Traffic monitoring method, device, equipment and storage medium

By reading local cache files in the cloud network to determine the target virtual route and obtain traffic information, the performance problem caused by the increase in the number of iptables rules is solved, achieving efficient and accurate traffic data acquisition and avoiding the impact on the performance of the cloud network control plane.

CN116866232BActive Publication Date: 2026-06-26CHINA UNITED NETWORK COMM GRP CO LTD +2

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA UNITED NETWORK COMM GRP CO LTD
Filing Date
2023-07-28
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

When monitoring public IP traffic in cloud networks, existing technologies increase the number of iptables rules, leading to reduced virtual router forwarding performance, and the backflow of traffic data to the message queue affects the performance of the cloud network control plane.

Method used

The target virtual route is determined by reading the local cache file, its traffic information is obtained and uploaded to the preset storage system, avoiding the generation of iptables rules in the virtual router namespace. An independent monitoring process is used to collect data through kernel inter-process communication and the OPENFLOW protocol.

Benefits of technology

This reduces the impact on virtual routing performance, prevents traffic monitoring from entering the cloud network control plane, and improves the efficiency and accuracy of traffic data acquisition.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116866232B_ABST
    Figure CN116866232B_ABST
Patent Text Reader

Abstract

The application provides a traffic monitoring method, device, equipment and storage medium. The method comprises the following steps: reading a local cache file, determining a target virtual route; acquiring traffic information of the target virtual route, comprising traffic data of an elastic public network of the target virtual route, traffic data of a virtual network device of the target virtual route and connection data of the target virtual route; and uploading the traffic information of the target virtual route to a preset storage system. The method no longer needs to generate iptables rules in a virtual router namespace, thereby reducing the influence on the performance of the virtual route; the traffic monitoring no longer enters a message queue, a database and other planes of a cloud network control plane, thereby not influencing the performance of the cloud network control plane, and meanwhile, the efficiency of traffic data acquisition is improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and in particular to a flow monitoring method, apparatus, device, and storage medium. Background Technology

[0002] Monitoring Internet Protocol (IP) traffic on the public network of the OpenStack Neutron community is a technical problem that urgently needs to be solved by those skilled in the art.

[0003] In existing technologies, IP packet filtering (iptables) rules are added to the namespace of a virtual router. Traffic information is then obtained by reading the packet volume and throughput hit by the iptables rules. The obtained traffic information is then fed back to a message queue and transmitted to a traffic monitoring system.

[0004] However, in existing technologies, a large number of IP addresses require a large number of iptables rules. The increase in the number of iptables rules will cause a decrease in the forwarding performance of virtual routers. Furthermore, in the presence of a large number of virtual routers and public IPs, the collected traffic data is fed back to the message queue, which seriously affects the performance of the cloud network's own control plane. Therefore, there is an urgent need for a method to obtain traffic data efficiently and accurately without affecting the performance of the cloud network's own control plane. Summary of the Invention

[0005] This application provides a traffic monitoring method, apparatus, device, and storage medium to solve the technical problem of lacking a method for acquiring traffic data efficiently and accurately without affecting the performance of the cloud network's own control plane.

[0006] Firstly, this application provides a traffic monitoring method, including:

[0007] Read the local cache file to determine the target virtual route; wherein, the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route that needs to be monitored for traffic;

[0008] Obtain the traffic information of the target virtual router; wherein, the traffic information includes the traffic data of the elastic public network of the target virtual router, the traffic data of the virtual network device of the target virtual router, and the connection data of the target virtual router;

[0009] Upload the traffic information of the target virtual router to the preset storage system.

[0010] Optionally, in the method described above, before reading the local cache file and determining the target virtual route, the method further includes:

[0011] Based on a preset process, the basic configuration of the virtual router is created; wherein, the basic configuration includes namespaces and virtual network devices;

[0012] Based on the preset process, a preset flow table or preset rule is sent to the namespace corresponding to the virtual route;

[0013] Based on the preset process, the cache information of the virtual route is sent to the local cache file.

[0014] Optionally, the method described above for obtaining the traffic information of the target virtual route includes:

[0015] The namespace corresponding to the target virtual route is determined to be the target namespace;

[0016] Obtain the traffic information of the target virtual route in the target namespace.

[0017] Optionally, the method described above, obtaining the traffic information of the target virtual route corresponding to the target namespace, includes:

[0018] Obtain network packet data and network throughput data of the virtual network device of the target virtual route in the target namespace;

[0019] Based on the preset flow table or preset rules in the target namespace, obtain the network packet volume data of the elastic public network of the target virtual route and the network throughput data of the elastic public network of the target virtual route;

[0020] Obtain the connection data of the target virtual route in the target namespace.

[0021] Optionally, in the method described above, the preset flow table includes flow matching conditions and execution actions. The execution actions are used to count traffic when the circulating data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the circulating data packets.

[0022] Optionally, the method described above further includes:

[0023] Start the monitoring process; wherein the monitoring process is used for traffic monitoring;

[0024] Determining the target virtual route based on the local cache file includes: determining the target virtual route based on the monitoring process and the local cache file;

[0025] Obtaining traffic information of the target virtual route includes: obtaining traffic information of the target virtual route based on the monitoring process;

[0026] Uploading the traffic information of the target virtual router to a preset storage system includes: based on the monitoring process, uploading the traffic information of the target virtual router to a preset storage system.

[0027] Secondly, this application provides a flow monitoring device, the device comprising:

[0028] The first processing unit is used to read a local cache file and determine the target virtual route; wherein the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route that needs to be monitored for traffic.

[0029] An acquisition unit is used to acquire traffic information of the target virtual router; wherein, the traffic information includes traffic data of the elastic public network of the target virtual router, traffic data of the virtual network device of the target virtual router, and connection data of the target virtual router;

[0030] The transmission unit is used to upload the traffic information of the target virtual route to a preset storage system.

[0031] Optionally, in the apparatus described above, prior to the first processing unit, the apparatus further includes:

[0032] The creation unit is used to create the basic configuration of a virtual route based on a preset process; the basic configuration includes namespaces and virtual network devices.

[0033] The first distribution unit is used to distribute preset flow tables or preset rules to the namespace corresponding to the virtual route based on a preset process.

[0034] The second distribution unit is used to distribute the cached information of the virtual route to the local cache file based on a preset process.

[0035] Optionally, in the apparatus described above, the acquisition unit includes:

[0036] The determination sub-unit is used to determine the namespace corresponding to the target virtual route as the target namespace.

[0037] The acquisition sub-unit is used to obtain traffic information of the target virtual route in the target namespace.

[0038] Optionally, in the apparatus described above, the acquisition subunit includes:

[0039] The first acquisition module is used to acquire network packet data and network throughput data of the virtual network device of the target virtual route in the target namespace.

[0040] The second acquisition module is used to acquire network packet data and network throughput data of the elastic public network of the target virtual route based on preset flow tables or preset rules in the target namespace.

[0041] The third acquisition module is used to acquire the connection data of the target virtual route in the target namespace.

[0042] Optionally, in the apparatus described above, the preset flow table includes flow matching conditions and execution actions. The execution actions are used to count the flow when the circulating data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the circulating data packets.

[0043] Optionally, the apparatus as described above further includes:

[0044] The second processing unit is used to start the monitoring process; the monitoring process is used for traffic monitoring.

[0045] The first processing unit is specifically used to: determine the target virtual route based on the monitoring process and the local cache file.

[0046] The acquisition unit is specifically used to: acquire traffic information of the target virtual route based on the monitoring process.

[0047] The transmission unit is specifically used to: upload the traffic information of the target virtual route to a preset storage system based on the monitoring process.

[0048] Thirdly, this application provides an electronic device, including: a processor, and a memory communicatively connected to the processor;

[0049] The memory stores computer-executed instructions;

[0050] The processor executes computer execution instructions stored in the memory to implement the method as described in the first aspect.

[0051] Fourthly, this application provides a computer-readable storage medium storing computer-executable instructions, which, when executed by a processor, implement the method described in the first aspect.

[0052] The traffic monitoring method, apparatus, device, and storage medium provided in this application, through the following steps: reading a local cache file to determine the target virtual route; wherein, the local cache file includes cache information of one or more virtual routes, each cache information including the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route to be monitored for traffic; acquiring the traffic information of the target virtual route, including the traffic data of the elastic public network of the target virtual route, the traffic data of the virtual network device of the target virtual route, and the connection data of the target virtual route; and uploading the traffic information of the target virtual route to a preset storage system. This method eliminates the need to generate iptables rules in the virtual router namespace, reducing the impact on virtual route performance; traffic monitoring no longer enters the message queue, database, or other planes of the cloud network control plane, does not affect the performance of the cloud network's own control plane, and improves the efficiency of traffic data acquisition. Attached Figure Description

[0053] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0054] Figure 1 A flowchart of a traffic monitoring method provided in this application embodiment;

[0055] Figure 2 A flowchart of another traffic monitoring method provided in this application embodiment;

[0056] Figure 3 This is a schematic diagram of the structure of a flow monitoring device provided in an embodiment of this application;

[0057] Figure 4 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application;

[0058] Figure 5 This is a block diagram of an electronic device provided in an embodiment of this application.

[0059] The accompanying drawings illustrate specific embodiments of this application, which will be described in more detail below. These drawings and descriptions are not intended to limit the scope of the concept in any way, but rather to illustrate the concept of this application to those skilled in the art through reference to particular embodiments. Detailed Implementation

[0060] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.

[0061] In existing technologies, the metering process (neutron-metering-agent) in OpenStack attempts to obtain information about each router on the node, then issues traffic statistics-related iptables rules to its namespace. Afterward, neutron-metering-agent starts a scheduled task to read the traffic according to these rules and report it to a specific data collection service, which by default transmits it to the message queue of the cloud network control plane. When data packets pass through critical virtual network devices and undergo Network Address Translation (NAT) in the router namespace, they may match the iptables rules issued by the monitoring service, increasing the amount of traffic data read.

[0062] In one example, the overall process is as follows: (1) neutron-l3-agent configures the router namespace, virtual network devices, and NAT rules; (2) neutron-metering-agent obtains router information and monitoring rule information to be issued in the router from the control node (neutron-server); (3) neutron-metering-agent configures iptables monitoring rules; (4) neutron-metering-agent periodically reads the traffic data of the iptables rules; (5) neutron-metering-agent sends the traffic information to the message queue; (6) the monitoring service consumes monitoring data messages from the message queue; (7) the monitoring service persists the monitoring data to the monitoring data storage system.

[0063] The existing technical methods and systems have the following problems: (1) It is necessary to create relevant database record rules for each public IP address of each router in the neutron database, and these rule records need to be sent to neutron-metering-agent; (2) Each IP address will generate a certain number of iptables rules, and a large number of IP addresses will generate a large number of iptables rules. After the number of iptables rules increases, the forwarding performance of the virtual router will be reduced; (3) neutron-metering-agent needs to obtain the router information twice, which will consume the performance of the message queue of the OpenStack Neutron control plane; neutron-metering-agent adopts a single-process model, which has low performance, especially when there are a large number of virtual routers and public IPs; neutron-metering-agent itself collects the traffic of iptables rules by executing external command lines, and needs to execute multiple commands, which has low performance; the collected data is fed back to the message queue, which seriously affects the performance of the cloud network's own control plane.

[0064] Therefore, there is an urgent need for a method to obtain traffic data efficiently and accurately without affecting the performance of the cloud network's own control plane.

[0065] The traffic monitoring method provided in this application aims to solve the above-mentioned technical problems of the prior art.

[0066] The technical solution of this application and how the technical solution of this application solves the above-mentioned technical problems are described in detail below with specific embodiments. These specific embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments. The embodiments of this application will now be described with reference to the accompanying drawings.

[0067] Figure 1 A flowchart of a traffic monitoring method provided in an embodiment of this application is shown below. Figure 1 As shown, the method includes:

[0068] 101. Read the local cache file to determine the target virtual route; wherein, the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route for which traffic monitoring is required.

[0069] For example, the cache information of one or more virtual routes is read from the local system cache. Each cached information includes the identification information of the corresponding virtual route, such as the virtual route's identity document (ID); the elastic public network information of the corresponding virtual route, such as the elastic public IP (EIP) information; and the virtual network device information of the corresponding virtual route, such as virtual network interface card information and external network information. Based on the virtual route pointed to by the cache information in the local cache file, the target virtual route for traffic monitoring is determined. Conversely, if the cache information of a certain virtual route does not exist in the local cache file, or the cache information corresponding to the virtual route is incomplete, or the cache information format or content is incorrect, traffic monitoring of that virtual route may not be possible.

[0070] 102. Obtain the traffic information of the target virtual router; the traffic information includes the traffic data of the target virtual router's elastic public network, the traffic data of the target virtual router's virtual network devices, and the connection data of the target virtual router.

[0071] For example, after determining the target virtual route for traffic monitoring, a worker thread or a timed traffic monitoring process can be started independently of other worker processes to collect and read traffic information of the target virtual route, including traffic data of the target virtual route's elastic public network and traffic data of the target virtual route's virtual network devices. The traffic data may include network packet volume, network throughput, and connection data of the target virtual route.

[0072] 103. Upload the traffic information of the target virtual router to the preset storage system.

[0073] For example, after obtaining the traffic information of each target virtual route, it can be uploaded to a preset traffic monitoring data storage system and a preset database. Alternatively, after traversing the cache information of all virtual routes in the local cache file and obtaining the traffic information of all corresponding virtual routes, the traffic data of all target virtual routes can be uploaded to the preset traffic monitoring data storage system and the preset database. For the traffic information of each target virtual route, data processing can also be performed, such as classifying, summarizing, and comparing the traffic data obtained multiple times, and uploading the processing results to the preset traffic monitoring data storage system and the preset database.

[0074] In summary, the traffic monitoring method provided in this embodiment involves the following steps: reading a local cache file to determine the target virtual route; wherein the local cache file includes cache information of one or more virtual routes, each cache information including the identifier information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route for which traffic monitoring is required; acquiring the traffic information of the target virtual route, including the traffic data of the elastic public network of the target virtual route, the traffic data of the virtual network device of the target virtual route, and the connection data of the target virtual route; and uploading the traffic information of the target virtual route to a preset storage system. This method eliminates the need to generate iptables rules in the virtual router namespace, reducing the impact on virtual route performance; traffic monitoring no longer enters the message queue, database, or other planes of the cloud network control plane, thus not affecting the performance of the cloud network's own control plane, while improving the efficiency of traffic data acquisition.

[0075] Figure 2 A flowchart of another traffic monitoring method provided in the embodiments of this application is shown below. Figure 2 As shown, the method includes:

[0076] 201. Based on the preset process, create the basic configuration of the virtual route; the basic configuration includes namespace and virtual network device; based on the preset process, send the preset flow table or preset rule to the namespace corresponding to the virtual route; based on the preset process, send the cache information of the virtual route to the local cache file.

[0077] For example, based on a preset process, such as neutron-l3-agent, various basic configurations of the router are processed, including namespaces, virtual network devices, etc. After processing the basic configurations of the router, preset flow tables or preset rules are issued. For example, the OVS flow table issuance action of the router's public network EIP is executed, and finally, various information of the router is cached in the local file system.

[0078] 202. Start the monitoring process; the monitoring process is used for traffic monitoring.

[0079] For example, a separate traffic monitoring process is initiated to monitor the traffic information of virtual routes in the node. This monitoring process can be a timed process that executes traffic monitoring tasks at preset time intervals.

[0080] In one example, the monitoring process can be implemented using a standalone programming language (Go). Instead of acquiring monitoring data by executing command lines, the monitoring process uses kernel inter-process communication (netlink) interfaces and network communication protocols (OPENFLOW) to collect data, thus improving data acquisition performance.

[0081] 203. Based on the monitoring process, read the local cache file and determine the target virtual route; wherein, the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route that needs to be monitored for traffic.

[0082] For example, based on the monitoring process, the local cache file is traversed in a loop. Each local cache file contains cached information for one or more virtual routes. Each cached information includes the identifier information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route. The target virtual route is the virtual route for which traffic monitoring is required. The cached information of each virtual route is read accordingly, and the identifier information and configuration information of the virtual route in the cached information, including the elastic public network configuration information and the configuration information of the virtual network device information, are identified to determine that the identified virtual route is the target virtual route.

[0083] In one example, a router cache storage directory is created in the local cache files of OpenStack Neutron. Each router will generate a JavaScript Object Notation (JSON) data structure file in the corresponding cache directory, which includes the cache information of the virtual router, including information such as router name, identifier, Elastic Source Address Translation (SNAT) EIP list, port forwarding EIP list, virtual machine bound EIP list, tenant ID, status information, external network port information, external network information, etc.

[0084] 204. Based on the monitoring process, determine the namespace corresponding to the target virtual route as the target namespace.

