CN111385377A

Movatterモバイル変換

Info

Publication number: CN111385377A
Application number: CN202010140233.7A
Authority: CN
Inventors: 蒋世齐
Original assignee: Sangfor Technologies Co Ltd
Current assignee: Sangfor Technologies Co Ltd
Priority date: 2020-03-03
Filing date: 2020-03-03
Publication date: 2020-07-07
Anticipated expiration: 2040-03-03
Also published as: CN111385377B

Abstract

The embodiment of the application discloses a method, equipment and a storage medium for processing IP address conflict, wherein the method comprises the steps of obtaining host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier; if the target host corresponding to the target IP address is controlled, determining at least one host identifier corresponding to the target IP address based on the first mapping relation; acquiring at least one host state corresponding to the at least one host identifier; and determining a target host in a controllable state based on the at least one host state, and performing control operation on the target host. Therefore, when the host is controlled, if the IP address conflict phenomenon occurs, the controlled target host is identified according to the host state, the accurate positioning of the control object is realized, and the condition that the host identification is wrong due to the IP address conflict is avoided.

Description

IP address conflict processing method, equipment and storage medium

Technical Field

The present application relates to computer technologies, and in particular, to a method, a device, and a storage medium for processing an IP address conflict.

Background

The terminal management control platform distinguishes the hosts through agent _ id, one host has a unique agent _ id, and the agent _ id is related to hardware of the host and is unrelated to Internet Protocol (IP) of the host. When a Host logs in a server, the server automatically allocates an IP address to the Host, namely, a Dynamic Host Configuration Protocol (DHCP) function is started after the IP is automatically allocated, the server automatically allocates the IP address to the Host in a network environment and provides Host Configuration parameters, different hosts may be allocated with the same IP address, namely, one IP address may correspond to a plurality of agent _ ids.

Application Function (AF) entities are distinguished from one host to another by IP, and different hosts are considered to be the same host as long as the IP is the same. After the terminal management control platform synchronizes the host information to AF, AF searches corresponding agent _ id in the agent _ id-IP table through IP search, and the purpose of controlling the corresponding host is achieved after sending a control instruction to the terminal management control platform. If agent _ id is wrong, the control object is also wrong, resulting in a situation where the error is handled.

Disclosure of Invention

In order to solve the foregoing technical problem, embodiments of the present application are intended to provide a method, a device, and a storage medium for processing an IP address conflict.

The technical scheme of the application is realized as follows:

in a first aspect, an IP address conflict processing method is provided, where the method includes:

acquiring host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

if the target host corresponding to the target IP address is controlled, determining at least one host identifier corresponding to the target IP address based on the first mapping relation;

acquiring at least one host state corresponding to the at least one host identifier;

and determining a target host in a controllable state based on the at least one host state, and performing control operation on the target host.

In the foregoing solution, the determining, by the first mapping relationship, at least one host identifier corresponding to the target IP address includes:

judging whether the target IP address is matched with the target IP address in the first mapping relation;

when the target IP address is matched with the target IP address, taking at least one host identity corresponding to the target IP address as a host identity corresponding to the target IP address;

and when the target IP address is not matched with the target IP address, continuously judging whether the target IP address is matched with a second IP address in the first mapping relation.

In the foregoing solution, the determining the target host in the controllable state based on the at least one host state includes: and when the target IP address corresponds to one host identity, directly taking the host corresponding to the host identity corresponding to the target IP address as the target host.

In the foregoing solution, the determining the target host in the controllable state based on the at least one host state includes: when the target IP address corresponds to at least two host identifiers, acquiring a first host state corresponding to a first host identifier from the at least two host identifiers; when the first host state is a controllable state, determining that the host corresponding to the first host identifier is a target host; and if the first host state corresponding to the first host identity is a non-controllable state, acquiring the host state corresponding to the next host identity from the at least two host identities to judge the host state.

In the above scheme, the controllable state is an online state, and the uncontrollable state is an offline state.

In the above solution, the host information further includes a second mapping relationship between a host identifier of the host in the target network and a host status; the obtaining of the at least one host state corresponding to the at least one host identifier includes: and determining at least one host state corresponding to the at least one host identifier based on the second mapping relation.

In the foregoing solution, the obtaining at least one host status corresponding to the at least one host identifier includes: receiving the host information sent by the host management equipment;

or generating a host state query instruction based on the at least one host identity; sending the host state query instruction to host management equipment so that the host management equipment queries at least one host state corresponding to the at least one host identifier; and receiving the at least one host state returned by the host management equipment.

In a second aspect, an IP address collision processing device is provided, where the device includes:

an acquisition unit configured to acquire host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

the processing unit is used for determining at least one host identifier corresponding to the target IP address based on the first mapping relation if the target host corresponding to the target IP address is controlled;

the acquiring unit is further configured to acquire at least one host status corresponding to the at least one host identifier;

the processing unit is further used for determining a target host in a controllable state based on the at least one host state;

and the control unit is used for carrying out control operation on the target host.

In a third aspect, another IP address collision processing device is provided, including: a processor and a memory configured to store a computer program operable on the processor, wherein the processor is configured to perform the steps of the aforementioned method when executing the computer program.

In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, wherein the computer program, when executed by a processor, implements the steps of the aforementioned method.

The method, the device and the storage medium for processing the IP address conflict provided by the embodiment of the application comprise the following steps: acquiring host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier; if the target host corresponding to the target IP address is controlled, determining at least one host identifier corresponding to the target IP address based on the first mapping relation; acquiring at least one host state corresponding to the at least one host identifier; and determining a target host in a controllable state based on the at least one host state, and performing control operation on the target host. Therefore, when the host is controlled, if the IP address conflict phenomenon occurs, the controlled target host is identified according to the host state, the accurate positioning of the control object is realized, and the condition that the host identification is wrong due to the IP address conflict is avoided.

Drawings

Fig. 1 is a first flowchart of an IP address conflict processing method in an embodiment of the present application;

FIG. 2 is a first scenario of IP address collision in an embodiment of the present application;

FIG. 3 is a second scenario of IP address collision in an embodiment of the present application;

fig. 4 is a second flowchart of the IP address conflict processing method in the embodiment of the present application;

fig. 5 is a schematic diagram of a third flow of an IP address conflict processing method in the embodiment of the present application;

fig. 6 is a fourth flowchart illustrating an IP address conflict processing method according to an embodiment of the present application;

fig. 7 is a schematic diagram of a first component structure of an IP address conflict processing apparatus in an embodiment of the present application;

fig. 8 is a schematic diagram of a second component structure of an IP address conflict processing apparatus in this embodiment.

Detailed Description

So that the manner in which the features and elements of the present embodiments can be understood in detail, a more particular description of the embodiments, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings.

An embodiment of the present application provides a method for processing an IP address conflict, where fig. 1 is a first flowchart of the method for processing an IP address conflict in the embodiment of the present application, and as shown in fig. 1, the method may specifically include: for each step (the step corresponding to the independent right and the content corresponding to the dependent right described later in the embodiment), the content of the step is explained first, and can be exemplified by combining with the scene diagram

Step 101: acquiring host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

the target network is composed of a plurality of hosts according to a certain networking mode, the target network can be an internal network or a public network of an enterprise, and the terminal management control platform is used for conveniently managing the target network to acquire host information in the target network.

Here, the host id is identification information for uniquely distinguishing the host, the host id is related to hardware in the host, for example, one host has a unique agent _ id, the IP address allocation is automatically allocated through a DHCP function, the server automatically allocates IP addresses and provides host configuration parameters to the hosts in the network environment, different hosts may be allocated the same IP address, that is, one IP address may correspond to multiple agent _ ids.

In the embodiment of the present application, a scenario of IP address conflict is first given, and fig. 2 is a first scenario of IP address conflict in the embodiment of the present application, where there are 3 hosts with the same IP in an intranet, where agent _ id is 111, 112, and 113, respectively, where thehost 111 is in a power-on state, and the

hosts

112 and 113 are in a power-off state (simultaneously, have IP conflict). After the terminal management control platform synchronizes the host information to the AF, the AF needs to handle the host with the IP of 1.1.1.1, and agent _ id found by the AF is 111, and at this time, because thehost 111 is in a power-on state, the control operation on thehost 111 can be successfully realized, and the operation is successful.

Here, the host management apparatus distinguishes the hosts by agent _ id, the AF distinguishes the hosts by IP address, and different hosts are regarded as the same host as long as the IP is the same. After the host management device synchronizes the host information to the AF, the AF searches agent _ id in the table through IP, and sends an instruction to the host management device to achieve the purpose of controlling the host. If agent _ id is wrong, no command can be sent to the host. If the AF finds the agent _ id, the AF cannot continue to find the agent _ id, and thus a handling error occurs.

Fig. 3 is a second scenario of an IP address conflict in the embodiment of the present application, when the first scenario is switched to the second scenario,

hosts

111 and 113 are in a shutdown state at the same time in the second scenario, andhost 112 is in a startup state, and when an AF needs to handle a host with an IP of 1.1.1.1, an agent _ id found by the AF is still 111, at this time, because thehost 111 is in a shutdown state, the control operation on thehost 111 cannot be implemented, and the operation fails.

In some embodiments, obtaining host information for the target network comprises: the method comprises the steps of obtaining at least one host identifier and IP address pair uploaded by a host, wherein the host identifier and the IP address pair of each host form a first mapping relation.

In other embodiments, obtaining host information for the target network includes: when the IP address is allocated to the host, the host identification and the IP address pair are stored by utilizing the host identification and the allocated IP address to resume the host identification and the IP address pair.

In practical application, the acquiring the host information of the target network includes: and receiving the host information sent by the host management equipment. Specifically, the host management device first acquires the host identifier and the IP address of the host, establishes a first mapping relationship between the host identifier and the IP address of each host, constructs the acquired first mapping relationships of all the hosts into host information, and sends the host information to the IP address conflict processing device.

That is, the IP address and the host identity transmitted by the host may be directly received, or indirectly acquired through the host management device. The host management apparatus is a platform that centrally manages all hosts in a target network (e.g., one or more intranets).

Step 102: if the target host corresponding to the target IP address is controlled, determining at least one host identifier corresponding to the target IP address based on the first mapping relation;

here, the first mapping relationship may be a mapping form of an IP address-host identifier pair, for example, the target IP address is one IP address of a plurality of IP address-host identifier pairs stored in advance, and when a host using a certain IP address needs to be controlled, the IP address-host identifier pair is queried according to the IP address to determine the IP address-host identifier pair including the target IP address. The first mapping relationship may also be in the form of a mapping relationship table, for example, in the mapping relationship table, one IP corresponds to one or more host identities.

In practical application, if the host corresponding to the target IP address in the target network needs to be controlled, all hosts corresponding to the target IP address are searched according to the first mapping relationship. Specifically, at least one host identifier corresponding to the target IP address is obtained.

Specifically, whether the target IP address is matched with the target IP address in the first mapping relation is judged;

Step 103: acquiring at least one host state corresponding to the at least one host identifier;

in some embodiments, the host information further includes a second mapping relationship between a host identity and a host status of at least one host in the target network; the obtaining of the at least one host state corresponding to the at least one host identifier includes: and determining at least one host state corresponding to the at least one host identifier based on the second mapping relation in the host information.

That is, the host uploads the IP address and the host identifier and simultaneously uploads the host status of the host, or the host management device simultaneously collects the IP address, the host identifier, and the host status of the host and then sends the collected IP address, host identifier, and host status to the IP address conflict processing device.

Here, the second mapping relation and the first mapping relation may be a mapping form of an IP address-host identity-host state pair, or the second mapping relation table is a mapping form of a host identity-host state pair, or the second mapping relation and the first mapping relation are stored in the same mapping relation table, or the second mapping relation may exist in an independent mapping relation table.

Because the host state changes frequently, the host state can be acquired only when needed in order to ensure the real-time performance of the host state.

Specifically, the obtaining of the at least one host state corresponding to the at least one host identifier includes: generating a host status query instruction based on the at least one host identity; sending the host state query instruction to host management equipment so that the host management equipment queries at least one host state corresponding to the at least one host identifier; and receiving the at least one host state returned by the host management equipment.

Besides acquiring the host state through the host management device, the host state can be directly inquired. For example, a status query request is sent to the host, and a status query result returned by the host is received.

Step 104: and determining a target host in a controllable state based on the at least one host state, and performing control operation on the target host.

In some embodiments, when the target IP address corresponds to one host identifier, a host corresponding to the target IP address and the one host identifier is directly used as the target host.

That is, when a target IP address is assigned to only one host, the host is directly set as a target host without determining the state of the host. And then, if the host is in a controllable state, the control operation can be realized, and if the host is in a non-controllable state, the control operation cannot be realized.

In other embodiments, when the target IP address corresponds to at least two host identities, a first host state corresponding to a first host identity is obtained from the at least two host identities; when the first host state is a controllable state, determining that the host corresponding to the first host identifier is a target host; and if the first host state corresponding to the first host identity is a non-controllable state, acquiring the host state corresponding to the next host identity from the at least two host identities to judge the host state.

That is, when the target IP address is allocated to two or more hosts, it is necessary to judge the state of each host one by one until a host in a controllable state is found as a target host.

In some embodiments, the method further comprises: and judging the host state based on the at least one host state, determining a non-target host in a non-controllable state, and ignoring the non-target host.

In practical application, the controllable state is an online state, and the uncontrollable state is an offline state. That is, when IP address conflict occurs, the host in the online state is selected for control according to "online priority", that is, the online host can be always handled when the host is handled.

