[go: up one dir, main page]

CN114553798B - Traffic mirroring method, device, electronic equipment, medium and product - Google Patents

Traffic mirroring method, device, electronic equipment, medium and product Download PDF

Info

Publication number
CN114553798B
CN114553798B CN202210043204.8A CN202210043204A CN114553798B CN 114553798 B CN114553798 B CN 114553798B CN 202210043204 A CN202210043204 A CN 202210043204A CN 114553798 B CN114553798 B CN 114553798B
Authority
CN
China
Prior art keywords
virtual
operating system
virtualized operating
port group
ids
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210043204.8A
Other languages
Chinese (zh)
Other versions
CN114553798A (en
Inventor
刘浩
蒋凯
冯顾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Original Assignee
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secworld Information Technology Beijing Co Ltd, Qax Technology Group Inc filed Critical Secworld Information Technology Beijing Co Ltd
Priority to CN202210043204.8A priority Critical patent/CN114553798B/en
Publication of CN114553798A publication Critical patent/CN114553798A/en
Application granted granted Critical
Publication of CN114553798B publication Critical patent/CN114553798B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a flow mirror image method, a device, electronic equipment, a medium and a product, wherein the flow mirror image method comprises the following steps: obtaining virtual switch information corresponding to all virtual switches in a virtualized operating system; according to the virtual switch information, respectively creating mirror image port groups in a promiscuous mode for each virtual switch in a virtualized operating system; setting a virtual network card for an IDS virtual machine which is deployed in advance in a virtualized operating system according to the virtual switch information, and respectively connecting the set virtual network card with mirror image port groups of all virtual switches in the virtualized operating system; the IDS virtual machine obtains the flow of all service virtual machines in the virtualized operating system through the mirror image port group connected with the virtual network card. The invention can complete the flow mirror configuration in the IDS virtual machine network card setting process without manually configuring each network card, thereby reducing a great deal of complicated manual configuration work.

Description

流量镜像方法、装置、电子设备、介质及产品Traffic mirroring method, device, electronic equipment, medium and product

技术领域Technical Field

本发明涉及数据通信监控技术领域,尤其涉及一种流量镜像方法、装置、电子设备、介质及产品。The present invention relates to the field of data communication monitoring technology, and in particular to a traffic mirroring method, device, electronic equipment, medium and product.

背景技术Background technique

流量镜像是将设备上的某一个或多个端口涉及的部分数据、或者全部数据复制到另一个端口,根据复制得到的数据来判断分析网络是否安全,若检测到恶意流量,则可以快速定位到对应的设备。Traffic mirroring is to copy part or all of the data involved in one or more ports on a device to another port, and judge and analyze whether the network is secure based on the copied data. If malicious traffic is detected, the corresponding device can be quickly located.

目前,在vpshere环境下,流量镜像主要分为端口镜像与端口组混杂模式镜像。其中,端口镜像(Port Mirroring)是通过交换机或路由器将虚拟机中的一个或多个源虚拟端口的数据流量转发至某一个目的虚拟端口,通过目的虚拟端口对源虚拟端口进行实时监听。但是,端口镜像只支持分布式交换机,其流量镜像的实现需要预先对每一个虚拟机的虚拟网卡进行配置,从而使得虚拟机与交换机相联通。在虚拟机数量过多的情况下,需要一个个进行手动配置,过于繁琐,浪费时间与精力。At present, in the vpshere environment, traffic mirroring is mainly divided into port mirroring and port group promiscuous mode mirroring. Among them, port mirroring is to forward the data traffic of one or more source virtual ports in the virtual machine to a destination virtual port through a switch or router, and monitor the source virtual port in real time through the destination virtual port. However, port mirroring only supports distributed switches, and the implementation of its traffic mirroring requires the pre-configuration of the virtual network card of each virtual machine so that the virtual machine and the switch are connected. When there are too many virtual machines, they need to be manually configured one by one, which is too cumbersome and wastes time and energy.

端口组混杂模式镜像则既支持分布式交换机,也支持标准交换机,但是其在界面配置过程中,依然有过多配置步骤,整体配置起来也较为繁琐。Port group promiscuous mode mirroring supports both distributed switches and standard switches, but there are still too many configuration steps in the interface configuration process, and the overall configuration is also relatively cumbersome.

由此可见,如何在流量镜像过程中简化配置步骤,是亟待解决的技术问题。Therefore, how to simplify the configuration steps in the traffic mirroring process is a technical problem that needs to be solved urgently.

发明内容Summary of the invention

本发明提供一种流量镜像方法、装置、电子设备、介质及产品,用以解决上述缺陷。The present invention provides a traffic mirroring method, device, electronic equipment, medium and product to solve the above-mentioned defects.

本发明提供一种流量镜像方法,包括:获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上的端口组上的流量镜像;根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The present invention provides a traffic mirroring method, comprising: obtaining virtual switch information corresponding to all virtual switches in a virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple business virtual machines; according to the virtual switch information, creating a mirror port group in a promiscuous mode for each of the virtual switches in the virtualized operating system, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring on the port group on the virtual switch; according to the virtual switch information, setting a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system, and connecting the set virtual network card to the mirror port group of each virtual switch in the virtualized operating system; the IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

根据本发明提供的一种流量镜像方法,所述虚拟交换机为VSphere分布式交换机和VSphere标准交换机中的一种或两种。According to a traffic mirroring method provided by the present invention, the virtual switch is one or both of a VSphere distributed switch and a VSphere standard switch.

根据本发明提供的一种流量镜像方法,所述获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息,包括:调用VMware vSphere中用于获取虚拟交换机信息的应用程序编程接口,获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。According to a traffic mirroring method provided by the present invention, the step of obtaining virtual switch information corresponding to each of all virtual switches in a virtualized operating system includes: calling an application programming interface in VMware vSphere for obtaining virtual switch information to obtain virtual switch information corresponding to each of all virtual switches in the virtualized operating system.