[0085] For example, after determining the target virtual route for which traffic monitoring is required, and based on the configuration information in the cached information of the target virtual route, the target namespace is determined. Based on the monitoring process, the target namespace is entered to obtain the traffic information of the target virtual route in the target namespace.

[0086] 205. Based on the monitoring process, obtain the traffic information of the target virtual router in the target namespace. The traffic information includes the traffic data of the elastic public network of the target virtual router, the traffic data of the virtual network device of the target virtual router, and the connection data of the target virtual router.

[0087] In one example, step 205 includes the following steps:

[0088] Based on the monitoring process, network packet data and network throughput data of the virtual network devices of the target virtual route in the target namespace are obtained.

[0089] Based on the monitoring process and based on the preset flow tables or preset rules in the target namespace, obtain the network packet volume data and network throughput data of the elastic public network of the target virtual route.

[0090] Based on the monitoring process, obtain the connection data of the target virtual route in the target namespace.

[0091] In one example, the preset flow table includes flow matching conditions and actions. The actions are used to count the flow when the flowing data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the flowing data packets.

[0092] For example, based on the monitoring process, network packet volume data and network throughput data of the virtual network device of the target virtual route in the target namespace are obtained; based on preset flow tables or preset rules in the target namespace, network packet volume data and network throughput data of the elastic public network of the target virtual route are obtained, wherein the preset flow table includes traffic matching conditions and execution actions, the execution actions are used to count traffic when the flowing data packets meet the traffic matching conditions; the preset rules are used to indicate the traffic matching rules and traffic counting rules of the flowing data packets, and when data packets that meet the traffic matching conditions or traffic matching rules flow through the virtual network device and the target namespace, the preset flow table or preset rules perform traffic counting; based on the monitoring process, connection data of the target virtual route in the target namespace is obtained.

[0093] In one example, after a data packet flows through a virtual network device and enters a node, it will hit a preset flow table or preset rule issued by the monitoring process. After that, the data packet undergoes NAT translation through the namespace, and the traffic data of the preset flow table or preset rule will increase.

[0094] In one example, the preset flow table for traffic collection is an OVS-based flow table in an environment where virtual machine switching is based on OVS; the preset rules for traffic collection are Berkeley Packet Filter (BPF) rules in a network packet filtering module (Extended Berkeley Packet Filter, abbreviated as eBPF) environment.

[0095] 206. Based on the monitoring process, upload the traffic information of the target virtual router to the preset storage system.

[0096] For example, based on the monitoring process, the data is uploaded to a preset traffic monitoring data storage system and a preset database. Alternatively, after traversing the cache information of all virtual routes in the local cache file and obtaining the traffic information of all corresponding virtual routes, the traffic data of all target virtual routes can be uploaded to the preset traffic monitoring data storage system and the preset database. For the traffic information of each target virtual route, data processing can also be performed, such as classifying, summarizing, and comparing the traffic data obtained multiple times, and uploading the processing results to the preset traffic monitoring data storage system and the preset database.

[0097] In summary, this embodiment, based on the monitoring process, distributes flow tables or rules to the virtual router's namespace, eliminating the need to create EIP monitoring rules in the Neutron database, thus reducing database pressure; it also eliminates the need for neutron-metering-agent to create iptables monitoring rules for data retrieval, collection, and reporting, optimizing the traffic monitoring process, reducing unnecessary information interaction, and minimizing the impact of traffic monitoring on system performance; it eliminates the need to generate iptables rules in the virtual router's namespace, reducing the impact on virtual router performance; traffic monitoring no longer enters the cloud network control plane's message queue, database, etc., without affecting the cloud network's own control plane performance, while improving the efficiency of traffic data acquisition; it eliminates the need for neutron-metering-agent to retrieve basic information from the virtual router, reducing the pressure on the cloud network control plane; the monitoring process does not enter the cloud network control plane's message queue, database, etc., without affecting the cloud network's own control plane performance; and the monitoring process does not acquire monitoring data by executing command lines, but instead uses the kernel netlink interface and OPENFLOW protocol to achieve data collection and uploading, improving the performance of traffic data acquisition.

[0098] Figure 3 This is a schematic diagram of the structure of a flow monitoring device provided in an embodiment of this application, as shown below. Figure 3 As shown, the device includes:

[0099] The first processing unit 31 is used to read a local cache file and determine the target virtual route. The local cache file includes cache information of one or more virtual routes. Each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route. The target virtual route is the virtual route that needs to be monitored for traffic.