In practical application, the operations on the target host can include deep investigation, security scanning, isolation and the like.

Here, the execution subject ofsteps 101 to 104 may be an IP address conflict processing device. Here, the IP address conflict processing device may be a host management device, a firewall device, or the like in the target network.

By adopting the technical scheme, when the host is controlled, if the IP address conflict phenomenon occurs, the controlled target host is identified according to the host state, the accurate positioning of the control object is realized, and the situation of host identification error caused by the IP address conflict is avoided.

On the basis of the foregoing embodiment, a more detailed IP address conflict processing method is further provided, and fig. 4 is a second flow diagram of the IP address conflict processing method in the embodiment of the present application, as shown in fig. 4, if a target IP address corresponds to a host identifier, the method specifically includes:

step 401: acquiring host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

step 402: if the target host corresponding to the target IP address is controlled, determining a host identifier corresponding to the target IP address based on the first mapping relation;

Step 403: taking a host corresponding to a host identifier corresponding to a target IP address as the target host;

that is, when the destination IP address is allocated to only one host, that is, one IP address corresponds to only one IP address and host identification pair, not to a plurality. The host is directly used as a target host without judging the state of the host. And then, if the host is in a controllable state, the control operation can be realized, and if the host is in a non-controllable state, the control operation cannot be realized.

Step 404: and performing control operation on the target host.

On the basis of the foregoing embodiment, a more detailed IP address conflict processing method is further provided, fig. 5 is a third schematic flow chart of the IP address conflict processing method in the embodiment of the present application, and as shown in fig. 5, if a target IP address corresponds to at least two host identities, the method specifically includes:

step 501: acquiring host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

step 502: if the target host corresponding to the target IP address is controlled, determining at least one host identifier corresponding to the target IP address based on the first mapping relation;

step 503: acquiring a first host state corresponding to the first host identifier;

step 504: judging whether the first host state is a controllable state, if so, executingstep 505; if not, go to step 507;

step 505: when the first host state is a controllable state, determining that the host corresponding to the first host identifier is a target host;

that is to say, when host information is queried according to the target IP address, each time a corresponding first host identifier is queried, a first host state corresponding to the first host identifier is obtained, host state judgment is performed, when a target host in a controllable state is found, a control operation is performed on the target host, and the search is finished.

Step 506: performing control operation on the target host;

step 507: if the first host state corresponding to the first host identifier is a non-controllable state, acquiring a next host identifier from the at least two host identifiers, and returning to step 504;

here, when the first host status is in the non-controllable status, the next host identifier is obtained as a new first host identifier, and step 504 is executed again to determine whether the host status corresponding to the next host identifier is in the controllable status.

In practical application, the states of the first hosts corresponding to all the first host identifications are judged one by one according to the target IP address, at least the target host in a controllable state is found, and the process is ended.

In practical application, the method further comprises: generating prompt information aiming at the non-target host in the non-controllable state; and outputting the prompt information. Here, the prompt message is used to prompt the user that there is an IP address conflict and a non-target host in a non-controllable state.

An implementation scenario is further provided on the basis of the foregoing embodiment, and fig. 6 is a fourth flowchart illustrating an IP address conflict processing method in the embodiment of the present application, as shown in fig. 6, the method includes:

step 601: load host information (including agent _ id, IP address, status) synchronized from the host management device to the AF;

step 602: whether i is equal to a quantity threshold; if yes, go to step 603; if not, ending the process;

here, the initial value of i is 0, and the number threshold is the number of agent _ id-ip pairs included in the host information.

Step 603: judging whether the ith agent _ id-ip pair is matched or not, and if not, executing thestep 604; if yes, go to step 605;

that is, whether the IP address in the ith agent _ id-IP is the destination IP address is determined, if the IP address is the destination PI address, it indicates that the ith agent _ id-IP is matched, otherwise, it is not matched.

Step 604: i is added by 1, and returns to thestep 602 to continue to match the next agent _ id-ip pair;

and when all the matches are completed, exiting the match.

Step 605: judging whether a host corresponding to agent _ id is online; if yes, go to step 606, if no, go to step 604;

step 606: and performing control operation on the target host in the online state.

The control operation can be deep investigation, safety scanning, isolation and the like.

An embodiment of the present application further provides an IP address conflict processing apparatus, as shown in fig. 7, where the apparatus includes:

an obtaining unit 701, configured to obtain host information of a target network; wherein the host information comprises a first mapping relationship between an IP address of a host in the target network and at least one host identifier;

a processing unit 702, configured to determine, based on the first mapping relationship, at least one host identifier corresponding to a target IP address if a control operation is performed on the target host corresponding to the target IP address;

the obtaining unit 701 is further configured to obtain at least one host status corresponding to the at least one host identifier;

the processing unit 702 is further configured to determine a target host in a controllable state based on the at least one host state;

a control unit 703, configured to perform a control operation on the target host.

In some embodiments, the processing unit 702 is specifically configured to determine whether the target IP address matches a target IP address in the first mapping relationship; when the target IP address is matched with the target IP address, taking at least one host identity corresponding to the target IP address as a host identity corresponding to the target IP address; and when the target IP address is not matched with the target IP address, continuously judging whether the target IP address is matched with a second IP address in the first mapping relation.

In some embodiments, the processing unit 702 is specifically configured to, when the target IP address corresponds to one host identifier, directly use a host corresponding to the host identifier corresponding to the target IP address as the target host.

In some embodiments, the processing unit 702 is specifically configured to, when the target IP address corresponds to at least two host identities, obtain a first host state corresponding to a first host identity from the at least two host identities; when the first host state is a controllable state, determining that the host corresponding to the first host identifier is a target host; and if the first host state corresponding to the first host identity is a non-controllable state, acquiring the host state corresponding to the next host identity from the at least two host identities to judge the host state.

In some embodiments, the controllable state is an online state and the non-controllable state is an offline state.

In some embodiments, the host information further includes a second mapping relationship between a host identity and a host status of at least one host in the target network; the obtaining unit 701 is specifically configured to determine, based on the second mapping relationship, at least one host status corresponding to the at least one host identifier.

In some embodiments, the obtaining unit 701 is specifically configured to receive the host information sent by a host management device; or generating a host state query instruction based on the at least one host identity; sending the host state query instruction to host management equipment so that the host management equipment queries at least one host state corresponding to the at least one host identifier; and receiving the at least one host state returned by the host management equipment.

An embodiment of the present application further provides another IP address conflict processing apparatus, as shown in fig. 8, the apparatus includes: a processor 801 and a memory 802 configured to store a computer program capable of running on the processor; the processor 801, when running the computer program in the memory 802, implements the steps of any of the methods of the embodiments of the present application.

Of course, in actual practice, the various components in the device are coupled together by abus system 803, as shown in FIG. 8. It is understood that thebus system 803 is used to enable communications among the components. Thebus system 803 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration the various buses are labeled asbus system 803 in figure 8.

The embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method according to any of the embodiments.

In practical applications, the processor may be at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a controller, a microcontroller, and a microprocessor. It is understood that the electronic devices for implementing the above processor functions may be other devices, and the embodiments of the present application are not limited in particular.

The Memory may be a volatile Memory (volatile Memory), such as a Random-Access Memory (RAM); or a non-volatile Memory (non-volatile Memory), such as a Read-Only Memory (ROM), a flash Memory (flash Memory), a Hard Disk (HDD), or a Solid-State Drive (SSD); or a combination of the above types of memories and provides instructions and data to the processor.

It should be noted that: "first," "second," and the like are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.

Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict.

The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims

1. An IP address collision processing method, comprising:

2. The method of claim 1, wherein the determining at least one host identity corresponding to the target IP address based on the first mapping relationship comprises:

3. The method of claim 1, wherein determining the target host in the controllable state based on the at least one host state comprises:

and when the target IP address corresponds to one host identity, directly taking the host corresponding to the host identity corresponding to the target IP address as the target host.

4. The method of claim 1, wherein determining the target host in the controllable state based on the at least one host state comprises:

when the target IP address corresponds to at least two host identifiers, acquiring a first host state corresponding to a first host identifier from the at least two host identifiers;

when the first host state is a controllable state, determining that the host corresponding to the first host identifier is a target host;

and if the first host state corresponding to the first host identity is a non-controllable state, acquiring the host state corresponding to the next host identity from the at least two host identities to judge the host state.

5. The method of claim 4, wherein the controllable state is an online state and the non-controllable state is an offline state.

6. The method according to claim 1, wherein the host information further includes a second mapping relationship between host identities and host statuses of the hosts in the target network;

the obtaining of the at least one host state corresponding to the at least one host identifier includes:

and determining at least one host state corresponding to the at least one host identifier based on the second mapping relation.

7. The method of claim 6, wherein the obtaining at least one host status corresponding to the at least one host identity comprises:

receiving the host information sent by the host management equipment;

8. An IP address collision processing apparatus, characterized in that the apparatus comprises:

9. An IP address collision processing apparatus, the apparatus comprising: a processor and a memory configured to store a computer program capable of running on the processor,

wherein the processor is configured to perform the steps of the method of any one of claims 1 to 7 when running the computer program.

10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.