Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A virtual firewall optimization method and system based on software-defined network

A software-defined network and virtual firewall technology, applied in the field of virtual firewall, can solve the problems of unsolvable firewall performance, poor fault tolerance, high implementation cost, etc., and achieve the effect of avoiding complex state synchronization problems, reducing configuration, and simplifying construction

Active Publication Date: 2020-07-31
GUANGZHOU BINGO SOFTWARE
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the cloud computing scenario, the existing industrial firewall cluster technology generally adopts the mode of one master and multiple backups. In this way, only one firewall works at the same time, which cannot solve the single-point problem of firewall performance.
In addition, the deployment of firewall technology itself supports the cluster architecture, but requires the auxiliary implementation of multi-link configuration of specific hardware network devices. This method is complex in configuration, poor in fault tolerance, and high in implementation costs, making it difficult to promote it on a large scale in cloud computing scenarios.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A virtual firewall optimization method and system based on software-defined network
  • A virtual firewall optimization method and system based on software-defined network
  • A virtual firewall optimization method and system based on software-defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] Such as figure 1 As shown, this embodiment discloses a virtualized firewall cluster deployment architecture, wherein the nodes of the virtual firewall cluster are deployed on computing node servers, and their virtual network cards are connected to the local SDN switch, and the information of the firewall cluster is registered to the SDN controller , the configuration information between firewall nodes in the same firewall cluster should be consistent.

[0058] Such as figure 2 As shown, this embodiment also discloses a software-defined network-based virtual firewall optimization method, which is applicable to the above-mentioned figure 1 The shown firewall cluster deployment architecture, specifically, this method includes the following steps:

[0059] S1. The SDN controller controls the SDN switch to reply the ARP addressing message from the cloud host to the firewall cluster IP address, so as to set the Mac address of the firewall cluster IP address as a globally u...

Embodiment 2

[0112] This embodiment discloses a software-defined network-based virtual firewall optimization system, including an SDN switch connected to multiple firewall clusters and an SDN controller connected to the SDN switch; wherein, the SDN switch and the SDN controller perform as in Embodiment 1 The described steps are to realize the optimization of the firewall system.

[0113] The software-defined network-based virtual firewall optimization system disclosed in Embodiment 2 corresponds to the software-defined network-based virtual firewall optimization method disclosed in Embodiment 1, and its specific technical details and technical effects are also similar, and will not be repeated here repeat.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virtual firewall optimization method and system based on a software-defined network. The SDN controller sends an ARP response flow table to control the SDN switch, so as to realize the unified ARP of the IP address / elastic IP address of the firewall cluster. Response, to solve the problem of Mac address conflict or Mac address drift in the firewall cluster, without any additional adjustments to the firewall cluster or the physical data center network. Multi-active load firewall cluster. Through the technical solution disclosed in the present invention, the configuration of the firewall cluster can be reduced to the greatest extent, and the single firewall can easily build a firewall cluster without additional configuration, and the cloud host is used as the load factor to achieve load balancing through the SDN control flow table This method can effectively avoid the complex state synchronization problem between firewall cluster nodes and the split-brain problem between firewall clusters.

Description

technical field [0001] The invention belongs to the technical field of virtual firewalls, and in particular relates to a software-defined network-based virtual firewall optimization method and system. Background technique [0002] SDN network, that is, software-defined network technology, realizes the separation of control process and forwarding process through SDN controller and SDN switch, and realizes flexible configuration of network traffic. In the architecture design of SDN network, SDN controller and SDN switch are included. : The SDN controller communicates with the SDN switch using the OpenFlow protocol. The SDN controller analyzes the network behavior of the host by receiving the Openflow first packet information from the SDN switch. The SDN controller generates a flow table based on the Openflow first packet information and network configuration and sends it to the SDN switch. network processing. [0003] In cloud computing scenarios, the blurring of network bou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08H04L29/12H04L12/741H04L12/931H04L45/74
CPCH04L63/02H04L67/1044H04L61/103H04L45/745H04L49/354H04L2101/622H04L67/1001
Inventor 刘忻林冬艺
Owner GUANGZHOU BINGO SOFTWARE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com