[0100] The acquisition unit 32 is used to acquire traffic information of the target virtual router; wherein, the traffic information includes traffic data of the elastic public network of the target virtual router, traffic data of the virtual network device of the target virtual router, and connection data of the target virtual router.

[0101] The transmission unit 33 is used to upload the traffic information of the target virtual route to the preset storage system.

[0102] In one example, prior to the first processing unit 31, the apparatus further includes:

[0103] The creation unit is used to create the basic configuration of a virtual route based on a preset process; the basic configuration includes namespaces and virtual network devices.

[0104] The first distribution unit is used to distribute preset flow tables or preset rules to the namespace corresponding to the virtual route based on a preset process.

[0105] The second distribution unit is used to distribute the cached information of the virtual route to the local cache file based on a preset process.

[0106] In one example, obtaining unit 32 includes:

[0107] The determination sub-unit is used to determine the namespace corresponding to the target virtual route as the target namespace.

[0108] The acquisition sub-unit is used to obtain traffic information of the target virtual route in the target namespace.

[0109] In one example, retrieving a sub-unit includes:

[0110] The first acquisition module is used to acquire network packet data and network throughput data of the virtual network device of the target virtual route in the target namespace.

[0111] The second acquisition module is used to acquire network packet data and network throughput data of the elastic public network of the target virtual route based on preset flow tables or preset rules in the target namespace.

[0112] The third acquisition module is used to acquire the connection data of the target virtual route in the target namespace.

[0113] In one example, the preset flow table includes flow matching conditions and actions. The actions are used to count the flow when the flowing data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the flowing data packets.

[0114] In one example, the device also includes:

[0115] The second processing unit is used to start the monitoring process; the monitoring process is used for traffic monitoring.

[0116] The first processing unit 31 is specifically used to: determine the target virtual route based on the monitoring process and the local cache file.

[0117] The acquisition unit 32 is specifically used to: acquire traffic information of the target virtual route based on the monitoring process.

[0118] The transmission unit 33 is specifically used to: upload the traffic information of the target virtual route to the preset storage system based on the monitoring process.

[0119] Figure 4 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application, such as... Figure 4 As shown, the electronic device includes a processor 41 and a memory 42 communicatively connected to the processor.

[0120] Memory 42 stores computer-executed instructions.

[0121] The processor 41 executes computer execution instructions stored in the memory to implement the traffic monitoring method of any of the above embodiments.

[0122] Figure 5 This is a block diagram of an electronic device provided in an embodiment of this application. The device may be a mobile phone, computer, digital broadcasting terminal, messaging device, game console, tablet device, medical device, fitness equipment, personal digital assistant, etc.

[0123] The device 800 may include one or more of the following components: a processing component 802, a memory 804, a power supply component 806, a multimedia component 808, an audio component 810, an input / output (I / O) interface 812, a sensor component 814, and a communication component 816.

[0124] Processing component 802 typically controls the overall operation of device 800, such as operations associated with display, telephone calls, data communication, camera operation, and recording. Processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Furthermore, processing component 802 may include one or more modules to facilitate interaction between processing component 802 and other components. For example, processing component 802 may include a multimedia module to facilitate interaction between multimedia component 808 and processing component 802.

[0125] Memory 804 is configured to store various types of data to support the operation of device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, etc. Memory 804 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk.

[0126] Power supply component 806 provides power to various components of device 800. Power supply component 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power to device 800.

[0127] Multimedia component 808 includes a screen that provides an output interface between device 800 and the user. In some embodiments, the screen may include a liquid crystal display (LCD) and a touch panel (TP). If the screen includes a touch panel, the screen may be implemented as a touchscreen to receive input signals from the user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensors may sense not only the boundaries of touch or swipe actions but also the duration and pressure associated with the touch or swipe operation. In some embodiments, multimedia component 808 includes a front-facing camera and / or a rear-facing camera. When device 800 is in an operating mode, such as a shooting mode or a video mode, the front-facing camera and / or rear-facing camera may receive external multimedia data. Each front-facing camera and rear-facing camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

[0128] Audio component 810 is configured to output and / or input audio signals. For example, audio component 810 includes a microphone (MIC) configured to receive external audio signals when device 800 is in an operating mode, such as call mode, recording mode, and voice recognition mode. The received audio signals may be further stored in memory 804 or transmitted via communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

[0129] I / O interface 812 provides an interface between processing component 802 and peripheral interface modules, such as keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to, home buttons, volume buttons, power buttons, and lock buttons.

[0130] Sensor assembly 814 includes one or more sensors for providing state assessments of various aspects of device 800. For example, sensor assembly 814 may detect the on / off state of device 800, the relative positioning of components such as the display and keypad of device 800, changes in the position of device 800 or a component of device 800, the presence or absence of user contact with device 800, the orientation or acceleration / deceleration of device 800, and temperature changes of device 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. Sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, sensor assembly 814 may also include an accelerometer, a gyroscope, a magnetometer, a pressure sensor, or a temperature sensor.

[0131] Communication component 816 is configured to facilitate wired or wireless communication between device 800 and other devices. Device 800 can access wireless networks based on communication standards, such as WiFi, 2G, or 3G, or combinations thereof. In one exemplary embodiment, communication component 816 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, communication component 816 also includes a near-field communication (NFC) module to facilitate short-range communication. For example, the NFC module may be implemented based on radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra-wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

[0132] In an exemplary embodiment, the apparatus 800 may be implemented by one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components to perform the methods described above.

[0133] In an exemplary embodiment, a non-transitory computer-readable storage medium including instructions is also provided, such as a memory 804 including instructions, which can be executed by a processor 820 of the device 800 to perform the above-described method. For example, the non-transitory computer-readable storage medium may be a ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, and optical data storage device, etc.

[0134] This application also provides a computer program product, which includes: a computer program stored in a readable storage medium, at least one processor of the control device can read the computer program from the readable storage medium, and the at least one processor executes the computer program to cause the control device to perform the scheme provided in any of the above embodiments.

[0135] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are all optional embodiments, and the actions and modules involved are not necessarily essential to this application.

[0136] It should be further noted that although the steps in the flowchart are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowchart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.

[0137] It should be understood that the above-described device embodiments are merely illustrative, and the device of this application can also be implemented in other ways. For example, the division of units / modules in the above embodiments is only a logical functional division, and there may be other division methods in actual implementation. For example, multiple units, modules, or components may be combined, or integrated into another system, or some features may be ignored or not executed.

[0138] Furthermore, unless otherwise specified, the functional units / modules in the various embodiments of this application can be integrated into one unit / module, or each unit / module can exist physically separately, or two or more units / modules can be integrated together. The integrated units / modules described above can be implemented in hardware or as software program modules.

[0139] When an integrated unit / module is implemented in hardware, the hardware can be digital circuits, analog circuits, etc. The physical implementation of the hardware structure includes, but is not limited to, transistors, memristors, etc. Unless otherwise specified, the processor can be any suitable hardware processor, such as a CPU, GPU, FPGA, DSP, and ASIC, etc. Unless otherwise specified, the storage unit can be any suitable magnetic or magneto-optical storage medium, such as Resistive Random Access Memory (RRAM), Dynamic Random Access Memory (DRAM), Static Random Access Memory (SRAM), Enhanced Dynamic Random Access Memory (EDRAM), High-Bandwidth Memory (HBM), Hybrid Memory Cube (HMC), etc.

[0140] If the integrated unit / module is implemented as a software program module and sold or used as an independent product, it can be stored in a computer-readable storage device (CMD). Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a memory and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned memory includes various media capable of storing program code, such as a USB flash drive, read-only memory (ROM), random access memory (RAM), portable hard drive, magnetic disk, or optical disk.

[0141] In the above embodiments, the descriptions of each embodiment have their own emphasis. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments. The technical features of the above embodiments can be combined arbitrarily. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as these combinations of technical features do not contradict each other, they should be considered within the scope of this specification.

[0142] Other embodiments of this application will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The specification and examples are to be considered exemplary only, and the true scope and spirit of this application are indicated by the following claims.

[0143] It should be understood that this application is not limited to the precise structure described above and shown in the accompanying drawings, and various modifications and changes can be made without departing from its scope. The scope of this application is limited only by the appended claims.

Claims

1. A flow monitoring method, characterized in that, The method includes: Based on a preset process, the basic configuration of the virtual router is created; wherein, the basic configuration includes namespaces and virtual network devices; Based on the preset process, a preset flow table or preset rule is sent to the namespace corresponding to the virtual route; Based on the preset process, the cache information of the virtual route is sent to the local cache file; Read the local cache file to determine the target virtual route; wherein, the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route that needs to be monitored for traffic; Obtaining traffic information of the target virtual route includes: determining that the namespace corresponding to the target virtual route is a target namespace; obtaining traffic information of the target virtual route in the target namespace; wherein, the traffic information includes traffic data of the elastic public network of the target virtual route, traffic data of the virtual network device of the target virtual route, and connection data of the target virtual route; Upload the traffic information of the target virtual router to the preset storage system; The process of obtaining traffic information for the target virtual route corresponding to the target namespace includes: Obtain network packet data and network throughput data of the virtual network device of the target virtual route in the target namespace; Based on the preset flow table or preset rules in the target namespace, obtain the network packet volume data of the elastic public network of the target virtual route and the network throughput data of the elastic public network of the target virtual route; Obtain the connection data of the target virtual route in the target namespace.

2. The method according to claim 1, characterized in that, The preset flow table includes flow matching conditions and execution actions. The execution actions are used to count the flow when the circulating data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the circulating data packets.

3. The method according to any one of claims 1-2, characterized in that, The method further includes: Start the monitoring process; wherein the monitoring process is used for traffic monitoring; Determining the target virtual route based on the local cache file includes: determining the target virtual route based on the monitoring process and the local cache file; Obtaining traffic information of the target virtual route includes: obtaining traffic information of the target virtual route based on the monitoring process; Uploading the traffic information of the target virtual router to a preset storage system includes: based on the monitoring process, uploading the traffic information of the target virtual router to a preset storage system.

4. A flow monitoring device, characterized in that, The device includes: The creation unit is used to create the basic configuration of a virtual route based on a preset process; the basic configuration includes namespaces and virtual network devices. The first distribution unit is used to distribute preset flow tables or preset rules to the namespace corresponding to the virtual route based on a preset process. The second distribution unit is used to distribute the cache information of the virtual route to the local cache file based on a preset process; The first processing unit is used to read a local cache file and determine the target virtual route; wherein the local cache file includes cache information of one or more virtual routes, each cache information includes the identification information of the corresponding virtual route, the elastic public network information of the corresponding virtual route, and the virtual network device information of the corresponding virtual route, and the target virtual route is the virtual route that needs to be monitored for traffic. An acquisition unit is configured to acquire traffic information of the target virtual route, including: determining that the namespace corresponding to the target virtual route is a target namespace; acquiring traffic information of the target virtual route in the target namespace; wherein the traffic information includes traffic data of the elastic public network of the target virtual route, traffic data of the virtual network device of the target virtual route, and connection data of the target virtual route; wherein acquiring traffic information of the target virtual route in the target namespace includes: acquiring network packet data and network throughput data of the virtual network device of the target virtual route in the target namespace; acquiring network packet data and network throughput data of the elastic public network of the target virtual route based on a preset flow table or preset rule in the target namespace; and acquiring connection data of the target virtual route in the target namespace. The transmission unit is used to upload the traffic information of the target virtual route to a preset storage system.

5. The apparatus according to claim 4, characterized in that, The preset flow table includes flow matching conditions and execution actions. The execution actions are used to count the flow when the flowing data packets meet the flow matching conditions. The preset rules are used to indicate the flow matching rules and flow counting rules for the flowing data packets.

6. The apparatus according to any one of claims 4-5, characterized in that, The device further includes: The second processing unit is used to initiate the monitoring process; wherein, the monitoring process is used for traffic monitoring. The first processing unit is specifically used to: determine the target virtual route based on the monitoring process and the local cache file; The acquisition unit is specifically used to: acquire traffic information of the target virtual route based on the monitoring process; The transmission unit is specifically used to: upload the traffic information of the target virtual route to a preset storage system based on the monitoring process.

7. An electronic device, characterized in that, include: A processor, and a memory communicatively connected to the processor; The memory stores computer-executed instructions; The processor executes computer execution instructions stored in the memory to implement the method as described in any one of claims 1 to 3.

8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer-executable instructions, which, when executed by a processor, are used to implement the method as described in any one of claims 1 to 3.

9. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a processor, is used to implement the method of any one of claims 1 to 3.