Method and device for distributed firewall IPSec (internet protocol security) business load sharing

A distributed firewall and business technology, applied in the field of data communication, can solve the problems of high requirements for central nodes, performance bottlenecks, and inability to effectively improve the overall performance of firewall equipment, to achieve the effect of load sharing

Active Publication Date: 2014-01-29
NEW H3C SECURITY TECH CO LTD
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] However, under this scheme, the requirements for the central node are relatively high. Since the central node needs to retain the service session information on all service boards and perform encryption / decryption processing of all IPSec services, the central node is likely to become a performance The bottleneck cannot effectively improve the overall performance of the firewall device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for distributed firewall IPSec (internet protocol security) business load sharing
  • Method and device for distributed firewall IPSec (internet protocol security) business load sharing
  • Method and device for distributed firewall IPSec (internet protocol security) business load sharing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] In order to achieve the purpose of the present invention, the core idea adopted by the present invention is: the distributed firewall of the present invention issues ACL (Access Control List, access control list) policy information to all interface boards in time through the main control board, so as to ensure that the information from specific network equipment Messages are sent to the corresponding interface board; and by synchronizing SA (Security Association) flow information to all service boards, when the service board finds that the received message does not belong to its own processing based on the SA flow information, The message is further redirected to the service board that matches the SA flow information. Through the aforementioned means, it can be ensured that the messages of the same flow are sent to the same service board for processing, thus realizing IPSec on the distributed firewall Load sharing of services.

[0018] In order to make the present inventio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a device for distributed firewall IPSec (internet protocol security) business load sharing. A master control board timely issues ACL (access control list) strategy information to all interface boards so as to guarantee that messages from specific network equipment are all sent to the corresponding interface boards; SA stream information is synchronized to all business boards, and when the business boards discover that the received messages thereof do not belong to themselves for processing according to the SA stream information, the messages are further redirected to the business boards matched with the SA stream information. By the means, the messages of the same stream can be enabled to be sent to the same business board to be processed, so that load sharing of IPSec business on a distributed firewall is realized.

Description

Technical field [0001] The invention relates to the field of data communication technology, and in particular to a method and device for distributed firewall IPSec service load sharing. Background technique [0002] Distributed firewalls process services in parallel through distributed multi-service boards to improve the processing performance of the whole machine, thereby meeting the needs of users for high concurrency, high new construction, and high throughput. [0003] Specifically, a distributed firewall device generally consists of an interface board, a service board, and a main control board. The interface board is used to receive and send messages, and send the messages to each service board through the switching network to process corresponding services; the service board is used to independently establish sessions, forward messages, and process QoS, As well as most services such as IPSec (IP Security) encryption, each independent service board can improve the service pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06H04L12/803
Inventor 王其勇
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap