the previous 24 hours is counted for the accuracy of the empirical data. It should be noted that the specific data such as the number of the above baseline values, the size of the step size in different time ranges, and the number of recorded points are not unique data, and are only a preferred solution.
经过以上分析我们可以得到在不同时间范围(Qi)的不同步长(t; )下各时 间段的流速 (Byte/s), 也就是基线的详细数值 (Bj)为: After the above analysis, we can get the flow rate (Byte/s) of each time period under the unsynchronized length (t ; ) in different time ranges (Qi), that is, the detailed value (Bj) of the baseline is:
'
Figure imgf000010_0001
① 从公式①中可以看出, 这里 是预先设定的时间步长, 因此一旦明确时 间范围那么 t; 就明确了,因此我们只需要关注记录的各时间段的流量值 即可, 此处, 将每 6个时间步长作为一个时间段。 '
Figure imgf000010_0001
1 It can be seen from Equation 1 that this is a preset time step, so once the time range is clear, t is clear ; therefore, we only need to pay attention to the flow value of each time period recorded, here, Each 6 time steps is taken as a time period.
基线的制定可以说是对经验数据的拟合, 此实施例中取 60个基线值, 当然基线值的数量可以根据实际情况的不同进行选取, 其实通过基线值的 分布就可以粗略的看出流量的变化, 同时也可以粗略的描摹出流量趋势图。  The baseline can be said to be the fitting of the empirical data. In this example, 60 baseline values are taken. Of course, the number of baseline values can be selected according to the actual situation. In fact, the flow rate can be roughly seen through the distribution of baseline values. The change can also roughly describe the flow trend graph.
上述对基线值的获取方法是一种较优的方法,也可以直接将记录的 360 个对应时间步长内的流量数据直接除以对应时间步长获得 360个流速数据, 并从这 360个流速数据中选取若干个作为基线值。  The above method for obtaining the baseline value is a superior method, and the flow data in the 360 corresponding time steps recorded can be directly divided by the corresponding time step to obtain 360 flow rate data, and from the 360 flow rates. Several of the data are selected as baseline values.
基线中给出的只是各个时间段内的经验数据, 要想获得更为精确的流 量趋势预测, 则需要借助基线作更进一步的统计和分析。 这里采用的是拉 格朗日插值法来进一步做数据分析, 获得流量与时间关系的走势函数 y=B(t)。 有了函数我们就可以预测未来任意时间点的流速, 同时可以预测到 流速的峰值和谷值所在的时间点, 同时我们还可以计算出任意时间段的流 量, 那么就可以进行异常流量的监测了。  The baseline gives only empirical data for each time period. For more accurate flow trend predictions, baselines are needed for further statistics and analysis. Here, the Lagrangian interpolation method is used to further analyze the data, and obtain the flow function y=B(t) of the relationship between flow and time. With the function we can predict the flow rate at any point in the future, and at the same time predict the time point of the peak and valley of the flow rate. At the same time, we can calculate the flow at any time, then we can monitor the abnormal flow. .
从上述的具体实施例中我们取了 60 个基线值, B=[B0,B1,...B59]对应 的自变量的值分别为 T=[T0,T1,...T59], 也就是基线中时间步长等值递增。 那么有流速趋势函数 B(t) =∑¾ B^ ll 其中拉格朗日基本多项式 From the above specific embodiment, we took 60 baseline values, and the values of the independent variables corresponding to B=[B0, B1,...B59] are T=[T0, T1,...T59], that is, The time step in the baseline is incremented by the equivalent. Then there is a flow rate trend function B(t ) = ∑ 3⁄4 B ^ l l where Lagrangian basic polynomial
ng 因此, 我们对流速走势的预测函数为: Ng Therefore, our prediction function for the flow rate trend is:
Βω =∑ρ。(Β π ¾>: Βω =∑ρ. (Β π 3⁄4>:
... ' ③  ... ' 3
在此处我们采用的是拉格朗日插值法进行流速的预测, 但是这仅是一 种较优的方案, 误差较小。 但是同样可以采用其他插值法对流速进行预测, 例如, 牛顿插值法, 多项式插值法等等, 在此处, 不在对这些方法过程进 行详细的说明。  Here we use the Lagrangian interpolation method to predict the flow rate, but this is only a better solution with less error. However, other interpolation methods can be used to predict the flow rate, for example, Newton interpolation, polynomial interpolation, etc., and the method processes are not described in detail here.
如图 3 所示为本发明实施例流量监测***的一实施例的结构示意图, 该***至少包括了: 一个或多个流量预测***、 告警模块、 处理模块; 其 中,  FIG. 3 is a schematic structural diagram of an embodiment of a traffic monitoring system according to an embodiment of the present invention. The system includes at least: one or more traffic prediction systems, an alarm module, and a processing module;
流量预测***, 配置为预测在设定时间内目标应用业务所占用的流量 值, 并将预测到的流量值发送至告警模块;  The traffic prediction system is configured to predict a traffic value occupied by the target application service within a set time, and send the predicted traffic value to the alarm module;
处理模块, 配置为将预测得到的所述流量值和设定的流量范围进行比 较, 并将比较结果发送至告警模块;  The processing module is configured to compare the predicted traffic value with the set traffic range, and send the comparison result to the alarm module;
告警模块, 配置为根据比较结果判断所述目标应用业务在所述设定时 间内的流量值是否正常; 若所述流量值不在所述流量范围内, 则执行报警 动作。  The alarm module is configured to determine, according to the comparison result, whether the traffic value of the target application service within the set time is normal; if the traffic value is not within the traffic range, perform an alarm action.
如图 4所示为本发明实施例流量监测方法的一实施例的流程图, 至少 包括本发明实施例中按照本发明实施例流量预测的方法预测设定时间内目 标应用业务的流量信息; 将预测得到的所述流量信息和设定的流量范围进 行比较; 根据比较结果判断所述目标应用业务在所述设定时间内的流量信 息是否正常; 若所述流量信息不在所述流量范围内, 则执行报警动作。 在一实施例中, 所述将预测得到的所述流量信息和设定的流量范围进 行比较包括: 对所述目标应用业务在所述设定时间内所占用的流量进行监 测; 根据所述流量范围确定所述目标业务对应的报警等级; FIG. 4 is a flowchart of an embodiment of a traffic monitoring method according to an embodiment of the present invention, which includes at least a method for predicting traffic of a target application service in a set time according to an embodiment of the present invention; Comparing the predicted traffic information with the set traffic range; determining, according to the comparison result, the traffic information of the target application service within the set time Whether the information is normal; if the flow information is not within the flow range, an alarm action is performed. In an embodiment, comparing the predicted traffic information with the set traffic range includes: monitoring, by the target application service, traffic occupied by the set time; The range determines an alarm level corresponding to the target service;
其中, 所述流量范围包括多个不同等级的流量范围, 所述不同等级的 流量范围各自对应一种报警等级。  The flow range includes a plurality of different levels of flow ranges, and the different levels of flow ranges each correspond to an alarm level.
在一种实施例中, 若所述流量值不在所述流量范围内, 则执行报警动 作具体包括: 根据监测到的流量与设定不同等级的流量范围进行比较, 并 根据比较结果执行不同报警等级。  In an embodiment, if the flow value is not in the flow range, performing an alarm action specifically includes: comparing the monitored flow rate with a set flow rate range, and performing different alarm levels according to the comparison result. .
如果要检测目标应用业务的流量, 那么首先预测出任意时间段内的流 量。 当我们有了流速的函数之后, 任意一段时间的流量都可以通过对区间 内的流速进行定积分来获取。例如从时间点 a到时间点 b之间的流量 L(a,b), 即为  If traffic to the target application service is to be detected, the traffic in any time period is first predicted. When we have a function of the flow rate, the flow for any period of time can be obtained by integrating the flow rate in the interval. For example, the flow rate L(a,b) from time point a to time point b is
L删 [a, b] = f BCtjdt: L delete [a, b] = f BCtjdt:
; ④ 同理, 任意 n个时间段 [ai,bi],i=0,...,n-l 内的总流量为  4 Similarly, the total flow in any n time periods [ai, bi], i=0, ..., n-l is
为了更好的控制流量, 监测出异常, 对当前统计到的流量与经验数据 统计分析得到的流量 (即⑤式)进行简单处理, ***提供配置流量上下限的功 能, 从而更加随心所欲的控制流量。 In order to better control the traffic, the abnormality is monitored, and the flow calculated by the current statistical flow and the statistical analysis of the empirical data (ie, type 5) is simply processed, and the system provides the function of configuring the upper and lower limits of the flow, thereby more freely controlling the flow.
这里假设用户关心的是时间范围为 Qi的流量情况, 我们希望在 Qi这段 时间范围内的任意时间段 [a,b]内都不会出现流量超过经验数据 L预测 =[a,b] 的上限 Pmax%或者低于的下限 Pmin%也就是预设的流量范围, 一旦出现上 述两种情况, ***马上会做出预警, 同时与设备联动, 利用深度包探测技 术自动启动动态策略, 对流量进行限速。 这里通过基线上下限构造基线数据通道监测异常流量, 总结起来就是 以下两个公式: It is assumed here that the user is concerned with the traffic situation with a time range of Qi. We hope that there will be no traffic exceeding the empirical data L prediction = [a, b] in any time period [a, b] within the time range of Qi. The upper limit Pmax% or the lower limit Pmin% is also the preset flow range. Once the above two situations occur, the system will immediately make an early warning and link with the device to automatically start the dynamic strategy by using the deep packet detection technology to perform traffic flow. Speed limit. Here, the abnormal flow is monitored by the baseline upper and lower baseline construction data channels. The following two formulas are summarized:
L当前 > (1 + ^sias · Lf页测【 b]; L current > (1 + ^sias · Lf page test [b];
 6
 Or
L当前 [¾ b] < (1 - Pmls %) « L预测 [a,b]: 多协议支持下对各种应用和应用组的异常流量动态监测流程可以参见 图 5。 动态时间通道是有规律和时间段限制的, 首先实时采集到的当前流量 进行时间变换, 把当前时间定为到规律时间段上的位置。 在动态时间通道 上建立分级监测流量范围, 不同级的流量范围代表不同的告警级别。 当超 过预设的流量范围不管是超过正常情况上涨, 或者超过正常情况下降, 都 执行对应的告警。 L Current [3⁄4 b] < (1 - P mls %) « L prediction [a,b]: The abnormal traffic dynamic monitoring process for various applications and application groups under multi-protocol support can be seen in Figure 5. The dynamic time channel is regularly and time-limited. First, the current traffic collected in real time is time-transformed, and the current time is set to the position on the regular time period. A hierarchical monitoring traffic range is established on the dynamic time channel, and different traffic ranges represent different alarm levels. When the preset traffic range exceeds the normal situation, or exceeds the normal situation, the corresponding alarm is executed.
比对行为应该在一个最小比对时间范围, 即时间步长内进行。 可以有 效避免误测和漏测, 又能提高监测的准确性。  The comparison behavior should be performed within a minimum alignment time range, ie, the time step. It can effectively avoid misdetection and missed measurement, and can improve the accuracy of monitoring.
随着当前时间的推进, 监测参照点在通道上移动变化, 更新监测依据, 完成对当前流量的比较和未来的推测, 来达到监视异常流量的效果。  As the current time advances, the monitoring reference points move on the channel, update the monitoring basis, complete the comparison of current traffic and future speculation, to achieve the effect of monitoring abnormal traffic.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明, 不 能认定本发明的具体实施只局限于这些说明; 因此, 对于本发明所属技术 领域的普通技术人员来说, 在不脱离本发明构思的前提下, 还可以做出若 干简单推演或替换, 都应当视为属于本发明的保护范围。  The above is a further detailed description of the present invention in conjunction with the specific embodiments, and the specific embodiments of the present invention are not limited to the description; therefore, those skilled in the art to which the present invention pertains, without departing from the inventive concept In addition, some simple deductions or substitutions may be made, which should be considered as belonging to the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种流量预测方法, 所述流量预测方法包括:  A traffic prediction method, the traffic prediction method includes:
采集目标应用业务当前所占用流量的信息;  Collecting information about the traffic currently occupied by the target application service;
才艮据所述流量信息, 制定所述目标应用业务的标准流量数据; 才艮据所述标准流量数据, 预测所述目标应用业务的流量信息。  And formulating standard traffic data of the target application service according to the traffic information; and predicting traffic information of the target application service according to the standard traffic data.
2、 根据权利要求 1所述的流量预测方法, 其中, 所述采集目标应用业 务流量信息, 包括:  The traffic prediction method according to claim 1, wherein the collecting target application service flow information includes:
设定对目标应用业务进行流量采集的时间范围;  Setting a time range for performing traffic collection on the target application service;
确定在所述时间范围内流量采集的时间步长;  Determining a time step of traffic collection over the time range;
在所述时间范围内按照所述时间步长采集所述应用业务的流量数据。 Collecting traffic data of the application service according to the time step in the time range.
3、 根据权利要求 2所述的流量预测方法, 其中, 所述制定所述目标应 用业务的标准流量数据, 包括: The traffic prediction method according to claim 2, wherein the standard traffic data of the target application service is determined, including:
确定所述目标应用业务在所述时间范围包括各预设时间段对应的流速 平均值; 其中, 所述时间范围包括多个预设时间段, 所述预设时间段包括 至少一个所述时间步长;  Determining, in the time range, that the target application service includes an average value of the flow rate corresponding to each preset time period; wherein the time range includes a plurality of preset time segments, and the preset time segment includes at least one of the time steps Long
根据所述各预设时间段对应的平均值确定标准流量数据。  The standard flow data is determined according to the average value corresponding to each preset time period.
4、 根据权利要求 1所述的流量预测方法, 其中, 所述根据所述标准流 量数据预测目标应用业务的流量信息, 包括:  The traffic prediction method according to claim 1, wherein the predicting traffic information of the target application service according to the standard traffic data includes:
根据所述标准流量数据, 构建目标应用业务流量根据时间变化的函数, 才艮据所述函数预测得到所述目标应用业务的流量信息。  According to the standard traffic data, a function of changing the target application service traffic according to time is constructed, and the traffic information of the target application service is predicted according to the function.
5、 根据权利要求 1至 4中任意一项所述的流量预测方法, 其中, 所述 目标应用业务包括至少一个应用业务。  The traffic prediction method according to any one of claims 1 to 4, wherein the target application service includes at least one application service.
6、 根据权利要求 5所述的流量预测方法, 其中, 所述流量预测方法还 包括: 所述目标应用业务包括多个应用业务时, 所述多个应用业务中至少 有两个对应不同的应用协议。 The traffic prediction method according to claim 5, wherein the traffic prediction method further comprises: when the target application service includes multiple application services, at least two of the plurality of application services correspond to different applications. protocol.
7、 一种流量监测方法, 所述方法包括: 7. A method of monitoring a flow, the method comprising:
根据权利要求 1至 6中任意一项所述的流量预测方法预测设定时间内 目标应用业务的流量信息;  The traffic prediction method according to any one of claims 1 to 6, for predicting traffic information of a target application service within a set time;
将预测得到的所述流量信息和设定的流量范围进行比较;  Comparing the predicted flow information with a set flow range;
根据比较结果判断所述目标应用业务在所述设定时间内的流量信息是 否正常;  Determining, according to the comparison result, whether the traffic information of the target application service in the set time is normal;
若所述流量信息不在所述流量范围内, 则执行报警动作。  If the flow information is not within the flow range, an alarm action is performed.
8、 根据权利要求 7所述的流量监测方法, 其中, 所述将预测得到的所 述流量信息和设定的流量范围进行比较, 包括:  The traffic monitoring method according to claim 7, wherein the comparing the predicted traffic information with the set traffic range includes:
对所述目标应用业务在所述设定时间内所占用的流量进行监测; 根据 所述流量范围确定所述目标业务对应的报警等级;  And monitoring the traffic occupied by the target application service in the set time; determining an alarm level corresponding to the target service according to the traffic range;
其中, 所述流量范围包括多个不同等级的流量范围, 所述不同等级的 流量范围各自对应一种报警等级。  The flow range includes a plurality of different levels of flow ranges, and the different levels of flow ranges each correspond to an alarm level.
9、 根据权利要求 8所述的流量监测方法, 其中, 所述若所述流量信息 不在所述流量范围内, 则执行报警动作, 包括:  The traffic monitoring method according to claim 8, wherein if the traffic information is not within the traffic range, performing an alarm action, including:
根据监测到的流量与设定不同等级的流量范围进行比较, 并根据比较 结果执行不同报警等级。  The flow rate is compared with the set flow rate according to the monitored flow rate, and different alarm levels are executed according to the comparison result.
10、 一种流量预测***, 所述***包括: 流量采集模块、 标准数据模 块和流量预测模块; 其中,  10. A traffic prediction system, the system comprising: a traffic collection module, a standard data module, and a traffic prediction module; wherein
流量采集模块, 配置为采集目标应用业务流量信息, 并将所述流量信 息发送至标准数据模块;  a traffic collection module, configured to collect target application service traffic information, and send the traffic information to a standard data module;
标准数据模块, 配置为根据所述流量信息, 制定所述应用业务的标准 流量数据, 并将所述标准流量数据发送至流量预测模块;  a standard data module, configured to: formulate standard traffic data of the application service according to the traffic information, and send the standard traffic data to a traffic prediction module;
流量预测模块, 配置为根据所述标准流量数据预测所述应用业务的流 量信息。 The traffic prediction module is configured to predict traffic information of the application service according to the standard traffic data.
11、根据权利要求 10所述的流量预测***, 其中, 所述流量采集模块, 配置为设定对目标应用业务进行流量采集的时间范围; 确定在所述时间范 围内流量采集的时间步长; 在所述时间范围内按照所述时间步长采集所述 应用业务的流量数据。 The traffic prediction system according to claim 10, wherein the traffic collection module is configured to set a time range for performing traffic collection on the target application service, and determine a time step of the traffic collection in the time range; Collecting traffic data of the application service according to the time step in the time range.
12、根据权利要求 11所述的流量预测***, 其中, 所述标准数据模块, 配置为确定所述目标应用业务在所述时间范围包括各预设时间段对应的流 速平均值; 所述时间范围包括多个预设时间段, 所述预设时间段包括至少 一个所述时间步长; 根据所述各预设时间段对应的平均值确定标准流量数 据。  The traffic prediction system according to claim 11, wherein the standard data module is configured to determine that the target application service includes an average value of flow rates corresponding to each preset time period in the time range; The method includes a plurality of preset time periods, where the preset time period includes at least one of the time steps; and determining standard flow data according to an average value corresponding to each preset time period.
13、根据权利要求 10所述的流量预测***,其中, 所述流量预测模块, 配置为根据所述标准流量数据构建目标应用业务流量根据时间变化的函 数, 根据所述函数得到所述目标应用业务的预测流量信息。  The traffic prediction system according to claim 10, wherein the traffic prediction module is configured to construct a function of the target application service traffic according to the time according to the standard traffic data, and obtain the target application service according to the function. Forecast traffic information.
14、 一种流量监测***, 所述***包括: 一个或多个流量预测***、 告警模块和处理模块; 其中,  14. A flow monitoring system, the system comprising: one or more traffic prediction systems, an alarm module, and a processing module;
所述流量预测***为权利要求 10至 13中任意一项所述流量预测***, 配置为预测在设定时间内目标应用业务的流量信息, 并将预测到的流量信 息发送至告警模块;  The traffic prediction system is the traffic prediction system according to any one of claims 10 to 13, configured to predict traffic information of the target application service within a set time, and send the predicted traffic information to the alarm module;
处理模块, 配置为将预测得到的所述流量信息和设定的流量范围进行 比较, 并将比较结果发送至告警模块;  a processing module, configured to compare the predicted traffic information with the set traffic range, and send the comparison result to the alarm module;
告警模块, 配置为根据比较结果判断所述目标应用业务在所述设定时 间内的流量信息是否正常; 若所述流量信息不在所述流量范围内, 则执行 报警动作。  The alarm module is configured to determine, according to the comparison result, whether the traffic information of the target application service in the set time is normal; if the traffic information is not in the traffic range, perform an alarm action.
15、 根据权利要求 14所述的流量监测***, 其中, 所述处理模块, 配 置为对所述目标应用业务在所述设定时间内所占用的流量进行监测; 根据 所述流量范围确定所述目标业务对应的报警等级; 所述流量范围包括多个不同等级的流量范围, 所述不同等级的流量范 围各自对应一种报警等级。 The traffic monitoring system according to claim 14, wherein the processing module is configured to monitor, according to the traffic range, the traffic occupied by the target application service during the set time; The alarm level corresponding to the target service; The flow range includes a plurality of different levels of flow ranges, each of the different levels of flow ranges corresponding to an alarm level.
16、 根据权利要求 15所述的流量监测***, 其中, 所述告警模块, 配 置为根据监测到的流量与设定不同等级的流量范围进行比较, 并根据比较 结果执行不同报警等级。  16. The flow monitoring system according to claim 15, wherein the alarm module is configured to compare the monitored flow rate with a set different flow rate range, and execute different alarm levels according to the comparison result.
PCT/CN2013/081072 2012-08-09 2013-08-08 Flow prediction method and system and flow monitoring method and system WO2014023245A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210282405.XA CN103580905B (en) 2012-08-09 2012-08-09 A kind of method for predicting, system and flow monitoring method, system
CN201210282405.X 2012-08-09

Publications (1)

Publication Number Publication Date
WO2014023245A1 true WO2014023245A1 (en) 2014-02-13

Family

ID=50051890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/081072 WO2014023245A1 (en) 2012-08-09 2013-08-08 Flow prediction method and system and flow monitoring method and system

Country Status (2)

Country Link
CN (1) CN103580905B (en)
WO (1) WO2014023245A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106100928A (en) * 2016-06-21 2016-11-09 北京百度网讯科技有限公司 It is applied to transmission method and the device of the monitoring data of data center
CN107231268A (en) * 2016-03-25 2017-10-03 北京京东尚科信息技术有限公司 The method and apparatus for testing web site performance
CN111262750A (en) * 2020-01-09 2020-06-09 ***股份有限公司 Method and system for evaluating baseline model
CN113992496A (en) * 2020-07-10 2022-01-28 ***通信集团湖北有限公司 Abnormal operation warning method and device based on quartile algorithm and computing equipment
CN114143266A (en) * 2021-11-29 2022-03-04 中国平安财产保险股份有限公司 Flow management and control method, device, equipment and medium based on machine learning

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530219B (en) * 2014-09-28 2019-12-10 腾讯科技(深圳)有限公司 Connection detection method and device
CN104349367A (en) * 2014-11-12 2015-02-11 深圳市中兴移动通信有限公司 Mobile terminal and predicting reminding method and device of flow consumption of mobile terminal
CN105979538A (en) * 2016-07-19 2016-09-28 浪潮软件集团有限公司 Method for analyzing lost telephone traffic and flow during cell interruption
CN106230633A (en) * 2016-08-01 2016-12-14 中体彩科技发展有限公司 The Forecasting Methodology of newly-increased high frequency sports lottery ticket game data flow and device
CN107040475B (en) * 2016-11-14 2020-10-02 平安科技(深圳)有限公司 Resource scheduling method and device
CN111225404B (en) * 2018-11-23 2021-08-31 华为技术有限公司 Network quality monitoring method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1617512A (en) * 2004-11-25 2005-05-18 中国科学院计算技术研究所 Adaptive network flow forecasting and abnormal alarming method
CN101127706A (en) * 2007-09-21 2008-02-20 烽火通信科技股份有限公司 A dynamic bandwidth allocation and control system based on multi-service transmission platform
CN101155085A (en) * 2006-09-29 2008-04-02 中兴通讯股份有限公司 Method and device for real-time flux prediction and real-time flux monitoring and early warning
CN102369689A (en) * 2011-08-11 2012-03-07 华为技术有限公司 Long-term forecasting method and device of network flow

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102014031A (en) * 2010-12-31 2011-04-13 湖南神州祥网科技有限公司 Method and system for network flow anomaly detection
CN102104509B (en) * 2011-02-17 2013-06-19 浪潮(北京)电子信息产业有限公司 Method and device for predicting server load in cloud operation system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1617512A (en) * 2004-11-25 2005-05-18 中国科学院计算技术研究所 Adaptive network flow forecasting and abnormal alarming method
CN101155085A (en) * 2006-09-29 2008-04-02 中兴通讯股份有限公司 Method and device for real-time flux prediction and real-time flux monitoring and early warning
CN101127706A (en) * 2007-09-21 2008-02-20 烽火通信科技股份有限公司 A dynamic bandwidth allocation and control system based on multi-service transmission platform
CN102369689A (en) * 2011-08-11 2012-03-07 华为技术有限公司 Long-term forecasting method and device of network flow

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107231268A (en) * 2016-03-25 2017-10-03 北京京东尚科信息技术有限公司 The method and apparatus for testing web site performance
CN106100928A (en) * 2016-06-21 2016-11-09 北京百度网讯科技有限公司 It is applied to transmission method and the device of the monitoring data of data center
CN106100928B (en) * 2016-06-21 2019-02-26 北京百度网讯科技有限公司 The transmission method and device of monitoring data applied to data center
CN111262750A (en) * 2020-01-09 2020-06-09 ***股份有限公司 Method and system for evaluating baseline model
CN111262750B (en) * 2020-01-09 2021-08-27 ***股份有限公司 Method and system for evaluating baseline model
CN113992496A (en) * 2020-07-10 2022-01-28 ***通信集团湖北有限公司 Abnormal operation warning method and device based on quartile algorithm and computing equipment
CN113992496B (en) * 2020-07-10 2023-11-17 ***通信集团湖北有限公司 Abnormal alarm method and device based on quartile algorithm and computing equipment
CN114143266A (en) * 2021-11-29 2022-03-04 中国平安财产保险股份有限公司 Flow management and control method, device, equipment and medium based on machine learning

Also Published As

Publication number Publication date
CN103580905B (en) 2017-05-31
CN103580905A (en) 2014-02-12

Similar Documents

Publication Publication Date Title
WO2014023245A1 (en) Flow prediction method and system and flow monitoring method and system
CN101155085B (en) Method and device for real-time flux prediction and real-time flux monitoring and early warning
US7933743B2 (en) Determining overall network health and stability
US10637760B2 (en) System and method for network capacity planning
US8520547B2 (en) System and method for measuring interface utilization using policers
JP4738358B2 (en) Bandwidth measuring method and apparatus
WO2013037230A1 (en) Wcdma network expansion planning method and device
Jang et al. Rflow+: An sdn-based wlan monitoring and management framework
WO2016182772A1 (en) Uplink performance management
CN109412879B (en) Port state parameter acquisition method and device, transmission equipment and storage medium
KR20200116504A (en) Data processing methods, servers and data collection devices
WO2015021816A1 (en) Link performance test method and device, logical processor and network processor
CN106789429B (en) A kind of adaptive low-cost SDN network link utilization measurement method and system
WO2020057746A1 (en) Technique for performing analysis of an rtp flow
JP5684748B2 (en) Network quality monitoring apparatus and network quality monitoring method
CN107241359A (en) A kind of software-oriented defines the lightweight network flow abnormal detecting method of network
CN115766471B (en) Network service quality analysis method based on multicast flow
WO2013139082A1 (en) Method and system for managing end-to-end service performance based on threshold, and network manager
CN106230661A (en) Network data delay control method
WO2012116551A1 (en) Multicast performance analysing method and system
WO2011009322A1 (en) Statistic method and statistic system for time length of service flow
TW201528725A (en) Abnormal network traffic monitoring system with respect to normal distribution mode
CN113347055A (en) Method and device for monitoring flow rate and computer readable storage medium
de Oliveira Schmidt et al. Impact of packet sampling on link dimensioning
Deart et al. HTTP traffic measurements on access networks, analysis of results and simulation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13828209

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13828209

Country of ref document: EP

Kind code of ref document: A1