技术领域Technical field
本发明属于网络通信与数据可视化展示技术领域,具体涉及一种基于有限状态机的端口实时数据流可视化方法及其系统。The invention belongs to the technical field of network communication and data visualization display, and specifically relates to a port real-time data flow visualization method and system based on a finite state machine.
背景技术Background technique
当前以Linux Bridge为代表的虚拟路径管理机制在一定程度上克服了物理交换机的管理复杂度,但仍存在传输路径阻塞以及任务协调滞后等问题,难以满足用户对数据传输及虚拟进程的有效控制,影响系统实际运行处理效率,增大路径管理难度,传输过程的路径拥塞和数据包传输过程不可控。The current virtual path management mechanism represented by Linux Bridge has overcome the management complexity of physical switches to a certain extent, but there are still problems such as transmission path blocking and task coordination lag, making it difficult for users to effectively control data transmission and virtual processes. It affects the actual operation and processing efficiency of the system, increases the difficulty of path management, causes path congestion during the transmission process, and makes the data packet transmission process uncontrollable.
发明内容Contents of the invention
本发明的目的在于提供一种基于有限状态机的端口实时数据流可视化方法及其系统,以解决的传输过程的路径拥塞和数据包传输过程不可控问题。The purpose of the present invention is to provide a port real-time data flow visualization method and system based on a finite state machine to solve the problems of path congestion in the transmission process and uncontrollable data packet transmission process.
为实现上述目的,本发明提供如下技术方案:一种基于有限状态机的端口实时数据流可视化方法,具体步骤如下:In order to achieve the above objectives, the present invention provides the following technical solution: a finite state machine-based port real-time data flow visualization method. The specific steps are as follows:
步骤1、授权用户通过在主设备搭建Linux系统并设计从设备及虚拟机结构,利用Bridge软件对系统内部的网桥进行搭建;Step 1. The authorized user builds a Linux system on the master device, designs the slave device and virtual machine structure, and uses Bridge software to build the network bridge within the system;
步骤2、数据传输过程启动后,利用Linux Bridge在MAC地址数据库中记录和更新已有通信路径;Step 2. After the data transmission process is started, use Linux Bridge to record and update the existing communication path in the MAC address database;
步骤3、在Linux Bridge中设置可视化监控接口,并且为可视化监控接口设置标记识别功能并与用户界面可视化窗口联系;Step 3. Set up the visual monitoring interface in Linux Bridge, set the mark recognition function for the visual monitoring interface and contact the user interface visualization window;
步骤4、通过标记方案中的不同状态显示对通信路径中的数据包进行缓存和时序可视化显示;Step 4. Cache and visualize the timing of data packets in the communication path through different status displays in the marking scheme;
步骤5、授权用户通过可视化窗口对可用路径和数据传输进行个性化动态监控和超时设置;Step 5. Authorize users to perform personalized dynamic monitoring and timeout settings of available paths and data transmission through the visual window;
步骤6、数据包被接收后,首先从网卡传输到Ring Buffer中,然后依次经过硬中断、软中断处理,在软中断中再依次把包送到设备层、协议栈,最后唤醒应用程序;Step 6. After the data packet is received, it is first transmitted from the network card to the Ring Buffer, and then goes through hard interrupt and soft interrupt processing in sequence. In the soft interrupt, the packet is sent to the device layer and protocol stack in turn, and finally wakes up the application program;
步骤7、对于连接到网桥上的Veth设备,当其收到数据包时,不会进入协议栈而是转入网桥处理,网桥找到合适的转发口Veth,通过此Veth将数据转发出去;Step 7. For the Veth device connected to the bridge, when it receives the data packet, it will not enter the protocol stack but will be transferred to the bridge for processing. The bridge finds the appropriate forwarding port Veth and forwards the data through this Veth. ;
步骤8、根据路径更新和老化机制,对地址数据库中拥塞或超时路径进行更新和删除,增强系统传输过程的可控性并减少路径拥塞情况发生。Step 8. According to the path update and aging mechanism, update and delete congested or timed out paths in the address database to enhance the controllability of the system transmission process and reduce path congestion.
一种基于有限状态机的端口实时数据流可视化方法的系统,包括可视化操作模块、数据流时序监控模块和状态协调管理模块,所述可视化操作模块具体为用户提供系统内数据实时传输可视化展示与操作界面,被授权用户可跨设备搭建通信路径并对监控节点间实施数据流控,对系统整体数据流结构和流量进行可视化分析操作;所述数据流时序监控模块具体为通过Bridge绑定Linux其他网络设备作为从设备,关联基于MAC地址的过滤数据库,利用Linux bridge对地址库相应的数据帧传输线路进行监控和超时设置,通过时序化流量监控方案为系统路径规划和用户操作提供参考信息;所述状态协调管理模块具体是对系统内虚拟设备通信状态进行管理,根据通信过程有限状态机规划路径数量和状态,协调可视化操作模块与数据流时序监控模块,避免通信拥塞。A system based on a finite state machine-based port real-time data flow visualization method, including a visual operation module, a data flow timing monitoring module and a status coordination management module. The visual operation module specifically provides users with visual display and operation of real-time transmission of data in the system. Interface, authorized users can build communication paths across devices and implement data flow control between monitoring nodes, and perform visual analysis operations on the overall data flow structure and traffic of the system; the data flow timing monitoring module is specifically bound to other Linux networks through Bridge As a slave device, the device is associated with a filtering database based on MAC addresses, uses Linux bridge to monitor and timeout the data frame transmission lines corresponding to the address database, and provides reference information for system path planning and user operations through a timed traffic monitoring solution; as described The state coordination management module specifically manages the communication status of virtual devices in the system, plans the number and status of paths according to the finite state machine of the communication process, and coordinates the visual operation module and the data flow timing monitoring module to avoid communication congestion.
优选的,所述步骤2中MAC地址数据库具体涉及MAC地址和MAC地址数据库管理机制;Preferably, the MAC address database in step 2 specifically involves the MAC address and the MAC address database management mechanism;
所述MAC地址及地址数据库管理机制主要包括:The MAC address and address database management mechanism mainly includes:
(1)利用虚拟数据库记录虚拟交换机中保存的各种配置信息;(1) Use the virtual database to record various configuration information saved in the virtual switch;
(2)若虚拟网络设备Veth和协议栈之间保持联系,将协议栈和设备之间的联系视为网线联系;(2) If the virtual network device Veth and the protocol stack are connected, the connection between the protocol stack and the device is regarded as a network cable connection;
(3)网桥数据库中每个通信网桥维护一个基于MAC地址的过滤数据库,网桥根据这个数据库,把收到的帧往相应的局域网进行转发;(3) Each communication bridge in the bridge database maintains a filtering database based on MAC addresses. Based on this database, the bridge forwards received frames to the corresponding LAN;
(4)在过滤数据库中,列出了每个可能的目的地及所属的输出线路,并对表项进行超时设置;(4) In the filtering database, each possible destination and its corresponding output line are listed, and the timeout is set for the table entry;
(5)随着数据库表项的路径任务时长增长,设置超过某阈值则从数据库中清除,通常将路径老化时间设置为路径阻塞300秒以上。(5) As the path task duration of database table entries increases, if it exceeds a certain threshold, it will be cleared from the database. Usually, the path aging time is set to path blocking for more than 300 seconds.
优选的,步骤2中的数据传输过程中还涉及同步机制,数据传输同步机制主要包括:Preferably, the data transmission process in step 2 also involves a synchronization mechanism. The data transmission synchronization mechanism mainly includes:
(1)连接同宿主机内所有容器的虚拟网络,通过Bridge将数据转发到真实的物理网卡eth0中;(1) Connect the virtual network of all containers in the same host and forward the data to the real physical network card eth0 through Bridge;
(2)收到新数据包时,route在L3网络层,使用路由协议、bridge在L2数据链路层,通过学习和缓存在链路上传输的数据包中的源地址以及物理层的输入端口,记录源MAC地址和输入端口;(2) When a new data packet is received, the route is in the L3 network layer, using the routing protocol, and the bridge is in the L2 data link layer, by learning and caching the source address in the data packet transmitted on the link and the input port of the physical layer , record the source MAC address and input port;
(3)根据数据包中的目的MAC地址查找本地缓存,判断能否找到对应的MAC地址记录;(3) Search the local cache according to the destination MAC address in the data packet to determine whether the corresponding MAC address record can be found;
(4)若发现记录不在本地网络,直接丢弃数据包;(4) If it is found that the record is not in the local network, the data packet will be discarded directly;
(5)若发现记录存在对应的端口,则将数据包直接从该端口转发出去;(5) If the corresponding port is found in the record, the data packet will be forwarded directly from the port;
(6)如果本地缓存中不存在任何记录,则在本网段中进行广播。(6) If there is no record in the local cache, broadcast will be performed in this network segment.
