Distributed virtual firewall device and method

A virtual firewall and firewall technology, applied in the field of computer networks, can solve the problems of insufficient configurable policies and inability to identify business layer data, etc., and achieve the effect of enriching configuration policies and avoiding performance bottlenecks

Inactive Publication Date: 2015-12-09
ZTE CORP
View PDF5 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem to be solved by the present invention is to provide a distributed virtual firewall device and method to solve the problems in the prior art that the configurable strategies are not rich enough, flexible and the control strategy cannot identify the business layer data.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed virtual firewall device and method
  • Distributed virtual firewall device and method
  • Distributed virtual firewall device and method

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0027] The first embodiment of the present invention is a distributed virtual firewall device.

[0028] figure 1 It is a schematic diagram of a distributed virtual firewall device in the first embodiment of the present invention.

[0029] Such as figure 1 As shown, the distributed virtual firewall device provided by the present invention in the embodiment includes: a firewall module 10 and a firewall controller 20 .

[0030] Specifically, the distributed virtual firewall device provided by the present invention in the embodiment is preferably used in a cloud computing environment. For a host cluster in a cloud computing environment, a firewall module 10 is deployed on each host, and a firewall controller 20 is deployed on the control node of the host cluster for unified management and policy configuration of all firewall modules in the entire cluster environment. in:

[0031] The firewall module 10 is used to receive configuration information and firewall policy informatio...

no. 3 example

[0048] The third embodiment of the present invention is applied in system deployment architecture and specific implementation.

[0049] image 3 It is a schematic diagram of the application of the system deployment architecture in the third embodiment of the present invention.

[0050] Such as image 3 As shown, the upper layer in the embodiment represents the cloud computing management node, and the firewall controller is deployed on the cloud computing management node. Among them, the embodiment adopts the mode of active and standby, that is, adopts the mode of the firewall controller host Control1 and the firewall controller backup machine Control2, so that in the case of a problem with the firewall host, the firewall backup machine can run, ensuring that the entire system of normal operation.

[0051] exist image 3 The lower layer shown in the figure is a host node, and a firewall module is deployed on the host node, wherein the firewall module is connected to a corre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a distributed virtual firewall device and a method. The device comprises a firewall controller and a firewall module, wherein the firewall controller is arranged on a cloud calculation management node and sends configuration information and firewall strategy information to the firewall module, the firewall module is arranged on a host node, and filtering detection on network flow in a virtual switch vSwitch is carried out according to the received configuration information and the firewall strategy information. Through the distributed virtual firewall device and the method, filtering detection on the network flow in the virtual switch vSwitch is carried out through the firewall module according to the received configuration information and the firewall strategy information, performance bottleneck in networking can be avoided, and the device further has advantages of abundant configuration strategy and flexible performance.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a distributed virtual firewall device and method. Background technique [0002] In the traditional cloud network security solution, the east-west network traffic control of the virtual network can be divided into two solutions based on the virtual switch configuration access control list (Access Control List, ACL) control strategy and running virtual firewall software in the virtual machine. Program. The implementation of the ACL control strategy based on the virtual switch has the disadvantages that the configurable strategy is not rich enough, flexible and the control strategy cannot identify the data of the business layer; while the firewall software based on the virtual machine has strict networking requirements, complex configuration strategies and problems. There are disadvantages such as performance bottlenecks. Contents of the invention [0003] The technica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L9/40
Inventor 耿兴元王良家丁杰
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap