Method for realizing high-usability of network security equipment under cluster mode

Abstract

The invention discloses a method for realizing high availability (HA) of network security equipment in a cluster mode, comprising steps: the main network security equipment node monitors the network security equipment nodes in the cluster system; when the online state of any network security equipment node changes, the cluster The system redistributes the network load. The main network security device node monitors the working link of the network security device node in the cluster system; when the working link of a network security device node fails, the cluster system redistributes the network load. It avoids the situation that the services processed by the failed network security device and the link fault network security device cannot be processed, greatly improves the availability of the network security device, and realizes the high availability of the network security device. Provides network session protection for network security devices, realizes smooth takeover of network sessions, avoids loss of network sessions caused by network security devices being offline or invalid, and greatly improves the reliability of network security devices.

Description

technical field [0001] The invention relates to the technical field of network and information security, in particular to a method for realizing high availability (HA) of network security equipment in a cluster mode. Background technique [0002] With the continuous expansion of computer application fields and the rapid development of network communication technology, network and information security technology has been paid more and more attention, and the requirements for the overall performance of network security equipment to ensure network information security are also getting higher and higher. Currently, the commonly used network security devices include firewall, virtual personal network (VPN), network intrusion detection system (NIDS) and secure socket layer (SSL) accelerator, etc. [0003] Network security devices are gateway devices. Generally, all inbound and outbound network data packets must pass through network security devices. Network security devices are in...

AI Technical Summary

Problems solved by technology

[0007] In the master-slave hot standby mode, load balancing mode or dual-machine mutual backup mode, the network security device may be processed by the network security device due to the failure of the network security device itself, such as abnormal network card operation, exhaustion of memory or CPU resources, etc. The business cannot work normally, which will reduce the availability of network security devices in cluster mode

Moreover, other reasons such as poor connection of network cables, connection failure between network security equipment and surrounding key equipment or servers will also cause the business processed by the network security equipment to fail to work normally, thus reducing the availability of network security equipment in cluster mode

Moreover, if the network security device is offline or fails, all network sessions being processed by the network security device will be lost, which cannot guarantee the reliability of the network security device

Images