优选的,所述步骤3中为可视化监控接口设置标记识别功能中的数据可视化标记方案主要包括:Preferably, the data visualization marking scheme in setting the mark recognition function for the visual monitoring interface in step 3 mainly includes:
(1)在Linux系统中创建Bridge并为其设置可视化端口及相关协议,本模块提供表视图和详细信息视图两种视图,数据包传输过程利用帧传送形式进行过滤;(1) Create a Bridge in the Linux system and set up visual ports and related protocols for it. This module provides two views: table view and detailed information view. The data packet transmission process uses frame transmission for filtering;
(2)根据ACK/ECN数据包、短流与长流数据包的不同特点建立流的多级优先级队列,在交换机中HDCQ方法根据当前的负载状态动态调节短流队列的ECN标记阈值;(2) Establish a multi-level priority queue for flows based on the different characteristics of ACK/ECN packets, short-flow and long-flow data packets. In the switch, the HDCQ method dynamically adjusts the ECN marking threshold of the short-flow queue according to the current load status;
(3)根据当前缓存状态重新设置数据包优先级,减少方法的空间复杂度,使交换机处于浅缓存的状态以保证数据中心网络的低时延。(3) Reset the data packet priority according to the current cache status, reduce the space complexity of the method, and put the switch in a shallow cache state to ensure low latency of the data center network.
优选的,所述步骤8中对地址数据库中拥塞或超时路径进行更新和删除的主要机制包括:Preferably, the main mechanism for updating and deleting congested or timed-out paths in the address database in step 8 includes:
(1)查询网桥表中是否有数据包的源MAC;若无,将该MAC地址及其所对应的网桥端口信息加入网桥表,若有则继续下一步;(1) Query whether there is the source MAC of the data packet in the bridge table; if not, add the MAC address and its corresponding bridge port information to the bridge table; if there is, continue to the next step;
(2)查询过滤数据库,确定数据包中的目的MAC地址是否在除本端口外的其它端口中,若无则不进行转发;(2) Query the filtering database to determine whether the destination MAC address in the data packet is in a port other than this port. If not, it will not be forwarded;
(3)在转发时,如果目的MAC地址在过滤数据库中的某个端口中,确定该端口是否处在阻塞或转发状态;(3) During forwarding, if the destination MAC address is in a certain port in the filtering database, determine whether the port is in blocking or forwarding state;
(4)如果该端口是非阻塞的,把该数据帧通过此端口转发到它所连接的LAN中;(4) If the port is non-blocking, forward the data frame to the LAN to which it is connected through this port;
(5)在转发时,如果目的MAC地址未找到,把该数据帧向除了它所到来的端口外的所有端口进行转发。(5) During forwarding, if the destination MAC address is not found, the data frame is forwarded to all ports except the port from which it arrived.
优选的,所述数据流时序监控模块处理步骤主要包括:Preferably, the processing steps of the data stream timing monitoring module mainly include:
(1)利用Linux数据流时序监控模块qdisc将数据包缓存,用来控制网络收发速度。若收到数据包的网卡属于某个网桥,数据包将进入链路层(Link layer),经过一些链路层的hook点,以及二层交换机的查表转发功能,根据数据包目的MAC地址判断此数据包是转发还是交给上层处理;(1) Use the Linux data flow timing monitoring module qdisc to cache data packets to control the network sending and receiving speed. If the network card that receives the data packet belongs to a certain network bridge, the data packet will enter the link layer and pass through some link layer hook points and the table lookup forwarding function of the layer 2 switch. According to the destination MAC address of the data packet Determine whether this data packet is forwarded or handed over to the upper layer for processing;
(2)若数据包的源网卡不属于某网桥,则直接进入网络层(Network Layer),经过一些网络层的hook点,然后进行路由选择,根据系统路由表决定数据包是转发或交给本地处理;(2) If the source network card of the data packet does not belong to a certain network bridge, it directly enters the Network Layer, passes through some network layer hook points, and then performs routing selection. It determines whether the data packet is forwarded or handed over according to the system routing table. local processing;
(3)在链路层网桥中处理IP数据包,将选择的监控节点的网络数据包接入监控模块,从而在主机层面控制进出虚拟机的流量。(3) Process IP data packets in the link layer bridge and connect the network data packets of the selected monitoring node to the monitoring module to control the traffic in and out of the virtual machine at the host level.
本发明的技术效果和优点:在主设备搭建Linux系统并设计从设备及虚拟机结构,利用Bridge软件实现对系统内部的网桥记录与管理,同时在Linux Bridge中设置可视化监控接口,通过标记方案中的不同状态显示对通信路径中的数据包进行缓存和时序可视化显示,对传输过程进行监控和超时设置,同时对地址数据库中拥塞或超时路径进行更新和删除,增强系统传输过程的可控性并减少路径拥塞情况发生,通过提供一种基于LinuxBridge的虚拟通信管理方法及系统,实现了可视化动态控制虚拟机与虚拟网络之间的连通,利用数据包流量的时序显示标记,旨在实现服务器虚拟设备间传输路径的合理规划以及不同权限用户对虚拟设备的动态可视化流控管。The technical effects and advantages of the present invention: build a Linux system on the master device and design the structure of the slave device and virtual machine, use Bridge software to realize the recording and management of network bridges within the system, and at the same time set up a visual monitoring interface in the Linux Bridge, and use the marking scheme Different status displays in the system can cache and visualize the timing of data packets in the communication path, monitor and set timeouts for the transmission process, and update and delete congested or timeout paths in the address database to enhance the controllability of the system transmission process. And reduce the occurrence of path congestion. By providing a virtual communication management method and system based on LinuxBridge, it realizes visual and dynamic control of the connection between virtual machines and virtual networks, and uses the timing display marks of data packet traffic to realize server virtualization. Reasonable planning of transmission paths between devices and dynamic visual flow control management of virtual devices by users with different permissions.
附图说明Description of the drawings
图1为本发明的一种实施例的系统结构框图;Figure 1 is a system structural block diagram of an embodiment of the present invention;
图2为本发明的一种实施例的可视化窗口示意图;Figure 2 is a schematic diagram of a visualization window according to an embodiment of the present invention;
图3为本发明的一种实施例的有限状态机转换机制示意图;Figure 3 is a schematic diagram of the finite state machine conversion mechanism according to an embodiment of the present invention;
图4为本发明的一种实施例的数据传输虚拟结构图;Figure 4 is a virtual structure diagram of data transmission according to an embodiment of the present invention;
图5为本发明的一种实施例的数据传输路径同步机制示意图。Figure 5 is a schematic diagram of the data transmission path synchronization mechanism according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例,基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on The embodiments of the present invention and all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.
实施例一,本发明提供了如图中所示的一种基于有限状态机的端口实时数据流可视化方法,具体步骤如下:Embodiment 1: The present invention provides a finite state machine-based port real-time data flow visualization method as shown in the figure. The specific steps are as follows:
步骤1、授权用户通过在主设备搭建Linux系统并设计从设备及虚拟机结构,利用Bridge软件对系统内部的网桥进行搭建;Step 1. The authorized user builds a Linux system on the master device, designs the slave device and virtual machine structure, and uses Bridge software to build the network bridge within the system;
步骤2、数据传输过程启动后,利用Linux Bridge在MAC地址数据库中记录和更新已有通信路径,MAC地址数据库具体涉及MAC地址和MAC地址数据库管理机制;Step 2. After the data transmission process is started, use Linux Bridge to record and update the existing communication path in the MAC address database. The MAC address database specifically involves the MAC address and MAC address database management mechanism;
所述MAC地址及地址数据库管理机制主要包括:The MAC address and address database management mechanism mainly includes:
(1)利用虚拟数据库记录虚拟交换机中保存的各种配置信息;(1) Use the virtual database to record various configuration information saved in the virtual switch;
(2)若虚拟网络设备Veth和协议栈之间保持联系,将协议栈和设备之间的联系视为网线联系;(2) If the virtual network device Veth and the protocol stack are connected, the connection between the protocol stack and the device is regarded as a network cable connection;
(3)网桥数据库中每个通信网桥维护一个基于MAC地址的过滤数据库,网桥根据这个数据库,把收到的帧往相应的局域网进行转发;(3) Each communication bridge in the bridge database maintains a filtering database based on MAC addresses. Based on this database, the bridge forwards received frames to the corresponding LAN;
(4)在过滤数据库中,列出了每个可能的目的地及所属的输出线路,并对表项进行超时设置;(4) In the filtering database, each possible destination and its corresponding output line are listed, and the timeout is set for the table entry;
(5)随着数据库表项的路径任务时长增长,设置超过某阈值则从数据库中清除,通常将路径老化时间设置为路径阻塞300秒以上;(5) As the path task duration of the database table item increases, if it exceeds a certain threshold, it will be cleared from the database. Usually, the path aging time is set to path blocking for more than 300 seconds;
步骤3、在Linux Bridge中设置可视化监控接口,并且为可视化监控接口设置标记识别功能并与用户界面可视化窗口联系,可视化监控接口设置标记识别功能中的数据可视化标记方案主要包括:Step 3. Set up the visual monitoring interface in Linux Bridge, and set the mark recognition function for the visual monitoring interface and contact the user interface visualization window. The data visualization mark scheme in the visual monitoring interface setting mark recognition function mainly includes:
(1)在Linux系统中创建Bridge并为其设置可视化端口及相关协议,本模块提供表视图和详细信息视图两种视图,数据包传输过程利用帧传送形式进行过滤;(1) Create a Bridge in the Linux system and set up visual ports and related protocols for it. This module provides two views: table view and detailed information view. The data packet transmission process uses frame transmission for filtering;
(2)根据ACK/ECN数据包、短流与长流数据包的不同特点建立流的多级优先级队列,在交换机中HDCQ方法根据当前的负载状态动态调节短流队列的ECN标记阈值;(2) Establish a multi-level priority queue for flows based on the different characteristics of ACK/ECN packets, short-flow and long-flow data packets. In the switch, the HDCQ method dynamically adjusts the ECN marking threshold of the short-flow queue according to the current load status;
(3)根据当前缓存状态重新设置数据包优先级,减少方法的空间复杂度,使交换机处于浅缓存的状态以保证数据中心网络的低时延;(3) Reset the data packet priority according to the current cache status, reduce the space complexity of the method, and put the switch in a shallow cache state to ensure low latency of the data center network;
步骤4、通过标记方案中的不同状态显示对通信路径中的数据包进行缓存和时序可视化显示;Step 4. Cache and visualize the timing of data packets in the communication path through different status displays in the marking scheme;
步骤5、授权用户通过可视化窗口对可用路径和数据传输进行个性化动态监控和超时设置;Step 5. Authorize users to perform personalized dynamic monitoring and timeout settings of available paths and data transmission through the visual window;
步骤6、数据包被接收后,首先从网卡传输到Ring Buffer中,然后依次经过硬中断、软中断处理,在软中断中再依次把包送到设备层、协议栈,最后唤醒应用程序,地址数据库中拥塞或超时路径进行更新和删除的主要机制包括:Step 6. After the data packet is received, it is first transmitted from the network card to the Ring Buffer, and then processed through hard interrupt and soft interrupt in sequence. In the soft interrupt, the packet is sent to the device layer and protocol stack in turn, and finally wakes up the application program, address The main mechanisms for updating and deleting congested or timed-out paths in the database include:
(1)查询网桥表中是否有数据包的源MAC;若无,将该MAC地址及其所对应的网桥端口信息加入网桥表,若有则继续下一步;(1) Query whether there is the source MAC of the data packet in the bridge table; if not, add the MAC address and its corresponding bridge port information to the bridge table; if there is, continue to the next step;
(2)查询过滤数据库,确定数据包中的目的MAC地址是否在除本端口外的其它端口中,若无则不进行转发;(2) Query the filtering database to determine whether the destination MAC address in the data packet is in a port other than this port. If not, it will not be forwarded;
(3)在转发时,如果目的MAC地址在过滤数据库中的某个端口中,确定该端口是否处在阻塞或转发状态;(3) During forwarding, if the destination MAC address is in a certain port in the filtering database, determine whether the port is in blocking or forwarding state;
(4)如果该端口是非阻塞的,把该数据帧通过此端口转发到它所连接的LAN中;(4) If the port is non-blocking, forward the data frame to the LAN to which it is connected through this port;
(5)在转发时,如果目的MAC地址未找到,把该数据帧向除了它所到来的端口外的所有端口进行转发;(5) During forwarding, if the destination MAC address is not found, the data frame is forwarded to all ports except the port from which it arrived;
步骤7、对于连接到网桥上的Veth设备,当其收到数据包时,不会进入协议栈而是转入网桥处理,网桥找到合适的转发口Veth,通过此Veth将数据转发出去;Step 7. For the Veth device connected to the bridge, when it receives the data packet, it will not enter the protocol stack but will be transferred to the bridge for processing. The bridge finds the appropriate forwarding port Veth and forwards the data through this Veth. ;
步骤8、根据路径更新和老化机制,对地址数据库中拥塞或超时路径进行更新和删除,增强系统传输过程的可控性并减少路径拥塞情况发生。Step 8. According to the path update and aging mechanism, update and delete congested or timed out paths in the address database to enhance the controllability of the system transmission process and reduce path congestion.
如图5所示,数据传输过程中还涉及同步机制,数据传输同步机制主要包括:As shown in Figure 5, the data transmission process also involves a synchronization mechanism. The data transmission synchronization mechanism mainly includes:
(1)连接同宿主机内所有容器的虚拟网络,通过Bridge将数据转发到真实的物理网卡eth0中;(1) Connect the virtual network of all containers in the same host and forward the data to the real physical network card eth0 through Bridge;
(2)收到新数据包时,route在L3网络层,使用路由协议、bridge在L2数据链路层,通过学习和缓存在链路上传输的数据包中的源地址以及物理层的输入端口,记录源MAC地址和输入端口;(2) When a new data packet is received, the route is in the L3 network layer, using the routing protocol, and the bridge is in the L2 data link layer, by learning and caching the source address in the data packet transmitted on the link and the input port of the physical layer , record the source MAC address and input port;
(3)根据数据包中的目的MAC地址查找本地缓存,判断能否找到对应的MAC地址记录;(3) Search the local cache according to the destination MAC address in the data packet to determine whether the corresponding MAC address record can be found;
(4)若发现记录不在本地网络,直接丢弃数据包;(4) If it is found that the record is not in the local network, the data packet will be discarded directly;
(5)若发现记录存在对应的端口,则将数据包直接从该端口转发出去;(5) If the corresponding port is found in the record, the data packet will be forwarded directly from the port;
(6)如果本地缓存中不存在任何记录,则在本网段中进行广播。(6) If there is no record in the local cache, broadcast will be performed in this network segment.
如图2所示,一种基于有限状态机的端口实时数据流可视化方法的系统,包括可视化操作模块、数据流时序监控模块和状态协调管理模块,所述可视化操作模块具体为用户提供系统内数据实时传输可视化展示与操作界面,被授权用户可跨设备搭建通信路径并对监控节点间实施数据流控,对系统整体数据流结构和流量进行可视化分析操作;所述数据流时序监控模块具体为通过Bridge绑定Linux其他网络设备作为从设备,关联基于MAC地址的过滤数据库,利用Linux bridge对地址库相应的数据帧传输线路进行监控和超时设置,通过时序化流量监控方案为系统路径规划和用户操作提供参考信息;所述状态协调管理模块具体是对系统内虚拟设备通信状态进行管理,根据通信过程有限状态机规划路径数量和状态,协调可视化操作模块与数据流时序监控模块,避免通信拥塞。As shown in Figure 2, a system based on a finite state machine-based port real-time data flow visualization method includes a visual operation module, a data flow timing monitoring module and a status coordination management module. The visual operation module specifically provides users with data within the system. Real-time transmission visual display and operation interface, authorized users can build communication paths across devices and implement data flow control between monitoring nodes, and conduct visual analysis and operations on the overall data flow structure and flow of the system; the data flow timing monitoring module is specifically through Bridge binds other Linux network devices as slave devices, associates the filtering database based on MAC addresses, uses Linux bridge to monitor and timeout the data frame transmission lines corresponding to the address database, and provides system path planning and user operations through the timed traffic monitoring solution. Provide reference information; the state coordination management module specifically manages the communication status of virtual devices in the system, coordinates the visual operation module and the data flow timing monitoring module according to the number and status of the finite state machine planning paths in the communication process, and avoids communication congestion.
数据流时序监控模块处理步骤主要包括:The processing steps of the data flow timing monitoring module mainly include:
(1)利用Linux数据流时序监控模块qdisc将数据包缓存,用来控制网络收发速度。若收到数据包的网卡属于某个网桥,数据包将进入链路层(Link layer),经过一些链路层的hook点,以及二层交换机的查表转发功能,根据数据包目的MAC地址判断此数据包是转发还是交给上层处理;(1) Use the Linux data flow timing monitoring module qdisc to cache data packets to control the network sending and receiving speed. If the network card that receives the data packet belongs to a certain network bridge, the data packet will enter the link layer and pass through some link layer hook points and the table lookup forwarding function of the layer 2 switch. According to the destination MAC address of the data packet Determine whether this data packet is forwarded or handed over to the upper layer for processing;
(2)若数据包的源网卡不属于某网桥,则直接进入网络层(Network Layer),经过一些网络层的hook点,然后进行路由选择,根据系统路由表决定数据包是转发或交给本地处理;(2) If the source network card of the data packet does not belong to a certain network bridge, it directly enters the Network Layer, passes through some network layer hook points, and then performs routing selection. It determines whether the data packet is forwarded or handed over according to the system routing table. local processing;
(3)在链路层网桥中处理IP数据包,将选择的监控节点的网络数据包接入监控模块,从而在主机层面控制进出虚拟机的流量。(3) Process IP data packets in the link layer bridge and connect the network data packets of the selected monitoring node to the monitoring module to control the traffic in and out of the virtual machine at the host level.
如图3所示,数据流监控模块还涉及数据流标记,所述数据流标记方案包括组成元素与基本构成,具体为:As shown in Figure 3, the data flow monitoring module also involves data flow marking. The data flow marking scheme includes component elements and basic components, specifically:
(1)以“→”作为数据流标记,并用线条粗细表示不同量级数据流。小于1500字节/秒的数据流定义为小数据流,1500-10000字节/秒以内的数据流用中数据流,大于等于20000字节/秒的数据流定义为大数据流;(1) Use "→" as the data flow mark, and use line thickness to represent data flows of different magnitudes. Data streams less than 1500 bytes/second are defined as small data streams, data streams within 1500-10000 bytes/second are defined as medium data streams, and data streams greater than or equal to 20000 bytes/second are defined as large data streams;
(2)数据流箭头方向代表流向,使用文件名及路径代码命名;(2) The direction of the data flow arrow represents the flow direction, and is named using the file name and path code;
(3)以形如“◻”符号图形作为虚拟设备及系统设备标记形如矩形,具体形状可参考设备实体特征;(3) Use graphics shaped like "◻" symbols as virtual devices and system device markers shaped like rectangles. The specific shapes can refer to the physical characteristics of the equipment;
(4)以“○”代表数据包,并根据数据包大小分为小数据包(<10M)、中数据包(10M—100M)、大数据包(>100M);(4) "○" represents data packets, and according to the size of the data packets, they are divided into small data packets (<10M), medium data packets (10M-100M), and large data packets (>100M);
(5)以“〓”代表对数据进行处理的单元模块,表示对数据的加工或传输过程的处理,它接收一定的数据输入对其进行处理,并产生输出。(5) "〓" represents the unit module that processes data, indicating the processing or transmission process of data. It receives certain data input, processes it, and generates output.
具体的,限状态管理模块的有限状态包括:Specifically, the limited states of the limited state management module include:
(1)OFF状态表示虚拟端口处于关闭状态,状态表示端口故障或者未启动;(1) The OFF status indicates that the virtual port is closed, and the status indicates that the port is faulty or not started;
(2)DOWN状态表示所在路径处于阻塞状态,该状态表示所在路径传输多个任务发生拥塞,无法正常进行;(2) The DOWN state indicates that the path is in a blocked state. This state indicates that the path is congested to transmit multiple tasks and cannot proceed normally;
(3)UP状态表示端口处于打开状态,UP状态表示端口链路协议处于正常启动状态;(3) The UP state indicates that the port is open, and the UP state indicates that the port link protocol is in a normal startup state;
(4)TRANSLATE状态表示端口处于转发状态,在此状态下表示端口正在进行数据传输过程,且可正常运行。(4) The TRANSLATE state indicates that the port is in the forwarding state. In this state, it indicates that the port is in the process of data transmission and can operate normally.
如图4所示,数据传输发送机制,数据传输发送机制具体为:As shown in Figure 4, the data transmission and sending mechanism is specifically as follows:
(1)在系统中应用(如Docker)需要发送数据时,先通过系统调用发送,这个发送会执行到协议栈进行协议头的封装等处理。经由邻居子系统找到要使用的设备(Veth1)后,从这个设备将数据发送出去,Veth1的对端Veth1_p会收到数据包;(1) When an application in the system (such as Docker) needs to send data, it first sends it through a system call. This sending will be executed to the protocol stack for encapsulation of the protocol header and other processing. After finding the device to be used (Veth1) through the neighbor subsystem, the data is sent from this device, and Veth1's peer Veth1_p will receive the data packet;
(2)收到数据的Veth1_p代表一个连接在Bridge上的设备,此时Bridge接管该Veth的数据接收过程,并从其连接的所有设备中查找目的设备,找到Veth2_p后,调用该设备的发送函数将数据发送出去,对端Veth2将收到数据;(2) The Veth1_p that received the data represents a device connected to the Bridge. At this time, the Bridge takes over the data receiving process of the Veth and searches for the destination device from all the devices it is connected to. After finding the Veth2_p, it calls the sending function of the device. Send the data and the peer Veth2 will receive the data;
(3)Veth2 收到数据后,将与eth0等设备类似,进入正常的数据接收处理过程,Docker等应用中的用户态进程将能够收到其他虚拟设备发送过来的数据。(3) After Veth2 receives the data, it will enter the normal data reception processing process similar to eth0 and other devices. User-mode processes in applications such as Docker will be able to receive data sent by other virtual devices.
整体用户在主设备搭建Linux系统并设计从设备及虚拟机结构,利用Bridge软件实现对系统内部的网桥记录与管理,同时在Linux Bridge中设置可视化监控接口,通过标记方案中的不同状态显示对通信路径中的数据包进行缓存和时序可视化显示,对传输过程进行监控和超时设置,同时对地址数据库中拥塞或超时路径进行更新和删除,增强系统传输过程的可控性并减少路径拥塞情况发生,通过提供一种基于Linux Bridge的虚拟通信管理方法及系统,实现了可视化动态控制虚拟机与虚拟网络之间的连通,利用数据包流量的时序显示标记,旨在实现服务器虚拟设备间传输路径的合理规划以及不同权限用户对虚拟设备的动态可视化流控管。The overall user builds a Linux system on the main device and designs the structure of the slave device and virtual machine. The Bridge software is used to record and manage the network bridges within the system. At the same time, a visual monitoring interface is set up in the Linux Bridge, and the different statuses in the marking scheme are displayed. Data packets in the communication path are cached and time series are visually displayed, the transmission process is monitored and timeout settings are performed, and congested or timed out paths in the address database are updated and deleted to enhance the controllability of the system transmission process and reduce path congestion. , by providing a virtual communication management method and system based on Linux Bridge, it realizes visual and dynamic control of the connection between virtual machines and virtual networks, and uses the timing display marks of data packet traffic to realize the transmission path between server virtual devices. Reasonable planning and dynamic visual flow control management of virtual devices by users with different permissions.
最后应说明的是:以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Finally, it should be noted that the above are only preferred embodiments of the present invention and are not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it is still The technical solutions described in the foregoing embodiments may be modified, or equivalent substitutions may be made to some of the technical features. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present invention shall be included in within the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210966067.5ACN115396323B (en) | 2022-08-12 | 2022-08-12 | Port real-time data stream visualization method and system based on finite state machine |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210966067.5ACN115396323B (en) | 2022-08-12 | 2022-08-12 | Port real-time data stream visualization method and system based on finite state machine |
| Publication Number | Publication Date |
|---|---|
| CN115396323A CN115396323A (en) | 2022-11-25 |
| CN115396323Btrue CN115396323B (en) | 2024-03-12 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210966067.5AActiveCN115396323B (en) | 2022-08-12 | 2022-08-12 | Port real-time data stream visualization method and system based on finite state machine |
| Country | Link |
|---|---|
| CN (1) | CN115396323B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119583418A (en)* | 2024-10-10 | 2025-03-07 | 中国兵器装备集团兵器装备研究所 | A method and device for implementing cross-network routing in a distributed soft bus |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973587A (en)* | 2014-05-09 | 2014-08-06 | 清华大学 | Multi-path network congestion control method and device |
| CN109714238A (en)* | 2018-12-11 | 2019-05-03 | 上海云轴信息科技有限公司 | A kind of method and apparatus for realizing inter-virtual machine communication |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9898317B2 (en)* | 2012-06-06 | 2018-02-20 | Juniper Networks, Inc. | Physical path determination for virtual network packet flows |
| US9692690B2 (en)* | 2015-08-03 | 2017-06-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for path monitoring in a software-defined networking (SDN) system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973587A (en)* | 2014-05-09 | 2014-08-06 | 清华大学 | Multi-path network congestion control method and device |
| CN109714238A (en)* | 2018-12-11 | 2019-05-03 | 上海云轴信息科技有限公司 | A kind of method and apparatus for realizing inter-virtual machine communication |
| Publication number | Publication date |
|---|---|
| CN115396323A (en) | 2022-11-25 |
| Publication | Publication Date | Title |
|---|---|---|
| CN108768817B (en) | Virtual network networking system and data packet sending method | |
| EP3995955B1 (en) | Data processing method, network interface card, and server | |
| CN105376154B (en) | Gradual MAC address learning | |
| US6907042B1 (en) | Packet processing device | |
| JP4598462B2 (en) | Provider network providing an L2-VPN service and edge router | |
| JP5850471B2 (en) | COMMUNICATION SYSTEM, CONTROL DEVICE, NODE CONTROL METHOD, AND PROGRAM | |
| US8396986B2 (en) | Method and system of virtual machine migration | |
| JP4481517B2 (en) | Internetwork apparatus and internetwork method | |
| CN104717098B (en) | A kind of data processing method and device | |
| CN102685006A (en) | Method and device for forwarding data messages | |
| CN105227393A (en) | A kind of bidirectional forwarding detection (BFD) method | |
| CN105516025A (en) | End-to-end path control and data transmission method, OpenFlow controller and a switch | |
| CN115396323B (en) | Port real-time data stream visualization method and system based on finite state machine | |
| CN100461764C (en) | Method and system for realizing consistent message forwarding path | |
| EP1696609B1 (en) | Network, router device, route updating suppression method used for the same, and program thereof | |
| CN113965470A (en) | Aviation information network experiment simulation system | |
| CN108924061A (en) | A kind of application identification and management method, system and relevant apparatus | |
| CN1426169A (en) | Method for improving route repeat liability of access server | |
| CN102098189A (en) | Method for monitoring CE and routing equipment | |
| WO2012062106A1 (en) | Tunnel multiplexing method for linear protection group and tail-node of tunnel | |
| CN118282940A (en) | Path finding method, message transmission method, device and medium | |
| CN107888520A (en) | Topology collecting method and device | |
| JP3791304B2 (en) | Gateway device and multicast communication system | |
| JP4461017B2 (en) | Data packet routing method and apparatus for implementing the method | |
| JP2017208718A (en) | Communication apparatus and communication method |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |