可扩展的校园网策略管理系统设计与实现

发布时间：2018-02-23 11:52

  本文关键词： 基于策略的网络管理 可扩展 策略描述 信息提取 链路发现　出处：《国防科学技术大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着科学技术迅猛发展,计算机网络在人们生活中得到越来越广泛应用,各高等院校也纷纷建立专门的校园网站。校园网规模不断扩大、复杂性不断增加,传统网络管理手段正逐渐暴露出其弊端和不足。传统网络管理要求管理人员熟悉网络设备配置命令,了解各型网络设备配置差异,能够根据不同网络需求动态调整配置,这一切使得网络管理的效率和正确性难以得到保障。基于策略的网络管理是解决上述问题的有效手段,也是当前的研究热点。论文在分析比较现有基于策略的网络管理体系结构、策略信息模型、智能信息提取等技术基础上,重点研究信息统一描述与映射算法以及信息提取的链路拓扑发现算法,并设计实现了一个可扩展的校园网策略管理系统。首先,针对现有基于策略的网络管理缺乏可操作的统一策略描述标准,对外来预知信息依赖程度高,系统可扩展性差等问题,论文提出了UIDR(Unified Information Description and Representation Method)信息统一描述与映射方法。该方法包含两部分内容:一是用于描述配置策略信息的策略信息统一描述和映射方法;二是用于描述设备配置时需要的相关信息的设备信息统一描述与映射方法。其中策略信息和设备信息的统一描述采用XML技术,策略翻译和信息提取采用Perl脚本技术。UIDR方法建立策略信息和设备信息的统一描述方式,开放描述与映射接口,有效屏蔽了设备的命令差异,第三方设备可遵循接口规范编写脚本,显著提高了系统的可扩展性。UIDR方法的设备信息反向提取技术,有效降低了系统对第三方信息的依赖程度,提高了系统的可用性。其次,针对设备信息提取过程中从单台设备信息无法获得网络管理域的物理拓扑连接关系的问题,论文提出一种ATDIE(the Algorithm of Topology Discovery based on Information Extracting)基于信息提取的链路拓扑发现算法。该算法基于单台设备的接口信息、ARP信息,通过递归查找不同设备的两个端口的IP地址是否属于同一网段,并且通过ARP信息判断两个端口是否直连,从而获得网络管理域的完整拓扑信息。ATDIE算法有效利用了单台设备的提取信息,为物理链路层的拓扑发现提供了新的解决途径,也为维护管理网络提供了便利。最后,论文设计实现了一个可扩展的校园网策略管理原型系统,系统包括用户界面、策略分解与派发器、策略执行与验证器、态势展示模块等。策略分解与派发器中的信息提取模块和策略翻译模块不直接操作数据库,便于第三方厂家的扩展,提高了系统的可扩展能力,以及系统稳定性。实验结果表明:该系统达到了预期的设计要求,可对校园网进行有效配置管理。
[Abstract]:With the rapid development of science and technology, the computer network has been more and more widely used in people's life. Colleges and universities have also set up special campus websites. Traditional network management means are gradually exposing its disadvantages and shortcomings. Traditional network management requires managers to be familiar with network equipment configuration commands, to understand the differences of network equipment configuration, and to be able to dynamically adjust configuration according to different network requirements. All these make it difficult to guarantee the efficiency and correctness of network management. Policy-based network management is an effective means to solve the above problems. This paper analyzes and compares the existing policy-based network management architecture, policy information model, intelligent information extraction and other technologies. This paper focuses on the unified description and mapping algorithm of information and the link topology discovery algorithm for information extraction, and designs and implements an extensible campus network policy management system. In view of the lack of an operational unified policy description standard for policy-based network management, the high degree of dependence on external predictive information and the poor scalability of the system, etc. This paper proposes a unified description and mapping method of UIDR(Unified Information Description and Representation method, which consists of two parts: one is the unified description and mapping method of policy information used to describe the configuration policy information; The second is the unified description and mapping method of device information, which is used to describe the relevant information when the device is configured, in which the unified description of policy information and equipment information is based on XML technology. Policy translation and information extraction using Perl script technology .UIDR method to establish a unified description of policy information and device information, open description and mapping interface, effectively shield the device command differences. Third-party devices can follow the interface specification to write scripts, which can significantly improve the extensibility of the system. UIDR method of equipment information reverse extraction technology, effectively reduce the system's dependence on third-party information, improve the system's usability. In order to solve the problem that the physical topological connection of network management domain can not be obtained from single device information in the process of equipment information extraction, This paper presents a link topology discovery algorithm based on information extraction for ATDIE(the Algorithm of Topology Discovery based on Information extraction. The algorithm is based on the interface information of a single device and finds out recursively whether the IP addresses of two ports of different devices belong to the same network segment. And through the ARP information to judge whether the two ports are directly connected or not, the complete topology information of the network management domain. ATDIE algorithm effectively utilizes the information extracted from a single device, and provides a new solution for the topology discovery of the physical link layer. Finally, the thesis designs and implements an extensible campus network policy management prototype system, which includes user interface, policy decomposition and distribution, policy execution and verification. The information extraction module and the policy translation module in the policy decomposition and dispatcher do not operate the database directly, which is convenient for the expansion of the third party manufacturers and improves the extensibility of the system. The experimental results show that the system meets the expected design requirements and can effectively configure and manage the campus network.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.07
，

本文编号：1526573