根据本发明提供的一种流量镜像方法,所述为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,包括:调用VMware vSphere中用于创建镜像端口组的应用程序编程接口,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。According to a traffic mirroring method provided by the present invention, a mirror port group in promiscuous mode is created for each virtual switch in the virtualized operating system, including: calling an application programming interface for creating a mirror port group in VMware vSphere, and creating a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system.

根据本发明提供的一种流量镜像方法,所述为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,包括:调用VMware vSphere中用于增加虚拟网卡的应用程序编程接口,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡。According to a traffic mirroring method provided by the present invention, setting a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system includes: calling an application programming interface in VMware vSphere for adding a virtual network card, and setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system.

根据本发明提供的一种流量镜像方法,所述将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接,包括:调用VMware vSphere中用于网卡配置的应用程序编程接口,将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接。According to a traffic mirroring method provided by the present invention, the setting of the virtual network card and the mirror port groups of each virtual switch in the virtualized operating system are connected respectively, including: calling the application programming interface for network card configuration in VMware vSphere, and connecting the set virtual network card and the mirror port groups of each virtual switch in the virtualized operating system respectively.

根据本发明提供的一种流量镜像方法,方法还包括:在虚拟化操作系统上部署IDS虚拟机。According to a traffic mirroring method provided by the present invention, the method also includes: deploying an IDS virtual machine on a virtualized operating system.

本发明还提供一种流量镜像装置,包括:信息获取模块,用于获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;镜像端口组创建模块,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上的端口组上的流量镜像;流量获取模块,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The present invention also provides a traffic mirroring device, comprising: an information acquisition module, used to obtain virtual switch information corresponding to all virtual switches in a virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple business virtual machines; a mirror port group creation module, used to create a mirror port group in a promiscuous mode for each of the virtual switches in the virtualized operating system according to the virtual switch information, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring on the port group on the virtual switch; a traffic acquisition module, used to set a virtual network card for an IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and connect the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system respectively; the IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

本发明还提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行程序时实现如上述任一种流量镜像方法的步骤。The present invention also provides an electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, the steps of any of the above-mentioned traffic mirroring methods are implemented.

本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现如上述任一种流量镜像方法的步骤。The present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the steps of any of the above-mentioned traffic mirroring methods are implemented.

本发明还提供一种计算机程序产品,包括计算机程序,计算机程序被处理器执行时实现如上述任一种流量镜像方法的步骤。The present invention also provides a computer program product, including a computer program, which implements the steps of any of the above-mentioned traffic mirroring methods when executed by a processor.

本发明提供的流量镜像方法、装置、电子设备、介质及产品,其中,流量镜像方法通过为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,以及为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,进而将虚拟网卡与镜像端口组分别连接,从而使得所述IDS虚拟机能够通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量,不需要对每个网卡进行手动配置,减少了大量繁琐的手动配置工作。The present invention provides a traffic mirroring method, device, electronic device, medium and product, wherein the traffic mirroring method creates a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system, and sets a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system, and then connects the virtual network card to the mirror port group respectively, so that the IDS virtual machine can obtain the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card, without the need to manually configure each network card, thereby reducing a large amount of tedious manual configuration work.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the present invention or the prior art, the following briefly introduces the drawings required for use in the embodiments or the description of the prior art. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1是本发明实施例提供的流量镜像方法的流程示意图;FIG1 is a flow chart of a traffic mirroring method according to an embodiment of the present invention;

图2为本发明实施例提供的流量镜像实现示意图;FIG2 is a schematic diagram of implementing traffic mirroring according to an embodiment of the present invention;

图3为本发明实施例提供的流量镜像装置结构示意图;FIG3 is a schematic diagram of the structure of a traffic mirroring device provided in an embodiment of the present invention;

图4为本发明实施例提供的一种电子设备的实体结构示意图。FIG. 4 is a schematic diagram of a physical structure of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明中的附图,对本发明中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be clearly and completely described below in conjunction with the drawings of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

图1是本发明实施例提供的流量镜像方法的流程示意图;如图1所示,该流量镜像方法可以包括以下步骤:FIG. 1 is a flow chart of a traffic mirroring method provided by an embodiment of the present invention; as shown in FIG. 1 , the traffic mirroring method may include the following steps:

步骤101,获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。Step 101: Acquire virtual switch information corresponding to all virtual switches in a virtualized operating system.

在本实施例中,虚拟化操作系统为Esxi,其为VMWare公司的操作系统,内置有虚拟化能力。In this embodiment, the virtualized operating system is Esxi, which is an operating system of VMWare and has built-in virtualization capabilities.

所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接。The virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple service virtual machines.

图2为本发明实施例提供的流量镜像实现示意图。FIG. 2 is a schematic diagram of implementing traffic mirroring according to an embodiment of the present invention.

如图2所示,在一个Esxi上有m个虚拟交换机,每一个虚拟交换机有n个端口组,每一个端口组接a个业务虚拟机(即用来处理用户业务的虚拟机,每个端口组可以接一个业务虚拟机,也可以接多个业务虚拟机),此时,一个Esxi与m*n*a个业务虚拟机相连接,同时处理m*n*a个业务虚拟机上的业务。As shown in Figure 2, there are m virtual switches on an Esxi, each virtual switch has n port groups, and each port group is connected to a business virtual machines (i.e., virtual machines used to process user services. Each port group can be connected to one business virtual machine or multiple business virtual machines). At this time, an Esxi is connected to m*n*a business virtual machines and processes the services on m*n*a business virtual machines at the same time.

在本步骤中,可以在Esxi主机的配置界面获取各个虚拟交换机所对应的虚拟交换机信息,虚拟交换机信息具体包括设备ID、端口ID等信息;也可以通过VMware vSphere中的相关API自动获取,对此不做限定。In this step, the virtual switch information corresponding to each virtual switch can be obtained in the configuration interface of the Esxi host. The virtual switch information specifically includes information such as device ID and port ID. It can also be automatically obtained through the relevant API in VMware vSphere, without limitation.

步骤102,根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。Step 102: Create a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system according to the virtual switch information.

其中,镜像端口组有别于普通端口组的地方,在于可以通过调用VMWare vsphereAPI将镜像端口组设置为混杂模式。混杂模式是vsphere端口组的一个特性,设置成混杂模式的镜像端口组,可以接收到所有别的端口组端口所连接的业务虚机的流量镜像。The difference between the mirror port group and the common port group is that the mirror port group can be set to promiscuous mode by calling VMWare vsphereAPI. Promiscuous mode is a feature of the vsphere port group. The mirror port group set to promiscuous mode can receive the traffic mirroring of all business virtual machines connected to the ports of other port groups.

虚拟交换机上的端口组又是指VSphere软件交换机上的组织单位,一个虚拟交换机可以有多个端口组,一个端口组有多个端口,业务虚拟机的虚拟网卡接在其中的一个端口上。The port group on the virtual switch refers to the organizational unit on the VSphere software switch. A virtual switch can have multiple port groups. A port group has multiple ports. The virtual network card of the business virtual machine is connected to one of the ports.

在本步骤中,可以在Vmware vSphere Distributed Switch上依据m个虚拟交换机信息对n个端口组进行镜像端口组设置,具体地,先为端口组上的a个端口选择端口镜像回话类型,然后指定端口镜像名称与会话详细信息(例如对镜像端口的描述等),继而选择端口镜像源,为镜像端口选择流量源与流量方向,最后选择端口或上行链路作为镜像端口的镜像目标。也可以通过VMware vSphere中的相关API自动为每个虚拟交换机创建镜像端口组。In this step, you can set up mirror port groups for n port groups on VMware vSphere Distributed Switch based on m virtual switch information. Specifically, first select the port mirroring session type for a ports on the port group, then specify the port mirroring name and session details (such as a description of the mirrored port, etc.), then select the port mirroring source, select the traffic source and traffic direction for the mirrored port, and finally select the port or uplink as the mirroring target of the mirrored port. You can also automatically create a mirror port group for each virtual switch through the relevant API in VMware vSphere.

步骤103,根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;Step 103, according to the virtual switch information, setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system, and connecting the set virtual network card to the mirror port group of each virtual switch in the virtualized operating system respectively;

所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

其中,部署在虚拟化操作系统Esxi上的IDS虚拟机是用来实现IDS功能(入侵检测)的虚拟机。Among them, the IDS virtual machine deployed on the virtualized operating system Esxi is a virtual machine used to implement the IDS function (intrusion detection).

在本步骤中,根据m个虚拟交换机信息,在IDS虚拟机上添加m个虚拟网卡,并将添加的m个虚拟网卡与各个虚拟交换机的所述镜像端口组分别连接。此时,IDS虚拟机可以通过与所述虚拟网卡连接的所述镜像端口组来获取所述虚拟化操作系统中所有所述业务虚拟机的流量,即一个IDS虚拟机能够获取m*n*a个业务虚拟机上的流量。In this step, according to the information of m virtual switches, m virtual network cards are added to the IDS virtual machine, and the added m virtual network cards are connected to the mirror port groups of each virtual switch respectively. At this time, the IDS virtual machine can obtain the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card, that is, one IDS virtual machine can obtain the traffic on m*n*a business virtual machines.

另外,上述虚拟网卡的添加可以通过在Vmware虚拟机软件中的虚拟网络编辑器中手动添加,也可以通过VMware vSphere中的相关API自动为IDS虚拟机添加m个虚拟网卡。In addition, the above virtual network cards can be added manually in the virtual network editor in the VMware virtual machine software, or m virtual network cards can be automatically added to the IDS virtual machine through the relevant API in VMware vSphere.

本发明实施例提供的流量镜像方法,通过为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,以及为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,进而将虚拟网卡与镜像端口组分别连接,从而使得所述IDS虚拟机能够通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量,在IDS虚拟机网卡设置过程就能完成流量镜像配置,且不需要对每个网卡进行手动配置,减少了大量繁琐的手动配置工作。The traffic mirroring method provided in the embodiment of the present invention creates a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system, and sets a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system, and then connects the virtual network card to the mirror port group respectively, so that the IDS virtual machine can obtain the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card. The traffic mirroring configuration can be completed in the IDS virtual machine network card setting process, and there is no need to manually configure each network card, thereby reducing a lot of tedious manual configuration work.

进一步地,所述虚拟交换机为VSphere分布式交换机和VSphere标准交换机中的一种或两种,即上述m个虚拟交换机可以全部为VSphere分布式交换机,也可以全部为VSphere标准交换机,亦或是m个虚拟交换机由b个VSphere分布式交换机和c个VSphere标准交换机组成。Furthermore, the virtual switch is one or both of a VSphere distributed switch and a VSphere standard switch, that is, the above-mentioned m virtual switches can all be VSphere distributed switches, or all can be VSphere standard switches, or the m virtual switches can be composed of b VSphere distributed switches and c VSphere standard switches.

其中,VSphere分布式交换机位于VMkernel中,是一个跨越多个关联Esxi主机的虚拟交换机,其负责管理虚拟机与VMkernel的流量。另外,由于VSphere分布式交换机建立在vCenter Server的基础上,因此可以通过配置分布式交换机,来实现对所有关联Esxi主机的网络进行管理和监控。The VSphere distributed switch is located in the VMkernel and is a virtual switch that spans multiple associated Esxi hosts. It is responsible for managing the traffic between virtual machines and the VMkernel. In addition, since the VSphere distributed switch is built on the basis of vCenter Server, the network of all associated Esxi hosts can be managed and monitored by configuring the distributed switch.

VSphere标准交换机也位于VMkernel中,其主要用来提供主机和虚拟机的网络连接,管理虚拟机的流量。标准交换机可以在同一VLAN中的虚拟机之间进行内部流量桥接,并通过上行链路(一个或多个物理网卡)链接至外部。与上述VSphere分布式交换机不同的点在于,VSphere标准交换机只运行在单台Esxi主机上。The VSphere standard switch is also located in the VMkernel. It is mainly used to provide network connections between hosts and virtual machines and manage virtual machine traffic. The standard switch can bridge internal traffic between virtual machines in the same VLAN and link to the outside through uplinks (one or more physical network cards). The difference from the above-mentioned VSphere distributed switch is that the VSphere standard switch only runs on a single Esxi host.

本发明实施例提供的流量镜像方法,能够对VSphere分布式交换机与VSphere标准交换机这两种类型的虚拟交换机均能实现流量镜像配置,适用范围广,具有通用性。The traffic mirroring method provided by the embodiment of the present invention can implement traffic mirroring configuration for both types of virtual switches, namely, VSphere distributed switches and VSphere standard switches, and has a wide range of applications and versatility.

进一步地,所述获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息,包括:Furthermore, the obtaining of virtual switch information corresponding to all virtual switches in the virtualized operating system includes:

调用VMware vSphere中用于获取虚拟交换机信息的应用程序编程接口,获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。An application programming interface for obtaining virtual switch information in VMware vSphere is called to obtain virtual switch information corresponding to all virtual switches in the virtualized operating system.

具体地,通过调用VMware vSphere中能够获取虚拟交换机信息的API来获取每个虚拟交换机的虚拟交换机信息。Specifically, the virtual switch information of each virtual switch is obtained by calling an API capable of obtaining virtual switch information in VMware vSphere.

本发明实施例提供的流量镜像方法,通过VMware vSphere中用于获取虚拟交换机信息的API自动获取虚拟交换机信息,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring method provided by the embodiment of the present invention automatically obtains virtual switch information through an API used to obtain virtual switch information in VMware vSphere, further simplifies the configuration process of traffic mirroring, and reduces manual configuration work.

进一步地,所述为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,包括:Further, the creating a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system includes:

调用VMware vSphere中用于创建镜像端口组的应用程序编程接口,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。An application programming interface for creating a mirror port group in VMware vSphere is called to respectively create a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system.

具体地,通过调用VMware vSphere中能够创建镜像端口组的API,来自动为各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。Specifically, by calling an API in VMware vSphere that can create a mirror port group, a mirror port group in a promiscuous mode is automatically created for each virtual switch.

本发明实施例提供的流量镜像方法,通过VMware vSphere中用于创建镜像端口组的API自动为每个虚拟交换机创建镜像端口组,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring method provided in the embodiment of the present invention automatically creates a mirror port group for each virtual switch through an API for creating a mirror port group in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

进一步地,所述为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,包括:Furthermore, the step of setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system includes:

调用VMware vSphere中用于增加虚拟网卡的应用程序编程接口,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡。The application programming interface for adding a virtual network card in VMware vSphere is called to set a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system.

具体地,通过调用VMware vSphere中能够创建镜像端口组的API,来自动为各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。Specifically, by calling an API in VMware vSphere that can create a mirror port group, a mirror port group in a promiscuous mode is automatically created for each virtual switch.

本发明实施例提供的流量镜像方法,通过VMware vSphere中用于创建镜像端口组的API自动为每个虚拟交换机创建镜像端口组,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring method provided in the embodiment of the present invention automatically creates a mirror port group for each virtual switch through an API for creating a mirror port group in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

进一步地,所述将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接,包括:Further, the step of respectively connecting the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system includes:

调用VMware vSphere中用于网卡配置的应用程序编程接口,将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接。The application programming interface for network card configuration in VMware vSphere is called to respectively connect the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system.

具体地,通过调用VMware vSphere中能够进行网卡配置的API,自动为上述设置的虚拟网卡与镜像端口组进行配置,从而使得设置的虚拟网卡与镜像端口组连接。Specifically, by calling an API capable of configuring a network card in VMware vSphere, the virtual network card and the mirror port group set above are automatically configured, so that the set virtual network card is connected to the mirror port group.

本发明实施例提供的流量镜像方法,通过VMware vSphere中用于网卡配置的API自动将设置的虚拟网卡与镜像端口组相连接,从而进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring method provided in the embodiment of the present invention automatically connects the set virtual network card with the mirroring port group through the API for network card configuration in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

进一步地,方法还包括:在虚拟化操作系统上部署IDS虚拟机。Furthermore, the method also includes: deploying an IDS virtual machine on the virtualized operating system.

具体地,在获取虚拟交换机信息前,先在虚拟化操作系统Esxi上部署IDS虚拟机,可以通过VmwarevCenter来完成IDS虚拟机的部署,本发明对此不作限定。Specifically, before obtaining the virtual switch information, the IDS virtual machine is first deployed on the virtualized operating system Esxi. The deployment of the IDS virtual machine can be completed through VMware vCenter, which is not limited in the present invention.

另外,在IDS虚拟机获得所有所述业务虚拟机的流量之后,对所有业务虚拟机的流量进行安全检测,从而及时发现安全漏洞,并迅速定位到对应的业务虚拟机,及时进行处理。In addition, after the IDS virtual machine obtains the traffic of all the business virtual machines, it performs security detection on the traffic of all the business virtual machines, thereby timely discovering security holes, quickly locating the corresponding business virtual machines, and processing them in time.

下面对本发明提供的流量镜像装置进行描述,下文描述的流量镜像装置与上文描述的流量镜像方法可相互对应参照。The traffic mirroring device provided by the present invention is described below. The traffic mirroring device described below and the traffic mirroring method described above can be referred to each other.

图3为本发明实施例提供的流量镜像装置结构示意图,如图3所示,一种流量镜像装置包括:FIG3 is a schematic diagram of the structure of a traffic mirroring device provided by an embodiment of the present invention. As shown in FIG3 , a traffic mirroring device includes:

信息获取模块301,用于获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。The information acquisition module 301 is used to acquire virtual switch information corresponding to all virtual switches in the virtualized operating system.

其中,虚拟化操作系统为Esxi,其为VMWare公司的操作系统,内置有虚拟化能力。Among them, the virtualization operating system is Esxi, which is an operating system of VMWare and has built-in virtualization capabilities.

所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接。具体地,在一个Esxi上有m个虚拟交换机,每一个虚拟交换机有n个端口组,每一个端口组接a个业务虚拟机(即用来处理用户业务的虚拟机),此时,一个Esxi与m*n*a个业务虚拟机相连接,同时处理m*n*a个业务虚拟机上的业务。The virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple business virtual machines. Specifically, there are m virtual switches on an Esxi, each of which has n port groups, and each port group is connected to a business virtual machine (i.e., a virtual machine used to process user business). At this time, an Esxi is connected to m*n*a business virtual machines and processes the business on m*n*a business virtual machines at the same time.

在本模块中,可以在Esxi主机的配置界面获取各个虚拟交换机所对应的虚拟交换机信息,虚拟交换机信息具体包括设备ID、端口ID等信息;也可以通过VMware vSphere中的相关API自动获取,对此不做限定。In this module, you can obtain the virtual switch information corresponding to each virtual switch in the configuration interface of the Esxi host. The virtual switch information specifically includes device ID, port ID and other information; it can also be automatically obtained through the relevant API in VMware vSphere, without limitation.

镜像端口组创建模块302,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。The mirror port group creation module 302 is used to create a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system according to the virtual switch information.

其中,镜像端口组有别于普通端口组的地方,在于可以通过调用VMWare vsphereAPI将镜像端口组设置为混杂模式。混杂模式是vsphere端口组的一个特性,设置成混杂模式的镜像端口组,可以接收到所有别的端口组端口所连接的业务虚机的流量镜像。The difference between the mirror port group and the common port group is that the mirror port group can be set to promiscuous mode by calling VMWare vsphereAPI. Promiscuous mode is a feature of the vsphere port group. The mirror port group set to promiscuous mode can receive the traffic mirroring of all business virtual machines connected to the ports of other port groups.

虚拟交换机上的端口组又是指VSphere软件交换机上的组织单位,一个虚拟交换机可以有多个端口组,一个端口组有多个端口,业务虚拟机的虚拟网卡接在其中的一个端口上。The port group on the virtual switch refers to the organizational unit on the VSphere software switch. A virtual switch can have multiple port groups. A port group has multiple ports. The virtual network card of the business virtual machine is connected to one of the ports.

在本模块中,可以在Vmware vSphere Distributed Switch上依据m个虚拟交换机信息对n个端口组进行镜像端口组设置,具体地,先为端口组上的a个端口选择端口镜像回话类型,然后指定端口镜像名称与会话详细信息(例如对镜像端口的描述等),继而选择端口镜像源,为镜像端口选择流量源与流量方向,最后选择端口或上行链路作为镜像端口的镜像目标。也可以通过VMware vSphere中的相关API自动为每个虚拟交换机创建镜像端口组。In this module, you can set up mirror port groups for n port groups on VMware vSphere Distributed Switch based on m virtual switch information. Specifically, first select the port mirroring session type for a ports on the port group, then specify the port mirroring name and session details (such as a description of the mirrored port, etc.), then select the port mirroring source, select the traffic source and traffic direction for the mirrored port, and finally select the port or uplink as the mirroring target of the mirrored port. You can also automatically create a mirror port group for each virtual switch through the relevant API in VMware vSphere.

流量获取模块303,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;The traffic acquisition module 303 is used to set a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and respectively connect the set virtual network card to the mirror port group of each virtual switch in the virtualized operating system;

所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

其中,部署在虚拟化操作系统Esxi上的IDS虚拟机是用来实现IDS功能(入侵检测)的虚拟机。Among them, the IDS virtual machine deployed on the virtualized operating system Esxi is a virtual machine used to implement the IDS function (intrusion detection).

在本模块中,根据m个虚拟交换机信息,在IDS虚拟机上添加m个虚拟网卡,并将添加的m个虚拟网卡与各个虚拟交换机的所述镜像端口组分别连接。此时,IDS虚拟机可以通过与所述虚拟网卡连接的所述镜像端口组来获取所述虚拟化操作系统中所有所述业务虚拟机的流量,即一个IDS虚拟机能够获取m*n*a个业务虚拟机上的流量。In this module, according to the information of m virtual switches, m virtual network cards are added to the IDS virtual machine, and the added m virtual network cards are connected to the mirror port groups of each virtual switch respectively. At this time, the IDS virtual machine can obtain the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card, that is, one IDS virtual machine can obtain the traffic on m*n*a business virtual machines.

另外,上述虚拟网卡的添加可以通过在Vmware虚拟机软件中的虚拟网络编辑器中手动添加,也可以通过VMware vSphere中的相关API自动为IDS虚拟机添加m个虚拟网卡。In addition, the above virtual network cards can be added manually in the virtual network editor in the VMware virtual machine software, or m virtual network cards can be automatically added to the IDS virtual machine through the relevant API in VMware vSphere.

本发明实施例提供的流量镜像装置,通过为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,以及为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,进而将虚拟网卡与镜像端口组分别连接,从而使得所述IDS虚拟机能够通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量,在IDS虚拟机网卡设置过程就能完成流量镜像配置,且不需要对每个网卡进行手动配置,减少了大量繁琐的手动配置工作。The traffic mirroring device provided in the embodiment of the present invention creates a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system, and sets a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system, and then connects the virtual network card to the mirror port group respectively, so that the IDS virtual machine can obtain the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card. The traffic mirroring configuration can be completed in the IDS virtual machine network card setting process, and there is no need to manually configure each network card, thereby reducing a lot of tedious manual configuration work.

进一步地,所述虚拟交换机为VSphere分布式交换机和VSphere标准交换机中的一种或两种,即上述m个虚拟交换机可以全部为VSphere分布式交换机,也可以全部为VSphere标准交换机,亦或是m个虚拟交换机由b个VSphere分布式交换机和c个VSphere标准交换机组成。Furthermore, the virtual switch is one or both of a VSphere distributed switch and a VSphere standard switch, that is, the above-mentioned m virtual switches can all be VSphere distributed switches, or all can be VSphere standard switches, or the m virtual switches can be composed of b VSphere distributed switches and c VSphere standard switches.

本发明实施例提供的流量镜像装置,能够对VSphere分布式交换机与VSphere标准交换机这两种类型的虚拟交换机均能实现流量镜像配置,适用范围广,具有通用性。The traffic mirroring device provided by the embodiment of the present invention can implement traffic mirroring configuration for both types of virtual switches, namely, a VSphere distributed switch and a VSphere standard switch, and has a wide range of applications and versatility.

进一步地,所述获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息,包括:Furthermore, the obtaining of virtual switch information corresponding to all virtual switches in the virtualized operating system includes:

调用VMware vSphere中用于获取虚拟交换机信息的应用程序编程接口,获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。An application programming interface for obtaining virtual switch information in VMware vSphere is called to obtain virtual switch information corresponding to all virtual switches in the virtualized operating system.

具体地,通过调用VMware vSphere中能够获取虚拟交换机信息的API来获取每个虚拟交换机的虚拟交换机信息。Specifically, the virtual switch information of each virtual switch is obtained by calling an API capable of obtaining virtual switch information in VMware vSphere.

本发明实施例提供的流量镜像装置,通过VMware vSphere中用于获取虚拟交换机信息的API自动获取虚拟交换机信息,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring device provided in the embodiment of the present invention automatically obtains virtual switch information through an API used to obtain virtual switch information in VMware vSphere, further simplifies the configuration process of traffic mirroring, and reduces manual configuration work.

进一步地,所述为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,包括:Further, the creating a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system includes:

调用VMware vSphere中用于创建镜像端口组的应用程序编程接口,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。An application programming interface for creating a mirror port group in VMware vSphere is called to respectively create a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system.

具体地,通过调用VMware vSphere中能够创建镜像端口组的API,来自动为各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。Specifically, by calling an API in VMware vSphere that can create a mirror port group, a mirror port group in a promiscuous mode is automatically created for each virtual switch.

本发明实施例提供的流量镜像装置,通过VMware vSphere中用于创建镜像端口组的API自动为每个虚拟交换机创建镜像端口组,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring device provided in the embodiment of the present invention automatically creates a mirror port group for each virtual switch through an API for creating a mirror port group in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

进一步地,所述为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,包括:Furthermore, the step of setting a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system includes:

调用VMware vSphere中用于增加虚拟网卡的应用程序编程接口,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡。The application programming interface for adding a virtual network card in VMware vSphere is called to set a virtual network card for the IDS virtual machine pre-deployed in the virtualized operating system.

具体地,通过调用VMware vSphere中能够创建镜像端口组的API,来自动为各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。Specifically, by calling an API in VMware vSphere that can create a mirror port group, a mirror port group in a promiscuous mode is automatically created for each virtual switch.

本发明实施例提供的流量镜像装置,通过VMware vSphere中用于创建镜像端口组的API自动为每个虚拟交换机创建镜像端口组,进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring device provided in the embodiment of the present invention automatically creates a mirror port group for each virtual switch through an API for creating a mirror port group in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

进一步地,所述将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接,包括:Further, the step of respectively connecting the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system includes:

调用VMware vSphere中用于网卡配置的应用程序编程接口,将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接。The application programming interface for network card configuration in VMware vSphere is called to respectively connect the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system.

具体地,通过调用VMware vSphere中能够进行网卡配置的API,自动为上述设置的虚拟网卡与镜像端口组进行配置,从而使得设置的虚拟网卡与镜像端口组连接。Specifically, by calling an API capable of configuring a network card in VMware vSphere, the virtual network card and the mirror port group set above are automatically configured, so that the set virtual network card is connected to the mirror port group.

本发明实施例提供的流量镜像装置,通过VMware vSphere中用于网卡配置的API自动将设置的虚拟网卡与镜像端口组相连接,从而进一步简化了流量镜像的配置过程,减少手工配置工作。The traffic mirroring device provided in the embodiment of the present invention automatically connects the set virtual network card with the mirroring port group through the API for network card configuration in VMware vSphere, thereby further simplifying the configuration process of traffic mirroring and reducing manual configuration work.

图4为本发明实施例提供的一种电子设备的实体结构示意图,如图4所示,该电子设备可以包括:处理器(processor)410、通信接口(Communications Interface)420、存储器(memory)430和通信总线440,其中,处理器410,通信接口420,存储器430通过通信总线440完成相互间的通信。处理器410可以调用存储器430中的逻辑指令,以执行流量镜像方法,包括:获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;FIG4 is a schematic diagram of the physical structure of an electronic device provided by an embodiment of the present invention. As shown in FIG4 , the electronic device may include: a processor 410, a communications interface 420, a memory 430, and a communication bus 440, wherein the processor 410, the communications interface 420, and the memory 430 communicate with each other through the communication bus 440. The processor 410 may call the logic instructions in the memory 430 to execute the traffic mirroring method, including: obtaining virtual switch information corresponding to each of all virtual switches in the virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple service virtual machines;

根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上的端口组上的流量镜像;According to the virtual switch information, a mirror port group in a promiscuous mode is created for each virtual switch in the virtualized operating system, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring on the port group on the virtual switch;

根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;According to the virtual switch information, a virtual network card is set for the IDS virtual machine pre-deployed in the virtualized operating system, and the set virtual network card is respectively connected to the mirror port group of each virtual switch in the virtualized operating system;

所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

此外,上述的存储器430中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the logic instructions in the above-mentioned memory 430 can be implemented in the form of a software functional unit and can be stored in a computer-readable storage medium when it is sold or used as an independent product. Based on such an understanding, the technical solution of the present invention, in essence, or the part that contributes to the prior art or the part of the technical solution, can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), disk or optical disk and other media that can store program codes.

另一方面,本发明还提供一种计算机程序产品,计算机程序产品包括计算机程序,计算机程序可存储在非暂态计算机可读存储介质上,计算机程序被处理器执行时,计算机能够执行上述各方法所提供的流量镜像方法,包括:获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;On the other hand, the present invention further provides a computer program product, which includes a computer program, which can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can execute the traffic mirroring method provided by the above methods, including: obtaining virtual switch information corresponding to each of all virtual switches in a virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple service virtual machines;

根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上的端口组上的流量镜像;According to the virtual switch information, a mirror port group in a promiscuous mode is created for each virtual switch in the virtualized operating system, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring on the port group on the virtual switch;

根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;According to the virtual switch information, a virtual network card is set for the IDS virtual machine pre-deployed in the virtualized operating system, and the set virtual network card is respectively connected to the mirror port group of each virtual switch in the virtualized operating system;

所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

又一方面,本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各方法提供的以执行流量镜像方法,包括:获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;In another aspect, the present invention further provides a non-transitory computer-readable storage medium having a computer program stored thereon, and when the computer program is executed by a processor, the method for executing traffic mirroring provided by the above methods is implemented, including: obtaining virtual switch information corresponding to each of all virtual switches in a virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple service virtual machines;

根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上的端口组上的流量镜像;According to the virtual switch information, a mirror port group in a promiscuous mode is created for each virtual switch in the virtualized operating system, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring on the port group on the virtual switch;

根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置虚拟网卡,并将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;According to the virtual switch information, a virtual network card is set for the IDS virtual machine pre-deployed in the virtualized operating system, and the set virtual network card is respectively connected to the mirror port group of each virtual switch in the virtualized operating system;

所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量。The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card.

以上所描述的装置实施例仅仅是示意性的,其中作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, i.e., they may be located in one place, or they may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the scheme of this embodiment. Those of ordinary skill in the art may understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that each implementation method can be implemented by means of software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solution is essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, a disk, an optical disk, etc., including a number of instructions for a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods of each embodiment or some parts of the embodiment.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit it. Although the present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1.一种流量镜像方法,其特征在于,包括:1. A traffic mirroring method, comprising: 获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;Acquire virtual switch information corresponding to each of all virtual switches in the virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple business virtual machines; 根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上所有的端口组所连接的业务虚拟机的流量镜像;According to the virtual switch information, a mirror port group in a promiscuous mode is created for each virtual switch in the virtualized operating system, wherein the mirror port group in the promiscuous mode is used to obtain traffic mirroring of service virtual machines connected to all port groups on the virtual switch; 根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡,并将所设置的多个虚拟网卡分别与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;According to the virtual switch information, multiple virtual network cards are set for the IDS virtual machine pre-deployed in the virtualized operating system, and the multiple virtual network cards are respectively connected to the mirror port groups of each virtual switch in the virtualized operating system; 所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量;The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card; 所述为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡,包括:The step of setting a plurality of virtual network cards for the IDS virtual machine pre-deployed in the virtualized operating system includes: 调用VMware vSphere中用于增加虚拟网卡的应用程序编程接口,为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡。The application programming interface for adding virtual network cards in VMware vSphere is called to set multiple virtual network cards for the IDS virtual machine pre-deployed in the virtualized operating system. 2.根据权利要求1所述的流量镜像方法,其特征在于,所述虚拟交换机为VSphere分布式交换机和VSphere标准交换机中的一种或两种。2. The traffic mirroring method according to claim 1 is characterized in that the virtual switch is one or both of a VSphere distributed switch and a VSphere standard switch. 3.根据权利要求1所述的流量镜像方法,其特征在于,所述获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息,包括:3. The traffic mirroring method according to claim 1, wherein the step of obtaining virtual switch information corresponding to each of all virtual switches in the virtualized operating system comprises: 调用VMware vSphere中用于获取虚拟交换机信息的应用程序编程接口,获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息。An application programming interface for obtaining virtual switch information in VMware vSphere is called to obtain virtual switch information corresponding to all virtual switches in the virtualized operating system. 4.根据权利要求1所述的流量镜像方法,其特征在于,所述为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,包括:4. The traffic mirroring method according to claim 1, wherein the step of creating a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system comprises: 调用VMware vSphere中用于创建镜像端口组的应用程序编程接口,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组。An application programming interface for creating a mirror port group in VMware vSphere is called to respectively create a mirror port group in a promiscuous mode for each virtual switch in the virtualized operating system. 5.根据权利要求1所述的流量镜像方法,其特征在于,所述将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接,包括:5. The traffic mirroring method according to claim 1, characterized in that the step of connecting the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system comprises: 调用VMware vSphere中用于网卡配置的应用程序编程接口,将所设置的虚拟网卡与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接。The application programming interface for network card configuration in VMware vSphere is called to respectively connect the set virtual network card to the mirror port groups of each virtual switch in the virtualized operating system. 6.根据权利要求1至5任一项所述的流量镜像方法,其特征在于,方法还包括:6. The traffic mirroring method according to any one of claims 1 to 5, characterized in that the method further comprises: 在虚拟化操作系统上部署IDS虚拟机。Deploy the IDS virtual machine on the virtualized operating system. 7.一种流量镜像装置,其特征在于,包括:7. A traffic mirroring device, comprising: 信息获取模块,用于获取虚拟化操作系统中的所有虚拟交换机各自所对应的虚拟交换机信息;其中,所述虚拟化操作系统安装有多个虚拟交换机,所述多个虚拟交换机上的端口组与多个业务虚拟机相连接;An information acquisition module, used to acquire virtual switch information corresponding to each of all virtual switches in a virtualized operating system; wherein the virtualized operating system is installed with multiple virtual switches, and the port groups on the multiple virtual switches are connected to multiple service virtual machines; 镜像端口组创建模块,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中的各个所述虚拟交换机分别创建处于混杂模式的镜像端口组,其中,所述混杂模式的镜像端口组用于获取所在虚拟交换机上所有的端口组所连接的业务虚拟机的流量镜像;A mirror port group creation module, used to create a mirror port group in promiscuous mode for each virtual switch in the virtualized operating system according to the virtual switch information, wherein the mirror port group in promiscuous mode is used to obtain traffic mirroring of the service virtual machines connected to all the port groups on the virtual switch; 流量获取模块,用于根据所述虚拟交换机信息,为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡,并将所设置的多个虚拟网卡分别与所述虚拟化操作系统中的各个虚拟交换机的所述镜像端口组分别连接;A traffic acquisition module, configured to set a plurality of virtual network cards for the IDS virtual machine pre-deployed in the virtualized operating system according to the virtual switch information, and connect the plurality of virtual network cards respectively to the mirror port groups of each virtual switch in the virtualized operating system; 所述IDS虚拟机通过与所述虚拟网卡连接的所述镜像端口组获取所述虚拟化操作系统中所有所述业务虚拟机的流量;The IDS virtual machine obtains the traffic of all the business virtual machines in the virtualized operating system through the mirror port group connected to the virtual network card; 所述为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡,包括:The step of setting a plurality of virtual network cards for the IDS virtual machine pre-deployed in the virtualized operating system includes: 调用VMware vSphere中用于增加虚拟网卡的应用程序编程接口,为所述虚拟化操作系统中预先部署的IDS虚拟机设置多个虚拟网卡。The application programming interface for adding virtual network cards in VMware vSphere is called to set multiple virtual network cards for the IDS virtual machine pre-deployed in the virtualized operating system. 8.一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现如权利要求1至6任一项所述流量镜像方法的步骤。8. An electronic device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, the steps of the traffic mirroring method according to any one of claims 1 to 6 are implemented. 9.一种非暂态计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至6任一项所述流量镜像方法的步骤。9. A non-transitory computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the steps of the traffic mirroring method according to any one of claims 1 to 6 are implemented. 10.一种计算机程序产品,包括计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至6任一项所述流量镜像方法的步骤。10. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the traffic mirroring method according to any one of claims 1 to 6 are implemented.
CN202210043204.8A 2022-01-14 2022-01-14 Traffic mirroring method, device, electronic equipment, medium and product Active CN114553798B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210043204.8A CN114553798B (en) 2022-01-14 2022-01-14 Traffic mirroring method, device, electronic equipment, medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210043204.8A CN114553798B (en) 2022-01-14 2022-01-14 Traffic mirroring method, device, electronic equipment, medium and product

Publications (2)

Publication Number Publication Date
CN114553798A CN114553798A (en) 2022-05-27
CN114553798B true CN114553798B (en) 2024-08-02

Family

ID=81671471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210043204.8A Active CN114553798B (en) 2022-01-14 2022-01-14 Traffic mirroring method, device, electronic equipment, medium and product

Country Status (1)

Country Link
CN (1) CN114553798B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254176A (en) * 2016-07-29 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
CN107896215A (en) * 2017-11-24 2018-04-10 北京国网富达科技发展有限责任公司 A kind of dispositions method and device of the intruding detection system based on virtual machine

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9930066B2 (en) * 2013-02-12 2018-03-27 Nicira, Inc. Infrastructure level LAN security
CN103354530B (en) * 2013-07-18 2016-08-10 北京启明星辰信息技术股份有限公司 Virtualization network boundary data flow assemblage method and device
CN105337789A (en) * 2014-08-12 2016-02-17 北京启明星辰信息安全技术有限公司 Method and device for monitoring flow of virtual network
CN104468504B (en) * 2014-10-22 2017-08-15 南京绿云信息技术有限公司 Virtualize the monitoring method and system of network dynamic information safety
US10747564B2 (en) * 2015-04-02 2020-08-18 Vmware, Inc. Spanned distributed virtual switch
CN105743734B (en) * 2016-01-22 2019-02-01 北京航空航天大学 The control method and device of virtual machine image flow transmission
CN106790411B (en) * 2016-11-30 2019-10-25 武汉噢易云计算股份有限公司 Non-aggregated port cascading system and method for virtual switch and physical switch

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254176A (en) * 2016-07-29 2016-12-21 浪潮(北京)电子信息产业有限公司 A kind of traffic mirroring method based on openvswitch
CN107896215A (en) * 2017-11-24 2018-04-10 北京国网富达科技发展有限责任公司 A kind of dispositions method and device of the intruding detection system based on virtual machine

Also Published As

Publication number Publication date
CN114553798A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
US9916147B2 (en) Deployment of a tool for testing migrated applications
CN109067877B (en) Control method for cloud computing platform deployment, server and storage medium
CN110213121B (en) Test platform, test method and test device for virtual communication product
CN108370368B (en) Security policy deployment method and device
JP2016507100A (en) Master Automation Service
JP5106625B2 (en) Method, system, and computer program for configuring a firewall
CN113014427A (en) Network management method and apparatus, and storage medium
US20240036992A1 (en) Providing a logical data isolation with intermittent connectivity
CN111818081A (en) Virtual encryption machine management method and device, computer equipment and storage medium
US12113848B2 (en) Method and system for implementing bare metal inspection process, device, and storage medium
CN112491789A (en) OpenStack framework-based virtual firewall construction method and storage medium
EP3454206A1 (en) Method, apparatus and system for network service assembly to access context data
CN113162677B (en) Method and device for communicating physical equipment and virtual network simulation platform
CN107908957B (en) Safe operation management method and system of intelligent terminal
CN112130958B (en) Virtual machine live migration method and system based on OVS
US11860776B2 (en) Concurrent memory recycling for collection of servers
CN111371608B (en) Method, device and medium for deploying SFC service chain
CN114553798B (en) Traffic mirroring method, device, electronic equipment, medium and product
US20060253555A1 (en) Remote control apparatus
CN112003726B (en) High-availability configuration method for rapidly deploying Beegfs management service nodes
CN117201495B (en) Network creation method, device, computer equipment and storage medium in cloud service
CN112995009A (en) Method and device for enabling virtual machine to mirror image flow of local virtualization network
CN109783196B (en) Virtual machine migration method and device
CN112532405A (en) Software Defined Network (SDN) network construction method and device
CN115834184A (en) Safety detection method and system for container flow, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Country or region after: China

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant before: QAX Technology Group Inc.

Country or region before: China

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.

GR01 Patent grant
GR01 Patent grant