Unlock instant, AI-driven research and patent intelligence for your innovation.

Packet transmission equipment and packet transmission system

A relay device and relay system technology, applied in transmission systems, digital transmission systems, safety communication devices, etc., can solve the problems of cumbersomeness, increased transmission and processing time, poor efficiency, etc., and achieve the effect of high-efficiency packet transmission

Inactive Publication Date: 2006-12-27
HITACHI LTD
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, if FW and IDS processing are performed on all traffic processed by the packet relay device, the overall throughput will be quickly limited by the throughput of FW or IDS.
[0006] Furthermore, if the process of transferring packets to the module is performed, only the corresponding transfer and processing time will be increased.
In other words, the more effort is devoted to security assurance, the longer the transmission and processing time will be. On the contrary, if the transmission and processing time are prioritized, the security guarantee will not be sufficient.
[0007] On the other hand, the traffic flowing through the packet relay device includes not only the traffic from ordinary users who are not malicious, but also the traffic from users infected with viruses and the illegal traffic from users with malicious intent.
Regardless of this situation, if these traffics are transmitted to the module and monitored, the throughput will be greatly lost, and it will become a very inefficient transmission form for the traffic of ordinary users who are not malicious.
If the administrator appropriately changes the transmission module of each user according to the processing results in each module, the above problems can be solved. In this case, manual settings are required every time an illegal access is detected, which is cumbersome.
Moreover, after illegal access is detected, it takes time until the administrator recognizes and sets it up, which lacks timeliness

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Packet transmission equipment and packet transmission system
  • Packet transmission equipment and packet transmission system
  • Packet transmission equipment and packet transmission system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Figure 4 A diagram showing the internal configuration of the packet relay device according to this embodiment when the FW function and the IDS function are respectively incorporated as a FW module and an IDS module as shown in FIG. 1 . When the platform module 12 receives a packet from the user by the packet transfer unit 21, it transfers the packet to the user identification unit 31 to identify the sending user.

[0038] In the user-transmission module correspondence table 34 in the packet processing unit 22, there is Figure 5 The table shown records the pairs of users and security levels, and Figure 6 Shown is a table that records pairs of security levels and transport modules. Here, the smaller the security level value is set, the stronger the security can be realized. User 1 has a security level of 1, so the security level is the highest. As the application module of the transfer destination, a FW module and an IDS module are provided. Security level 1 is ma...

Embodiment 2

[0048] Figure 4 In the sampling unit 32, the types and numbers of the application modules associated with the platform modules are grasped. Each time the state changes, the application module sends as Figure 9 The information of "Package Type", "Module Identifier", and "Status" shown in the Figure 7 The control package in the header alone, so this is possible. exist Figure 9 The single value identifier of the module including the type of the module sending the control packet is clearly indicated in the module identifier field of the module, and the status of the module is clearly indicated in the status field. Through the control message, the platform module can initiate an action according to the state of the application module. For example, the processing capacity of the IDS module increases until it exceeds the threshold, and when the packets sent from the platform module cannot be processed, the "overload" information is recorded in Figure 9 in the status field o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Traffic flowing through packet transmission equipment comes in countless variations ranging from traffic from harmless general users, to PC virus-infected users, and users with harmful intent. Transferring all of this traffic together through a module for monitoring causes a great loss in throughput and is an extremely inefficient way to handle general user traffic. After checking the module processing results, the system administrator can resolve this situation by changing each user's transfer module but making this setting manually is unwieldy and lacks flexibility. A security level can be set on table in the platform module linking each user to the destination application module. By dynamically changing this security level according to processing results in each module, each user's destination application module can be changed smoothly and flexibly.

Description

technical field [0001] The present invention relates to a packet relay device that dynamically changes the security level of each user and changes a transfer destination application module according to the type of traffic sent by each user. Background technique [0002] FW (Firewall: Firewall) function and IDS (Intrusion Detection System: Intrusion Detection System) function have been set in each user or each enterprise. However, as the number and layers of users using the Internet increase day by day, it becomes more and more difficult for each user and each company to realize these functions. Currently, there is a structure in which these functions are provided by the packet relay device, and users and enterprises are not aware of the existence of FW and IDS functions. When the FW function and IDS function are realized by the packet relay device used in the IP network, there are two methods, one is to incorporate modules into the packet relay device, and the other is to c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/10H04L29/06
CPCH04L63/105H04L63/0209H04L63/145H04L63/1416
Inventor 饭岛智之坂本健一东村邦彦
Owner HITACHI LTD