A data center security resource pool access method and system
An access method and resource pool technology, which is applied in the field of secure resource pool access in data centers, can solve problems such as complex policy routing tables, complex policy management, and limited matching domains, so as to simplify forwarding entries and simplify management and automated effects
Active Publication Date: 2021-05-04
SANGFOR TECH INC
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] 2. It is impossible to deploy the security resource pool in the mode of Layer 2 bridging (without router);
[0008] 3. In the current security resource pool drainage method, the service chain implemented by policy routing is not flexible, and the matching domain is limited (generally based on the port where the data packet arrives at the router and the source / destination IP address of the data packet), the policy management is complicated, and it is easy to generate conflict
Especially for a layer of virtual / physical routing structure, the policy routing table is more complicated
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0069] The embodiment of the present invention provides a data center security resource pool access method and system, which are used to connect the security resource pool to the data center in the mode of bridging or routing, and use the service chain drainage device to customize the matching domain and service The packet method of NSH in the header of the chain data packet simplifies the forwarding entries related to traffic drainage, and realizes the simplification and automation of flow entry management.
[0070] For ease of understanding, the professional vocabulary in the text is explained as follows:
[0071] leaf-spine: data center leaf-spine network structure, two-tier architecture, suitable for data centers with a lot of east-west traffic.
[0072] Three-tier architecture: The three-tier network architecture of the data center is divided into core, aggregation and access layers, which is suitable for traditional data centers with mostly north-south traffic.
[0073]...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the present invention discloses a data center security resource pool access method and system, which are used for connecting the security resource pool to the data center in a bridging or routing mode. The method in the embodiment of the present invention includes: configuring a network connection device for a security resource pool, a service chain drainage device, and a security function component, the network connection device includes a router and / or a switching device, the service chain drainage device includes a switching device, and the switching device supports custom matching Flexible drainage of the domain; the security function components are connected to the local data center in bridging mode or routing mode through the service chain drainage device and the network docking device, so that the service chain drainage device uses the NSH packet of the service chain data packet header to connect the local data center of customer business traffic is diverted to security functional components.
Description
technical field [0001] The invention relates to the technical field of computer security, in particular to a data center security resource pool access method and system. Background technique [0002] As the concept of security resource pools is gradually accepted by the public, the deployment schemes of security resource pools are gradually increasing. [0003] The general deployment method of modern data centers is a three-layer network structure, that is, core layer-aggregation layer-access layer, or a two-layer network structure, that is, leaf-Spine (leaf node-spine node) structure. Among them, the three-tier network structure is suitable for traditional data centers or campus networks where north-south traffic is the majority, and the two-tier network structure is suitable for new data centers where east-west traffic is the majority. As a collection of security function components, the security resource pool is integrated into the data center to improve the security cap...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24
CPCH04L41/0803
Inventor 陈晓帆马耀泉古亮
Owner SANGFOR TECH INC