High availability for network security devices

A technology of network equipment and high availability, which is applied in the field of computer networks, and can solve problems such as preventing the active use of high availability of IDP equipment

Active Publication Date: 2011-07-13
JUMIPER NETWORKS INC
View PDF8 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Primary state information usually prevents ac

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High availability for network security devices
  • High availability for network security devices
  • High availability for network security devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] figure 1 It is a block diagram showing an embodiment in which a primary intrusion detection and prevention (IDP) device 16 and a backup IDP device 20 provide active high-availability IDP services in the computing environment 10. As described herein, the primary IDP device 16 and the backup IDP device 20 synchronize the application layer IDP state of the intercepted network session flowing between the source device 12 and the destination device 24. Generally, the master IDP device 16 performs a stateful inspection on the application layer data of the packet flow between the source device 12 and the destination device 24. Each of the source devices 12 may establish an application layer communication session with one or more destination devices 24, where each communication session usually includes a pair of data packet streams between the source device and the destination device.

[0027] The term "packet stream" refers to a group of data packets originating from a specific s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides methods, devices and systems of high availability for network security devices. In one example, a backup intrusion detection and prevention (IDP) device includes one or more network interfaces to receive a state update message from a primary IDP device, wherein the state update message indicates a network session being inspected by the primary IDP device and an identified application-layer protocol for the device, to receive an indication that the primary device has switched over or failed over to the backup device, and to receive a plurality of packets of the network session after receiving the indication, each of the plurality of packets comprising a respective payload including application-layer data, a protocol decoder to detect a beginning of a new transaction from the application-layer data of one of the plurality of packets, and a control unit to statefully process only the application-layer data of the network session that include and follow the beginning of the new transaction.

Description

Technical field [0001] The present disclosure relates to computer networks, and more specifically, to security devices used in computer networks. Background technique [0002] The goal of a high-availability computer network environment is to provide users and other entities with "always-on" services. That is, a high-availability computer network environment should provide reliable, continuous-running services. In order to achieve this goal, network devices in a high-availability environment perform error detection and perform recoverability from detected errors. Unfortunately, network equipment sometimes fails. For example, a software or hardware problem or power failure in the security device can cause all or part of the security device to stop working. [0003] When a network device fails, all network communication flows through the failed network device will stop. For companies that rely on such network traffic, even if such failures only occur for a short time, this is una...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/56H04L1/22H04L29/08H04L45/28
CPCH04L63/1408
Inventor 克里希纳·纳拉亚纳斯瓦米拉杰夫·兰詹
Owner JUMIPER NETWORKS INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap