Unlock instant, AI-driven research and patent intelligence for your innovation.

A firewall device and method for treatment of secondary forwarding message

A layer 2 forwarding, firewall technology, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problem of increased system overhead, unreliable MAC learning system overhead, unreliable and unsafe MAC address of firewall MAC table, etc. problem, to achieve the effect of improving forwarding performance

Inactive Publication Date: 2008-07-09
NEW H3C TECH CO LTD
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0021] 2. MAC drift phenomenon
[0030] It can be seen that for the outbound interface with the MAC address of 00e0-fc00-0001, E1 / 0 is changed to E1 / 1, which causes all data packets in the LAN to be sent to USER_A, thus causing interruption between the LAN network and the outside world
[0031] 3. The system overhead caused by the unreliability of MAC learning
[0032] Same as the above point 2, when the firewall is attacked by a large number of source MAC addresses that are constantly changing and illegal packets are intruded, the firewall will still learn its MAC address, resulting in unreliable and non-secure MAC addresses in the firewall MAC table.
At the same time, the firewall will continue to learn these untrusted MAC addresses, which will increase the overhead of the system to a certain extent.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A firewall device and method for treatment of secondary forwarding message
  • A firewall device and method for treatment of secondary forwarding message
  • A firewall device and method for treatment of secondary forwarding message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] In order to make the purpose, technical means and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0065] In the current forwarding and processing flow of the layer 2 message by the firewall, the MAC address learning process is completed when the message is processed with the MAC layer address. When processing the MAC layer address, the security policy of the firewall has not been used to check the packet, so when learning the MAC address, it is not clear whether the packet is an illegal packet such as an attack packet, which may cause the firewall to learn Indicates the source MAC address of illegal packets. Then there are three problems described in the background art.

[0066] Based on the above analysis, the basic idea of ​​the present invention is: when the firewall forwards a layer-2 message, it first performs firewall processing, and then uses the process...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for a firewall to process layer two forwarding message, which comprises sending the received target message that needs layer two forwarding to a layer two forward-in array, executing outgoing interface inquiry, three-layer header information identification and firewall processing to the message in the layer two forward-in array according to a MAC address table, carrying out MAC address study by using the message processed by the firewall and still needs layer two forwarding, studying the MAC address and saving the studied MAC address information into the MAC address table, and forwarding the message that needs layer two forwarding according to the inquired outgoing interface. The invention further provides a firewall device. The adoption of the invention can improve the forwarding performance of the firewall to the layer two message.

Description

technical field [0001] The invention relates to a two-layer message forwarding technology, in particular to a firewall device and a method for processing two-layer forwarded messages. Background technique [0002] According to the needs of the network topology, in the actual environment, many firewalls only work in Layer 2 mode, which is called transparent firewall. In addition to completing Layer 2 forwarding similar to Layer 2 switches, transparent firewalls can also handle various security services, such as preventing various Dos / DDos attacks, packet filtering based on Layer 2 and Layer 3, and transport layer Protocol state detection and processing, etc. In some actual user environments, in addition to requiring complete and robust firewall functions, high-performance processing of firewall security services is also proposed. [0003] Based on this, after the firewall performs security processing or judgment on the received message, it performs Layer 2 forwarding on the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56H04L29/12H04L12/701
Inventor 谢东
Owner NEW H3C TECH CO LTD