A distributed firewall definition method and system

Abstract

The invention discloses a method and system for defining a distributed firewall. The method includes: a firewall component monitors firewall events in real time, and sends firewall configuration information corresponding to the currently monitored firewall events to an OVN database; the OVN database converts the firewall configuration information For the corresponding policy routing, use the policy routing to process the firewall event corresponding to the data stored by itself, and send the data that has changed in the data stored by the firewall event corresponding to the processing to the OVN located on each computing node. Controller; the OVN controller sends the received data to the OVS guard module on the computing node, and the OVS guard module stores the received data in the memory for message forwarding. It can be seen that the present application can realize security isolation and avoid network problems such as network congestion.

Description

Technical field [0001] Technical Field The present invention relates to the firewall, and more particularly, to a method and system for a distributed firewall definitions. Background technique [0002] Openstack the same time (open source framework used in the field of cloud computing) the rapid development of cloud computing, bring resource integration also brings the risk of more use, such as network bandwidth bottleneck problem; for network bandwidth issues, usually using a variety of speed limit or filter traffic diversion method to solve, but these methods are facing a greater threat to network, how to achieve a reasonable rational and efficient allocation of network bandwidth, while ensuring network security is currently an unavoidable problem. [0003] Currently the application scenario based Openstack frame deploy private cloud platform, typically by adding iptables (ip rule list) rules by Openstack native Virtual Router (virtual router), to achieve control and out of the...

AI Technical Summary

Problems solved by technology

[0002] The rapid development of Openstack (open source framework, applied in the field of cloud computing) cloud computing brings advantages of resource integration and also brings more risks in use, such as the bottleneck problem of network bandwidth; for network bandwidth problems, various methods are usually used However, these methods face relatively large network threats. Therefore, how to reasonably and efficiently realize the reasonable allocation of network bandwidth while ensuring network security is an unavoidable problem at present.

[0003] At present, in the application scenario of deploying a private cloud platform based on the Openstack framework, it is usually achieved by adding iptables (ip rule table) rules to the Openstack native Virtual Router (virtual router) to control data packets entering and leaving the virtual network; this With the help of adding iptables rules on the native Virtual Router, since the filtering of traffic is concentrated on the L3 agent, when there is a burst of traffic, security protection and isolation cannot be achieved, and network problems such as network congestion will also occur

Images