Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for implementing information backup, fire wall and network system

A technology of information backup and firewall, applied in the field of network communication, it can solve the problems that the business cannot be carried out normally, the session information cannot be completely consistent in real time, and the session business cannot be carried out normally, so as to achieve the effect of ensuring the session information.

Active Publication Date: 2011-11-02
HUAWEI TECH CO LTD
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Since the existing technology uses regular scanning and then backs up session information, there will inevitably be a delay, resulting in that the session information recorded by the two firewalls cannot be completely consistent in real time, so some session services cannot be carried out normally.
For example, when one of the firewalls is processing a session, because it fails to obtain the latest session information of the session in time, the business related to the session cannot be carried out normally.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing information backup, fire wall and network system
  • Method for implementing information backup, fire wall and network system
  • Method for implementing information backup, fire wall and network system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] see figure 2 , is a flow chart of a method for realizing information backup in Embodiment 1 of the present invention, and is described by taking the first firewall and the second firewall as examples, including steps:

[0034] Step 201, the first firewall receives the message;

[0035] The first firewall receives packets of various protocol types, which may be ICMP (Internet Control Message Protocol, Internet Control Message Protocol) packets, or UDP (User Datagram Protocol, User Datagram Protocol) packets, or TCP (Transmission Control Protocol, Transmission Control Protocol) message.

[0036] Step 202. When the first firewall detects that the recorded session information has changed due to the received packet, back up the changed session information to the second firewall.

[0037] When detecting that the received message changes the recorded session information, the first firewall immediately backs up the changed session information to the second firewall.

[0038...

Embodiment 2

[0042] see image 3 , is a flowchart of a method for implementing information backup in Embodiment 2 of the present invention. Embodiment 2 mainly describes the processing flow when the firewall receives an ICMP or UDP message, and uses the first firewall and the second firewall as examples for illustration. Sessions based on UDP or ICMP are generally connectionless sessions, there is no changing state of the session, and the processing process is relatively simple. image 3 The specific steps are as follows:

[0043] Step 301, the first firewall receives ICMP or UDP message;

[0044] Step 302, the first firewall searches for the session corresponding to the received message in the session information recorded by itself;

[0045]The first firewall records session information related to the session, and the session information may be stored in a special memory. When receiving the message, the first firewall searches for the relevant session corresponding to the message in t...

Embodiment 3

[0056] see Figure 4 , is a flowchart of a method for implementing information backup in Embodiment 3 of the present invention. Embodiment 3 mainly describes the processing flow when the firewall receives a TCP packet, and uses the first firewall and the second firewall as examples for illustration. Because there are various states in the TCP-based session, the processing process is relatively complicated, but the session information is mainly backed up to another firewall when a change in the recorded session information is detected. The change of the recorded session information mentioned here includes: new session information is added when a new session is established, and session information is updated (such as session information modification or deletion) due to a change in the session status after the original session has been established.

[0057] Figure 4 The specific steps are as follows:

[0058] Step 401, the first firewall receives the TCP message;

[0059] St...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a method for fulfilling information backup, a firewall and a network system. The method is used for fulfilling the information backup between at least two firewalls and comprises the steps that: a message is received; when the message received causes session information recorded to change is detected, the changed session information is backed up to another firewall. The embodiment of the invention provides a firewall which comprises a receiving unit used for receiving messages, and a processing unit used for backing up the changed session information to another firewall when the message received causes session information recorded to change is detected. The embodiment of the invention also discloses a network system which can ensure that the session information recorded between firewalls is real-time and consistent.

Description

technical field [0001] The invention relates to the field of network communication, in particular to a method for realizing information backup, a firewall and a network system. Background technique [0002] As a monitoring and protection device in the network, the firewall plays an important role in the security of the network. At present, mainstream firewalls generally use stateful inspection firewalls, which record the session information of each session through this type of firewall, and dynamically judge whether to discard received packets according to the recorded session information. The session information here includes related parameters of session establishment, and status information of existing sessions, such as source address, destination address, message protocol type, session status, etc. [0003] In practical applications, in order to improve security and reliability, the firewall usually adopts a dual-system hot standby networking mode, one of which is in th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCG06F11/2048G06F11/2038G06F11/2097H04L63/0227
Inventor 吴永清
Owner HUAWEI TECH CO LTD