Unlock instant, AI-driven research and patent intelligence for your innovation.

Session backup method, message forwarding method and device thereof

A message forwarding and backup technology, applied in the field of communication, can solve the problems of unable to use session backup data to respond to message forwarding, different backup locations, unable to calculate the session backup location, etc.

Active Publication Date: 2017-05-10
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The backup firewall is calculated based on the feature information of the session, but the backup location calculated based on the source address X and destination address Y of the request message is different from the backup location calculated based on the source address Y and destination address Z of the response message. different location
[0005] Therefore, when the routing device 12 distributes the response message to any firewall other than firewall 1, the firewall cannot directly process the response message, nor can it calculate the correct session backup position according to the information of the response message ( That is, the backup location calculated based on the information of the request message first), and the session backup data cannot be used to guide the forwarding of the response message

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Session backup method, message forwarding method and device thereof
  • Session backup method, message forwarding method and device thereof
  • Session backup method, message forwarding method and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Figure 3A It shows a schematic diagram of guiding message forwarding according to session backup according to an embodiment of the present invention.

[0040] Such as Figure 3A As shown, the network device 11 selects a corresponding firewall from the firewall cluster according to the source address X and the destination address Y of the request message to process the request message. Specifically, for example, a hash (HASH) calculation may be performed according to the source address X and the destination address Y, so as to realize correct distribution of the request message.

[0041] Assuming that the request packet is distributed to firewall 1 in the firewall cluster, firewall 1 creates a session according to the request packet, that is, firewall 1 serves as the session creation location. Firewall 1 calculates the backup location of the current session, such as firewall 3, according to the source address X and destination address Y of the request message. At the...

Embodiment approach 1

[0056] The query entry may contain information about the session creation location, and the firewall 4 can learn that the firewall 1 is the location of the corresponding session creation according to the query entry matching the response message, and hand over the response message to the firewall 1 for processing. Specifically, for example, firewall 4 transmits the response message through a physical link directly established with firewall 1; or, for example, firewall 4 transmits the response message to firewall 1 through sequential forwarding of firewall 3 and firewall 2.

[0057] Therefore, based on the creation of the session-oriented location, the firewall 1 can correctly forward the request message and the response message, and back up the corresponding session data to the firewall 3 (session backup location). Moreover, since the session-oriented location is only used to store query table items, it will not occupy too much memory space, which helps to improve the overall p...

Embodiment approach 2

[0059] The lookup entry may include session backup location information, and the firewall 4 can learn that the firewall 3 is the session backup location according to the lookup entry matching the response message. Therefore, the firewall 4 can obtain the backup data of the current session from the firewall 3, and the firewall 4 can guide the correct forwarding of the response message according to the session backup data.

[0060] At the same time, because the query table entry contains the information of the session backup location, even if the firewall 1 as the session creation location is unavailable (DOWN) due to failure or other reasons, any other firewall can also use the source address X and destination of the request message The address Y directly determines the session backup location, or determines the session guidance location according to the source address Y and the destination address Z of the response message, and then determines the session backup location, so as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a session backup method, message forwarding method and device thereof, which are applied to any security device in a firewall cluster. The session backup method includes: when creating a session according to a received request message, sending the request message to The source address of the request message is converted to the preset source address; the first position is calculated according to the source address and destination address of the request message, and the second position is calculated according to the converted source address and destination address of the request message, and the first position and the second Any position in the two positions is used as the backup position of the session, and the other position is used as the guide position of the session; wherein, the guide position stores a query table item for querying the position of the session, and the backup position of the session stores the backup of the session data. In the technical solution of the present invention, by creating the session backup location and the session orientation location, the correct forwarding of the message can be smoothly realized no matter based on the address information of the request message or the address information of the response message.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a session backup method, a message forwarding method and a device thereof. Background technique [0002] A firewall cluster is a combination of multiple firewalls. You can add or reduce firewalls as needed to adjust the overall performance of the firewall cluster. Such as figure 1 As shown, a firewall cluster is formed by firewall 1 , firewall 2 , firewall 3 and firewall 4 , and the firewall cluster is deployed between routing device 11 and routing device 12 . During the working process, traffic can be shared to the firewall through link bundling. [0003] In consideration of data security, the firewall cluster is usually configured with a NAT (Network Address Translation, Network Address Translation) service function. For example, the routing device 11 distributes the request packet to the firewall 1 for processing. Assuming that the source address of the request packet...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/741H04L29/06H04L45/74
Inventor 蔡自彬
Owner NEW H3C TECH CO LTD