Firewall multi-outlet intelligent route selection method
An intelligent route selection and firewall technology, applied in the field of network security, can solve problems such as communication interruption
Active Publication Date: 2012-03-28
BEIJING TOPSEC NETWORK SECURITY TECH
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0015] In view of the above analysis, the purpose of the present invention is to provide a firewall multi-exit intelligent routing method to solve the problem of communication interruption due to load balancing in the firewall routing process in the prior art
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0023] The core idea of the present invention is that when the first packet passes through the firewall, the incoming interface is recorded. The interface is used as the outgoing interface to query routes.
[0024] Preferred embodiments of the present invention will be specifically described below in conjunction with the accompanying drawings, wherein the accompanying drawings constitute a part of the application and are used together with the embodiments of the present invention to explain the principles of the present invention.
[0025] In order to realize intelligent routing, it is necessary to use conditions to limit the search results when data packets query the routing table. When selecting a route for a data packet, the destination IP address is generally used to match the destination network segment of the firewall routing table. We use the destination IP address and interface to match the routing table at the same time when selecting a return packet. The interface ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a firewall multi-outlet intelligent route selection method, comprising the steps of: step A: inquiring whether the corresponding connection has private data before a data packet inquires a firewall route, if so, executing step B, and if not, storing address port information and inbound interfaces of the data packet; the address port information at least comprises a source IP address, a destination IP address, a source port, a destination port and a protocol number; and step B: carrying out judgment according to the address port information stored in the private data and the address port information of the current data packet, and when the directions of the two parts are different, using the inbound interfaces stored in the private data as outbound interfaces for selecting the route; and when the directions of the two parts are same, if the inbound interfaces are different, updating the inbound interfaces, and simultaneously selecting the route normally. By using the inbound interfaces of a first packet as the outbound interfaces for inquiring the route, the firewall multi-outlet intelligent route selection method can realize source going and returning of the data packet, and guarantee the normal communication under the multi-outlet environment, thus supporting load balance better.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a multi-exit intelligent route selection method of a firewall. Background technique [0002] The routing policy is the most basic, important, and core part of the firewall. [0003] The common firewall routing process generally uses the method of searching the routing table and deciding which network interface to send the data packet to. The routing table of a firewall may contain dozens or more entries, but because there is a certain relationship between the routing entries, the routing must be searched according to certain rules to achieve the most accurate results. [0004] Currently, the firewall uses a binary tree plus the longest mask matching route search method, but in the case of multiple lines, the route selection may find several routes with the same match. In order to allocate bandwidth reasonably, the firewall adopts the method of load balancing at this ti...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 赵萍
Owner BEIJING TOPSEC NETWORK SECURITY TECH