Method and system for achieving distributed network safety protection

A distributed network and security protection technology, applied in the field of distributed network security protection, can solve problems that affect the normal and reliable transmission of data traffic, waste of resources, and difficulties in network deployment

Active Publication Date: 2015-01-21
BEIJING VENUS INFORMATION TECH +1
View PDF3 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Virtual firewalls are usually deployed in virtual networks in the form of virtual machines, which share and use virtualized resources in the user's business environment; firewalls usually adopt transparent access methods, which also have great difficulties in network deployment , and connecting a virtual firewall in front of each virtual machine causes a great waste of resources
At present, in order to avoid the above problems, one approach is: connect all virtual machines to a virtual firewall, and filter all data traffic through the virtual firewall; however, when a network failure occurs in the virtual firewall, it will affect data Normal and reliable transmission of traffic, that is, there is a large potential single point of failure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for achieving distributed network safety protection
  • Method and system for achieving distributed network safety protection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0138] In this embodiment, a virtual firewall is established on a driver network card of a physical host in a distributed network as an example to describe a method for security protection of a distributed network.

[0139] When the data traffic of a distributed network enters the distributed network, it must pass through the physical firewall deployed at the entrance and exit of the distributed network to establish a virtual firewall and hang the virtual firewall on the virtual switch.

[0140] Mark the MAC address of the physical firewall or virtual firewall through which data traffic passes through the physical firewall or virtual firewall.

[0141] The physical firewall is responsible for filtering the north-south data traffic, and each business virtual machine contains its own judgment module, which is responsible for judging the east-west data traffic passing through the first virtual network card of the business virtual machine:

[0142]Obtain and record the MAC address...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for achieving distributed network safety protection. The method comprises the steps that the side of a virtual firewall is hung on a virtual switch; whether data flow which is not from or sent to a physical firewall is filtered by the virtual firewall or not is judged through a service virtual machine, if yes, the data flow is forwarded, and otherwise, the data flow is sent to the virtual firewall; the received data flow is filtered through the virtual firewall, and after it is determined that the data flow is safe, the data flow is forwarded back to the service virtual switch, and otherwise the data flow is abandoned. According to the method and system, after the data flow which is not from or sent to the physical virtual wall is judged, the data flow needing to be filtered is sent to the side-hung virtual firewall to be filtered through the service virtual machine, and the data flow which does not need to be filtered is directly forwarded. Network topology is changed a little, it is guaranteed that all the data flow entering in a virtual machine system is filtered, and the resource consumed by the virtual firewall is reduced.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a method and system for realizing distributed network security protection. Background technique [0002] Cloud computing is another new revolution in computers and the Internet. It transfers computing and storage to the cloud, and users can use lightweight portable terminals to perform complex calculations and large-capacity storage. From a technical point of view, cloud computing is not just a new concept, parallel computing and virtualization are the main technical means to realize cloud computing applications. Due to the rapid development of hardware technology, the performance of an ordinary physical server far exceeds the hardware performance requirements of an ordinary single user. Therefore, virtualizing a physical server into multiple virtual machines and providing virtualization services through virtualization has become the technical basis for bu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCG06F9/45504H04L63/0218
Inventor 李陟曲武
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap