High availability for network security devices

A technology of network equipment and high availability, which is applied in the field of computer networks, and can solve problems such as preventing the active use of high availability of IDP equipment

Active Publication Date: 2014-04-30
JUMIPER NETWORKS INC
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Primary state information usually prevents active use for high availability of IDP devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High availability for network security devices
  • High availability for network security devices
  • High availability for network security devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] figure 1 is a block diagram illustrating an embodiment in which a primary intrusion detection and prevention (IDP) device 16 and a backup IDP device 20 provide active, high-availability IDP services within a computing environment 10 . As described herein, primary IDP device 16 and backup IDP device 20 synchronize the application layer IDP state of intercepted network sessions flowing between source device 12 and destination device 24 . Typically, primary IDP device 16 performs stateful inspection of the application layer data of the packet flow between source device 12 and destination device 24 . Each of source devices 12 may establish an application layer communication session with one or more destination devices 24, where each communication session typically includes a pair of packet flows between a source device and a destination device.

[0027] The term "packet flow" refers to a group of packets originating from a particular source device 12 and sent to a particul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

In one example, a backup intrusion detection and prevention (IDP) device includes one or more network interfaces to receive a state update message from a primary IDP device, wherein the state update message indicates a network session being inspected by the primary IDP device and an identified application-layer protocol for the device, to receive an indication that the primary device has switched over or failed over to the backup device, and to receive a plurality of packets of the network session after receiving the indication, each of the plurality of packets comprising a respective payload including application-layer data, a protocol decoder to detect a beginning of a new transaction from the application-layer data of one of the plurality of packets, and a control unit to statefully process only the application-layer data of the network session that include and follow the beginning of the new transaction.

Description

technical field [0001] The present disclosure relates to computer networks, and more particularly, to security devices for use within computer networks. Background technique [0002] The goal of a high availability computer network environment is to provide "always on" services to users and other entities. That is, a high-availability computer network environment should provide reliable, continuously running services. To achieve this goal, network devices in a high availability environment perform error detection and perform recoverability for detected errors. Unfortunately, network equipment sometimes fails. For example, a software or hardware problem or a power failure within the security device can stop all or part of the security device from functioning. [0003] When a network device fails, all network traffic flow through the failed network device stops. For a business that relies on this type of network traffic, it is unacceptable that such failures occur even for...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/703H04L1/22H04L29/08H04L45/28
CPCH04L63/1408
Inventor 克里希纳·纳拉亚纳斯瓦米拉杰夫·兰詹
Owner JUMIPER NETWORKS INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap