Quick method for realizing authentication function of firewall

An implementation method and firewall technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as the increase of firewall internal rules, the degradation of system operation performance, and the impact on the overall performance of user networks, so as to reduce rule matching entries and quickly Firewall authentication, the effect of improving the speed of label setting

Inactive Publication Date: 2009-06-10
西安交大捷普网络科技有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a fast firewall authentication function realization method to overcome the problems existing in the prior art that when there are a large number of user authentications, the internal rules of the firewall will continue to increase, the system performance will decline rapidly, and ultimately affect the overall performance of the user network question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] Embodiment 1: the present invention comprises the following steps successively:

[0023] (1) Label definition

[0024] The length of the label is 4 bytes. For the convenience of processing, the length of each information field is one byte, as shown in the following table:

[0025] Extended Information ACL rules Downlink Bandwidth Rules Uplink Bandwidth Rules

[0026] 1) Extended information:

[0027] The length is one byte, mainly for future expansion;

[0028] 2) ACL rules:

[0029] The length is one byte, mainly used to control the scope of user access, corresponding to the ACL rules;

[0030] 3) Downlink bandwidth rules:

[0031] The length is one byte, mainly used to control the user's downlink bandwidth, corresponding to the downlink bandwidth rules;

[0032] 4) Uplink bandwidth rules:

[0033] The length is one byte, mainly used to control the user's uplink bandwidth, corresponding to the uplink bandwidth rules;

[0034] Since the length...

Embodiment 2

[0046] Embodiment 2: In order to realize label setting quickly, further improve the label search speed, in step (3), adopted fast mapping method to optimize, concrete implementation steps are as follows:

[0047] 1) After receiving the user IP and tag, the secure access authentication platform checks whether the index array corresponding to the IP address exists, and if it exists, writes the tag tag to the location corresponding to IP-IP&FFFFFFOO; if it does not exist, the kernel creates a length It is an array of 256, and write the array address and the IP address range of the index (IP&FFFFFFOO~IP&FFFFFFOO+255) into a specific linked list (list) in the kernel, and write the tag into the corresponding position of the index array, that is, write To the element of IP-IP&FFFFFFOO of the array;

[0048] 2) When the data message is forwarded through the secure access authentication platform, the kernel searches the linked list list according to the IP header information of the mes...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention overcomes issues of that when there is lot of users for authentications, rules inside firewall are increased continuously; system operation performance is dropped quickly; finally, integral performance of users' network is influenced. The method includes steps: (1) defining label; (2) binding label to role information; (3) setting up label; (4) process based on label. In order to raise speed for setting up labels, the disclosed technical scheme puts forward quick mapping algorithm to ensure that when there is lot of users for authentications, system performance will not be dropped evidently. Thus, the scheme prevents looking up speed from obvious descent when data quantity is increased.

Description

Technical field: [0001] The invention relates to the technical field of firewalls, in particular to a method for realizing a fast firewall authentication function. Background technique: [0002] The firewall organizes rules mainly according to the packet header information of the network layer and the transport layer, that is, sets rules according to information such as IP addresses and ports. During processing, the IP packets to be forwarded are matched against the rules sequentially, and corresponding processing actions are taken according to the matching results. At present, a small number of firewalls have an authentication function. In its implementation, ACL rules are often dynamically added to the firewall according to user authentication information. As the number of users continues to increase, the system's operating performance decreases rapidly, which eventually affects the overall performance of the user network. Invention content: [0003] The purpose of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 张永斌廖明涛靳卫恒向东
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap