Unlock instant, AI-driven research and patent intelligence for your innovation.

Network safety equipment synchronizing method under cluster mode

A technology for network security and security equipment, applied in the field of network security equipment synchronization in cluster mode, can solve the problems of frequent synchronization, network bandwidth occupation, and network congestion, and achieve the goal of overcoming the loss of synchronization information, reducing occupation, and increasing reliability Effect

Active Publication Date: 2008-03-12
LENOVO (BEIJING) LTD
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0014] This method has many disadvantages: the first disadvantage is that if the time interval for sending synchronization information is too long, the status information in a long period of time is not synchronized, which will cause information loss; the second disadvantage is that if the time interval for sending synchronization information is too short, It will cause the network security device to be overloaded and affect the performance of the network security device. The third disadvantage is that all status tables need to be sent every time the synchronization is performed, so the amount of data contained in the synchronization information is large, and the network is blocked during synchronization. The danger; the fourth disadvantage is that only a dedicated synchronization network port can be used for synchronization
[0016] A disadvantage of this method is that the synchronization is too frequent, which will take up a lot of network bandwidth
Another disadvantage is that only a dedicated synchronization network port can be used for synchronization

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network safety equipment synchronizing method under cluster mode
  • Network safety equipment synchronizing method under cluster mode
  • Network safety equipment synchronizing method under cluster mode

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0058] The first specific embodiment is the realization of the present invention in the cluster firewall under the master-slave hot standby mode. There are two situations in the master-slave hot standby mode. One is that both firewalls can receive the same data packet, but only the master firewall processes the data packet, and the slave firewall only updates the status information according to the received data packet, and does not The other is that only the master firewall can receive the data packet and process the data packet, and the slave firewall does not receive the data packet. When the master firewall judges that it needs to be synchronized, it sends a synchronization protocol packet to the slave firewall for synchronization. The implementation flow of the main firewall, the implementation flow of the firewall under the first situation and the implementation flow of the firewall under the second situation are described respectively below, and Fig. 1 shows that the pre...

specific Embodiment 2

[0093] Specific embodiment two is the implementation process in the cluster firewall in the load balancing mode of the present invention. In the load balancing mode, master-slave firewalls are not distinguished, and all firewalls can receive the same data packet. The cluster control program is based on the cluster The status of the middle firewall determines the load distribution method, and the configuration is sent to each firewall. The firewalls in the load balancing mode are all active, but only filter the data packets assigned to them.

[0094] As shown in Fig. 4, it is the realization flow chart of the present invention in the firewall under the load balancing mode, and concrete steps are as follows:

[0095] Step 401, the firewall receives the data packet.

[0096] Step 402 , judge whether it is a synchronous protocol packet according to the protocol number in the header information of the received data packet, if it is a synchronous protocol packet, execute step 403 ; ...

specific Embodiment 3

[0120] Specific embodiment three is the implementation process in the cluster firewall of the present invention in the dual-machine mutual backup mode. In the dual-machine mutual backup mode, the master-slave firewall is not distinguished, and each firewall can receive the data packet, but each The data packets received by the firewall are not consistent, that is, a single data packet is only sent to one firewall at the same time. In this mode, no master-slave judgment is made, and each firewall processes the received data packets.

[0121] As shown in Fig. 5, it is the realization flowchart of the present invention in each firewall under the dual-computer mutual backup mode, and concrete steps are as follows:

[0122] Step 501, the firewall receives the data packet.

[0123] Step 502, judge whether it is a synchronous protocol packet according to the protocol number in the header information of the received data packet, if it is a synchronous protocol packet, execute step 50...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a kind of method for the network safety facilities and synchrony in a group model. With this method, the data management synchronization operates in a module and to determine synchronization is needed in accordance with the change of group structure and the change of state information. It synchronization is needed, dispatch synchronous information for synchronization. The present invention can be applied to the master-slave hot standby model, load balanced model and dual-machine mutually complimentary model of the group model. As the data management and synchronization are carried out in a module, the synchronous information can be transmitted through the data network port and can also be transmitted through special synchronous network port. The present invention can simplify the network topological structure and at the same enhance the reliability of group network safety facilities, and reduce the usage of the network band width and heighten the function of network safety facilities in group model.

Description

technical field [0001] The invention relates to computer network security technology, in particular to a method for synchronizing network security equipment in a cluster mode. Background technique [0002] With the continuous expansion of computer application fields and the rapid development of network communication technology, network security has been paid more and more attention. The characteristics of the network security device itself determine that the network security device is always on the core path of the network, and has high requirements for its performance and reliability. The cluster mode of the network security device is an ideal solution to improve the reliability of the network security. [0003] There are three common cluster modes for network security devices: master-slave hot standby mode, load balancing mode, and dual-machine mutual backup mode. The following takes the network security device as a firewall as an example to illustrate these three modes. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L7/00
Inventor 王刚刘春梅刘永锋屈浩然倪县乐
Owner LENOVO (BEIJING) LTD