Security resource pool access method and system of data center
An access method and resource pool technology, which is applied in the field of secure resource pool access in data centers, can solve problems such as complex policy management, complex policy routing tables, and easy conflicts, and achieve more simplified and automated management and simplified transfer. The effect of posting items
Active Publication Date: 2018-06-15
SANGFOR TECH INC
View PDF4 Cites 17 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] 2. It is impossible to deploy the security resource pool in the mode of Layer 2 bridging (without router);
[0008] 3. In the current security resource pool drainage method, the service chain implemented by policy routing is not flexible, and the matching domain is limited (generally based on the port where the data packet arrives at the router and the source / destination IP address of the data packet), the policy management is complicated, and it is easy to generate conflict
Especially for a layer of virtual / physical routing structure, the policy routing table is more complicated
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0069] The embodiment of the present invention provides a data center security resource pool access method and system, which are used to connect the security resource pool to the data center in the mode of bridging or routing, and use the service chain drainage device to customize the matching domain and service The packet method of NSH in the header of the chain data packet simplifies the forwarding entries related to traffic drainage, and realizes the simplification and automation of flow entry management.
[0070] For ease of understanding, the professional vocabulary in the text is explained as follows:
[0071] leaf-spine: data center leaf-spine network structure, two-tier architecture, suitable for data centers with a lot of east-west traffic.
[0072] Three-tier architecture: The three-tier network architecture of the data center is divided into core, aggregation and access layers, which is suitable for traditional data centers with mostly north-south traffic.
[0073]...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention discloses a security resource pool access method and system of a data center for accessing a security resource pool to the data center in a bridging or routing mode. The method in the embodiment of the invention comprises the following steps: configuring a network docking device, a service chain drain device and a security function component of the security resourcepool, wherein the network docking device comprises a router and / or a switching device, the service chain drain device comprises a switching device, and the switching device supports flexible drain ofa customized matching domain; and accessing the security function component to a local data center through the service chain drain device and the network docking device in the bridging mode or the routing mode, so that the service chain drain device drains the customer traffic flow of the local data center to the security function component by using a package mode of service chain data packet header NSH.
Description
technical field [0001] The invention relates to the technical field of computer security, in particular to a data center security resource pool access method and system. Background technique [0002] As the concept of security resource pools is gradually accepted by the public, the deployment schemes of security resource pools are gradually increasing. [0003] The general deployment method of modern data centers is a three-layer network structure, that is, core layer-aggregation layer-access layer, or a two-layer network structure, that is, leaf-Spine (leaf node-spine node) structure. Among them, the three-tier network structure is suitable for traditional data centers or campus networks where north-south traffic is the majority, and the two-tier network structure is suitable for new data centers where east-west traffic is the majority. As a collection of security function components, the security resource pool is integrated into the data center to improve the security cap...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24
CPCH04L41/0803
Inventor 陈晓帆马耀泉古亮
Owner SANGFOR TECH INC