A cloud firewall high-availability protection method and system based on a multi-master and one-backup architecture

By employing a multi-master, one-standby cloud firewall system and utilizing multi-dimensional health assessment and context-aware technologies, the system achieves efficient, reliable, and rapid failover of the cloud firewall. This solves the problems of resource waste and failover latency in existing technologies and enhances the security and business continuity of the cloud platform.

CN122160156APending Publication Date: 2026-06-05CHINA ELECTRONICS CLOUD DIGITAL INTELLIGENCE TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA ELECTRONICS CLOUD DIGITAL INTELLIGENCE TECH CO LTD
Filing Date
2026-03-26
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing cloud firewall high availability architectures suffer from low resource utilization, insufficient fault detection accuracy, difficulty in ensuring policy consistency, and poor switching timeliness, making it difficult to meet the high availability requirements of cloud platforms.

Method used

It adopts a multi-master, one-standby architecture, identifies the failure of protection functions through a multi-dimensional health assessment mechanism, achieves seamless traffic switching, and dynamically loads security policies by combining lightweight backup instances and context-aware technology.

Benefits of technology

It improves resource utilization efficiency, enhances protection reliability, optimizes switching timeliness, supports multi-tenant isolation, and reduces the risk of business interruption.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160156A_ABST
    Figure CN122160156A_ABST
Patent Text Reader

Abstract

The application discloses a cloud firewall high-availability protection method and system based on a multi-master-standby architecture. The method comprises the following steps: multi-master-standby configuration synchronization, allocating a unique context identifier to n master firewall instances, and aggregating and isolating the security policies of each master instance in real time; intelligent fault detection, collecting multi-dimensional health indicators and calculating a health score, and sending a switching request after determining that the protection is invalid; context-aware traffic switching, routing the traffic of the faulty instance to the backup instance, and dynamically loading the corresponding policies according to the context identifier to realize seamless takeover; and lightweight operation of the backup instance, keeping an empty data plane framework when starting, and activating the policies to the data plane when receiving the switching instruction or the first packet traffic. The application significantly reduces resource consumption through an n:1 backup architecture, accurately identifies the'surviving but invalid' fault through multi-dimensional health assessment, realizes seamless switching at a second level, and is suitable for cloud native security protection scenarios of multi-tenant and multi-VPC.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of cloud firewall protection technology, and in particular to a high-availability protection method, system, computer-readable storage medium, and electronic device for cloud firewalls based on a multi-master-one-standby architecture. Background Technology

[0002] With the rapid development of cloud computing technology, cloud platforms have become the core carrier of enterprise digital infrastructure. As a key component for ensuring the security of the cloud environment, the high availability of firewalls is directly related to business continuity and data security.

[0003] In existing technologies, the high availability architecture of cloud firewalls mainly adopts the following two modes:

[0004] 1. 1:1 primary / backup redundancy mode

[0005] This model configures a dedicated backup instance for each primary firewall instance, forming a one-to-one redundancy relationship. While this solution enables rapid failover in case of failure, its resource utilization is low—the backup instance remains idle for extended periods, resulting in a significant waste of computing, storage, and network resources, making it difficult to meet the economic requirements of large-scale cloud platform deployment.

[0006] 2. Cluster load balancing mode

[0007] This model uses a cluster of multiple firewall instances and employs load balancing technology to distribute service traffic and improve overall throughput. However, this architecture has the following limitations: First, when a single instance experiences policy configuration anomalies, rule failures, or performance degradation, there is a lack of precise fault isolation mechanisms, and abnormal traffic may be incorrectly distributed to the faulty node; Second, the policy configurations of each instance are maintained independently, making it difficult to guarantee the consistency and synchronization of global policies, increasing the complexity of security policy management.

[0008] Furthermore, existing health monitoring mechanisms generally suffer from a lack of comprehensive detection dimensions. Traditional solutions often rely on heartbeat detection to determine instance liveness, which can only identify instance-level failures (such as process crashes or node downtime). They cannot effectively identify deeper failure scenarios where "the instance is alive but protection functions are ineffective," including malicious bypassing of security rules or logical errors leading to failure, interruption of log collection and auditing functions, and silent packet loss due to CPU overload or memory exhaustion. The continued existence of such "sub-healthy" states will create substantial gaps in security protection.

[0009] Regarding failover mechanisms, in the traditional cold standby mode, backup instances need to go through a complete system initialization, configuration loading, and service startup process. The switching delay is usually in the tens of seconds to minutes, which is difficult to meet the stringent service continuity requirements of critical businesses and poses a significant risk of business interruption.

[0010] In summary, existing cloud firewall high availability solutions have shortcomings in resource efficiency, fault detection accuracy, policy consistency assurance, and switchover timeliness. Therefore, there is an urgent need for a new high availability architecture that combines resource conservation, intelligent state awareness, and rapid seamless switchover capabilities to meet the higher security requirements of cloud-native environments. Summary of the Invention

[0011] To address the aforementioned problems in existing technologies, this application proposes a novel high-availability protection method for cloud firewalls based on a multi-master, one-standby architecture.

[0012] Specifically, this application provides the following technical solutions:

[0013] The first aspect of this application provides a high-availability protection method for cloud firewalls based on a multi-master, one-standby architecture, such as... Figure 1 As shown, the method includes:

[0014] S1. Multi-master and one-backup configuration synchronization: Deploy n primary firewall instances and 1 backup firewall instance in the virtual private cloud (VPC) of the cloud platform. Assign a unique context identifier to each primary firewall instance. The backup firewall instance subscribes to policy change events in the control plane, and aggregates and stores the security policies of each primary firewall instance in real time in an isolated manner.

[0015] S2. Intelligent Fault Detection: Collect multi-dimensional health indicators of each main firewall instance, calculate a health score based on the health indicators, and determine that the corresponding main firewall instance has failed protection when the health score is lower than a preset threshold and continues for a preset duration, and send a switch request to the control plane.

[0016] S3. Seamless switching of context-aware traffic: The control plane responds to the switching request and switches the traffic route originally directed to the faulty primary firewall instance to the backup firewall instance. The backup firewall instance dynamically loads the corresponding security policy according to the context identifier carried by the traffic, realizing seamless logical takeover.

[0017] S4. Lightweight operation of backup instances: When the backup firewall instance starts, it loads the policy parsing engine and message subscription client; upon receiving a switching command or the first packet of traffic, it activates the corresponding security policy to the data plane and completes connection status processing and switching confirmation.

[0018] Furthermore, in the method of this application, the context identifier mentioned in step S1 includes tenant information and network context information;

[0019] The policy change event is published through a message middleware, and the backup firewall instance subscribes to the topic of the message middleware to receive policy updates; the policy change event includes firewall identifier, version number, timestamp, policy content, and digital signature.

[0020] Furthermore, in the method of this application, step S1 further includes: the backup firewall instance internally maintains a policy cache dictionary, using the firewall identifier as the key and the latest policy snapshot as the value; it only receives policy updates with version numbers higher than the current cache version, and verifies the digital signature or hash value; if the verification fails, the update is discarded; and

[0021] Periodically persist policy cache dictionary snapshots to local disk or object storage for cold start recovery.

[0022] Furthermore, in the method of this application, the multi-dimensional health indicators mentioned in step S2 include: heartbeat survival status, rule hit rate, CPU utilization, new connection rate, and log reporting latency.

[0023] Furthermore, in the method of this application, the health score mentioned in step S2 is calculated using the following weighted formula:

[0024] H = w1•H hb + w2•H rule + w3•H cpu + w4•H log ;

[0025] In the formula, H hb H is the normalized value of the heart rate index. rule H is the normalized value of the rule hit rate. cpu H is the normalized value of CPU utilization. log is the log latency normalized value; w1, w2, w3, and w4 are the corresponding weight coefficients, and satisfy w1 + w2 + w3 + w4 = 1.

[0026] Furthermore, in the method of this application, the weighting coefficients are: w1 = 0.2, w2 = 0.4, w3 = 0.3, w4 = 0.1.

[0027] Furthermore, in the method of this application, step S2 also includes: calculating the moving average and standard deviation of each indicator based on historical data, and dynamically setting an abnormal threshold; when the indicator value deviates from the moving average by more than a preset multiple of the standard deviation, the indicator is determined to be abnormal.

[0028] Furthermore, in the method of this application, the context identifier carried by the traffic in step S3 is attached to the network layer metadata through traffic marking rules; the backup firewall instance listens to the network card traffic, and when it receives the first data packet carrying the context identifier, it queries the policy cache to obtain the corresponding security policy and activates it to the data plane.

[0029] Furthermore, in the method of this application, the connection state processing in step S4 includes: for stateless protocols, directly processing and allowing the client to retry; for stateful protocols, when the faulty primary firewall instance fails the health check for the first time, actively pushing the list of active connection 5-tuples to the backup firewall instance;

[0030] The backup firewall instance uses an internal format for its pre-compilation policy of context identifiers for high-frequency access, and the internal format includes a BPF bytecode template.

[0031] The backup firewall instance normally runs with low resource configuration. When a switchover is triggered, it calls the cloud platform's elastic scaling interface to temporarily expand its capacity, and then automatically shrinks back after a preset duration.

[0032] A second aspect of this application provides a cloud firewall high-availability protection system based on a multi-master, one-standby architecture, the system comprising:

[0033] Multi-master-one-backup configuration synchronization module: used to deploy n primary firewall instances and 1 backup firewall instance in the virtual private cloud (VPC) of the cloud platform, assign a unique context identifier to each primary firewall instance, and the backup firewall instance aggregates and stores the security policies of each primary firewall instance in real time by subscribing to policy change events in the control plane.

[0034] Intelligent Fault Detection Module: Used to collect multi-dimensional health indicators of each main firewall instance, calculate a health score based on the health indicators, and determine that the corresponding main firewall instance has failed protection when the health score is lower than a preset threshold and continues to reach a preset duration, and send a switch request to the control plane.

[0035] Seamless traffic switching module: used to control the plane to respond to the switching request and switch the traffic route originally directed to the faulty primary firewall instance to the backup firewall instance. The backup firewall instance dynamically loads the corresponding security policy according to the context identifier carried by the traffic to achieve seamless logical takeover.

[0036] The backup instance lightweight operation module is used to load the policy parsing engine and message subscription client when the backup firewall instance starts; upon receiving a switching command or the first packet of traffic, it activates the corresponding security policy to the data plane and completes connection state processing and switching confirmation.

[0037] The system implements the steps of the aforementioned cloud firewall high availability protection method based on a multi-master, one-standby architecture during runtime.

[0038] A third aspect of this application provides an electronic device, including: a memory and a processor;

[0039] Memory: Used to store computer programs;

[0040] Processor: Used to execute the computer program to implement the steps of the aforementioned cloud firewall high availability protection method based on a multi-master-one-standby architecture.

[0041] A fourth aspect of this application provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, it implements the steps of the aforementioned cloud firewall high availability protection method based on a multi-master-one-standby architecture.

[0042] In summary, the cloud firewall high availability protection method based on a multi-master, one-standby architecture proposed in this invention has the following significant advantages compared to existing technical solutions:

[0043] 1. Resource utilization efficiency has been significantly improved.

[0044] By adopting a multi-master shared backup deployment model, the number of backup instances is reduced from n in the traditional 1:1 redundancy model to 1, resulting in a backup resource saving ratio of (n-1) / n. Taking n=3 as an example, the total cost of ownership (TCO) is reduced by more than 50%, effectively improving cloud resource utilization efficiency.

[0045] 2. Enhanced protection reliability

[0046] Breaking through the limitations of traditional heartbeat detection, this system employs a multi-dimensional health assessment mechanism to identify hidden fault scenarios where instances are alive but protection functions are ineffective (such as rule failure, log interruption, performance degradation, etc.), thus achieving true protection effectiveness assurance.

[0047] 3. Optimized switching timeliness

[0048] Employing a hot standby mechanism, the failover delay is controlled to within 1 second, while also supporting seamless migration between stateful connections and stateless protocols, minimizing the risk of business interruption.

[0049] 4. Multi-tenant isolation capability

[0050] It supports policy deployment in multi-tenant and multi-VPC (Virtual Private Cloud) scenarios, and ensures that the security policies of different tenants are independent of each other through a logical isolation mechanism, thus eliminating the risk of cross-contamination of policies.

[0051] Other features and advantages of this application will be set forth in detail in the following description, or will become apparent through the implementation of the relevant technical solutions of this application. The objectives and other advantages of this application can be achieved through the technical features and means explicitly pointed out in the description, claims, and drawings, and will be obtained through the implementation of these technical contents. Attached Figure Description

[0052] To more clearly illustrate the technical solution of this application, the accompanying drawings involved in the description of this invention will be briefly introduced below. It should be noted that the drawings only show some embodiments of the invention. For those skilled in the art, other related drawings can be derived from these drawings without creative effort.

[0053] Figure 1 This is a flowchart illustrating the overall implementation process of the cloud firewall high availability protection method based on a multi-master, one-standby architecture according to the present invention.

[0054] Figure 2 This is a schematic diagram illustrating the implementation process of strategy synchronization in the present invention.

[0055] Figure 3 This is a schematic diagram illustrating the implementation process of primary / standby switching in the present invention.

[0056] Figure 4 This is a structural diagram of the cloud firewall high availability protection system based on a multi-master, one-standby architecture, according to the present invention.

[0057] Figure 5 This is a schematic diagram of the structure of an electronic device provided in an embodiment of the present invention. Detailed Implementation

[0058] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. It should be noted that the described embodiments are only some embodiments of this application, and not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of this application without creative effort are within the protection scope of this application.

[0059] In this document, the term "comprising" and any variations thereof (such as "including," "including," etc.) are open-ended expressions and should be understood as "including but not limited to," meaning that the listed content is not exhaustive and may include other content not explicitly mentioned. The term "based on" should be understood as "at least partially based on," meaning that the basis or condition referred to may not be the only factor and may involve other relevant factors. The term "one embodiment" should be understood as "at least one embodiment," meaning that the described embodiment is not the only possible implementation, and other similar embodiments may exist.

[0060] In this application, the terms "a" and "a plurality of" are used to modify related elements or features, and their expression is illustrative rather than restrictive. Unless otherwise expressly stated in the context, "a" should be understood as "at least one," and "a plurality of" should be understood as "at least two." Those skilled in the art should reasonably interpret these terms based on the semantic and logical relationships of the context to ensure that they cover the possibility of "one or more."

[0061] Example: A high-availability protection method and system for cloud firewalls based on a multi-master, one-standby architecture.

[0062] This invention provides an n:1 multi-master-one-standby cloud firewall deployment architecture. Through dynamic configuration synchronization, intelligent health assessment, context-aware switching, and lightweight activation mechanism, it significantly reduces resource consumption and operational complexity while ensuring the continuity of security protection.

[0063] The system of this invention includes the following core components:

[0064] (1) Multi-master-one-standby dynamic configuration synchronization component: Security policy for real-time aggregation and isolation of backup instances and storage of n master instances;

[0065] (2) Intelligent fault detection component based on protection health status: comprehensively judge faults based on multi-dimensional data such as heartbeat, strategy effectiveness, and performance indicators;

[0066] (3) Context-aware seamless traffic switching component: Automatically loads the corresponding strategy according to the traffic source to achieve seamless logic takeover;

[0067] (4) Lightweight preloading and fast activation of backup instance components: strategy preheating + data plane loading to achieve second-level switching.

[0068] The cloud firewall high availability protection method based on a multi-master-one-standby architecture of the present invention includes the following main steps:

[0069] Step 1: Multi-master and one-standby configuration synchronization

[0070] Figure 2 The implementation process of policy synchronization in this scheme is demonstrated.

[0071] Deploy n primary firewall instances (FW1…FW) in a VPC on the cloud platform. n Each of them handles its own business traffic.

[0072] Deploy 1 backup firewall instance (FW) bak It does not access business traffic, but connects to the unified control plane.

[0073] Assign a unique context identifier to the primary firewall instance

[0074] 1. For each primary firewall instance (FW1…FW…) n Assign a unique ID, such as fw id = "tenantA-vpc123", contains tenant and network context information.

[0075] 2. Establish a unified channel for policy change events.

[0076] Deploy message middleware (such as Apache Kafka, RabbitMQ, or etcd Watch) in the control plane.

[0077] Whenever the policy of any primary instance changes (adding / deleting / modifying ACLs, WAF rules, IPS policies, etc.), a structured event is immediately published to the firewall-policy-updates topic, with the following format example:

[0078] {

[0079] "fw_id": "tenantA-vpc123",

[0080] "version": "20251206-001",

[0081] "timestamp": 1701876543,

[0082] "rules": [ / * Strategy content * / ],

[0083] "signature": "sha256:abc123..."

[0084] }

[0085] 3. Backup instance subscription and partition caching strategy

[0086] Backup Instance (FW) bak When starting up, subscribe to the above event topics;

[0087] Internally, a policy cache dictionary is maintained, with the key fw. idThe value is the latest policy snapshot:

[0088] policy_cache = {

[0089] "tenantA-vpc123": { "version": "...", "rules": [...], "last_sync": ts},

[0090] "tenantB-vpc456": { ...}

[0091] }

[0092] Use a caching mechanism to limit the cache size (e.g., cache a maximum of 50 active tenants).

[0093] 4. Incremental synchronization and consistency verification

[0094] Only accept policy updates with higher version numbers; verify digital signatures or SHA256 hashes to prevent man-in-the-middle tampering; if verification fails, log an alarm and discard the update.

[0095] 5. Regularly persist snapshots

[0096] Every 5 minutes, a policy_cache snapshot is written to the local disk or object storage (such as S3 / OSS) for cold start recovery.

[0097] Step 2: Intelligent Fault Detection Based on Protection Health Status

[0098] Figure 3 The implementation process of primary / standby switchover in this scheme is demonstrated.

[0099] Define health index collection items

[0100] 1. Deploy a lightweight probe (Agent) on each primary firewall instance to periodically (e.g., every 10 seconds) report the following data to the monitoring center:

[0101] a. heartbeat_alive: Boolean value (whether to respond to ping / API);

[0102] b. rule_hit_rate: Number of rule hits in the past 60 seconds / Total number of connections;

[0103] c. cpu_utilization: CPU utilization (%)

[0104] d. new_conn_rate: Rate of new connection (conn / s);

[0105] e. log_delivery_delay: Delay (in seconds) for the last log entry to be reported.

[0106] 2. Construct a dynamic baseline

[0107] (1) For each indicator, calculate the moving average and standard deviation over the past 7 days;

[0108] (2) Dynamically set the abnormal threshold (e.g., rule_hit_rate < μ - 2σ is considered abnormal).

[0109] Calculate the weighted health score H once per minute:

[0110] H = w1•H hb + w2•H rule + w3•H cpu + w4•H log

[0111] Recommended weighting:

[0112] w1 = 0.2 (heartbeats);

[0113] w2 = 0.4 (strategy effectiveness, most important);

[0114] w3 = 0.3 (performance);

[0115] w4 = 0.1 (log integrity).

[0116] Each sub-item is normalized to the [0,1] interval (1=healthy, 0=severely abnormal).

[0117] Triggering switch determination:

[0118] a. If H < 0.6 and lasts for ≥60 seconds, then mark the fw. id "Protection failure";

[0119] b. Send a handover request to the control plane: {"action": "failover", "failed_fw_id": "tenantA-vpc123"}.

[0120] Manual review interface

[0121] Provides an API for operations and maintenance personnel to view health details, supporting manual overriding and automatic decision-making. Accurately identifies firewall instances that are "alive but ineffective," avoiding accidental or missed shutdowns.

[0122] Step 3: Seamless Context-Aware Traffic Switching

[0123] Tagging at traffic entry points

[0124] 1. Configure traffic labeling rules at the cloud platform network layer: For all traffic from the subnet where FW1 is located, add metadata: x-fw-context: tenantA-vpc123.

[0125] 2. Control plane performs route switching: Upon receiving a failover request, it calls the cloud platform API to change the traffic route originally pointing to FW1 to FW. bak IP / ENI.

[0126] 3. Backup instance dynamic loading strategy

[0127] FW bak Monitor its own network interface card traffic; when it receives the first data packet with the tag x-fw-context: tenantA-vpc123, it queries policy_cache to get the corresponding policy. If it is not loaded, it immediately activates the policy to the data plane (such as iptables / nftables / eBPF map).

[0128] 4. Handling connection status

[0129] Stateless protocols (HTTP / HTTPS): handle directly, client retry;

[0130] Stateful protocols (TCP / SSH): When the primary instance experiences its first health check anomaly, it proactively pushes a list of active connection 5-tuples to the server. bak (via encrypted gRPC channel).

[0131] 5. Confirm switch complete

[0132] FW bak Post back to the control plane {"status": "activated", "fw_id": "tenantA-vpc123"};

[0133] The control plane updates its state and stops sending traffic to the original primary instance. This ensures that traffic switching occurs within less than 1 second, the policy matches correctly, and services are unaffected.

[0134] Step 4: Activate Lightweight Running Mode

[0135] FW bak Load the policy parsing engine (such as Rego or YAML parser) at startup, subscribe to the message client, and keep the data plane framework empty (do not bind to the network card, do not load rules).

[0136] The preheating policy cache is maintained by a background thread that continuously pulls policy updates from the message queue and populates the policy_cache; this is used for frequently accessed scripts. id(If there was traffic in the past hour), the pre-compilation strategy is internal format (such as BPF bytecode template).

[0137] Data plane loading: Data plane processing modules (such as Netfilter hook, XDP program) are initially in a "dormant" state; only when a switching command is received or the first traffic packet with a context label is the corresponding policy loaded into the kernel; the virtual network interface card is bound or the BPF program is attached; the connection tracking (conntrack) module is started (if there are state requirements).

[0138] Resource elastic scaling (cloud platform integration): Normally runs at a low configuration (e.g., 0.5 vCPU); when a switch is triggered, the cloud platform's Auto Scaling API is called to temporarily expand to the standard configuration (e.g., 2 vCPU), and automatically shrinks back after 10 minutes.

[0139] Health self-check and readiness report: After activation, perform a self-check (such as pinging the gateway and verifying rule loading).

[0140] Figure 4 The image shows a cloud firewall high-availability protection system based on a multi-master, one-standby architecture proposed in this application. The system includes:

[0141] Multi-master-one-backup configuration synchronization module: used to deploy n primary firewall instances and 1 backup firewall instance in the virtual private cloud (VPC) of the cloud platform, assign a unique context identifier to each primary firewall instance, and the backup firewall instance aggregates and stores the security policies of each primary firewall instance in real time by subscribing to policy change events in the control plane.

[0142] Intelligent Fault Detection Module: Used to collect multi-dimensional health indicators of each main firewall instance, calculate a health score based on the health indicators, and determine that the corresponding main firewall instance has failed protection when the health score is lower than a preset threshold and continues to reach a preset duration, and send a switch request to the control plane.

[0143] Seamless traffic switching module: used to control the plane to respond to the switching request and switch the traffic route originally directed to the faulty primary firewall instance to the backup firewall instance. The backup firewall instance dynamically loads the corresponding security policy according to the context identifier carried by the traffic to achieve seamless logical takeover.

[0144] The backup instance lightweight operation module is used to load the policy parsing engine and message subscription client when the backup firewall instance starts; upon receiving a switching command or the first packet of traffic, it activates the corresponding security policy to the data plane and completes connection state processing and switching confirmation.

[0145] The above system implements the steps of the cloud firewall high availability protection method based on a multi-master-one-standby architecture disclosed in this application during runtime.

[0146] The flowcharts and block diagrams in the accompanying drawings illustrate possible implementations of systems, methods, and computer program products according to various embodiments of this application, including architecture, functionality, and operation. In these figures, each block may represent a module, program segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should be noted that each block in the block diagrams and / or flowcharts, and combinations thereof, can be implemented using either a dedicated hardware-based system or a combination of dedicated hardware and computer instructions to achieve the specified function or operation.

[0147] like Figure 5 As shown in the illustration, an embodiment of this application also discloses an electronic device, including: a processor 310, a communication interface 320, a memory 330 for storing a processor-executable computer program, and a communication bus 340. The processor 310, communication interface 320, and memory 330 communicate with each other via the communication bus 340. The processor 310 executes the executable computer program to implement the steps of the aforementioned high-availability protection method for a cloud firewall based on a multi-master, one-standby architecture.

[0148] It is understood that, in addition to memory and a processor, this electronic device may also include input devices (such as a keyboard), output devices (such as a display), and other communication modules. These input devices, output devices, and other communication modules all communicate with the processor through I / O interfaces (i.e., input / output interfaces).

[0149] The operations described in this application can be implemented by writing computer program code using one or more programming languages ​​or a combination thereof. The programming languages ​​include, but are not limited to, the following types:

[0150] Object-oriented programming languages, such as Java, Smalltalk, C++, etc.

[0151] Conventional procedural programming languages, such as "C" or similar programming languages.

[0152] The execution methods of program code include, but are not limited to:

[0153] It runs entirely on the user's computer;

[0154] Part of it executes on the user's computer, and part of it executes on a remote computer;

[0155] Execute as a standalone software package;

[0156] It is executed entirely on a remote computer or server.

[0157] In scenarios involving remote computers, the remote computer can connect to the user's computer via any type of network, including but not limited to local area networks (LANs) or wide area networks (WANs). Furthermore, the remote computer can also connect to external computers through an internet service provider, for example, by utilizing the internet for connection.

[0158] Furthermore, this application also discloses a computer-readable storage medium, which, when the instructions in the computer-readable storage medium are executed by the processor of an electronic device, enables the electronic device to perform the various steps of the cloud firewall high availability protection method based on a multi-master-one-standby architecture disclosed in this application.

[0159] In the context of this application, a computer-readable storage medium refers to a tangible medium capable of storing computer program code and related data. Specific examples include, but are not limited to, the following:

[0160] (1) Portable computer disk: such as floppy disks and other removable magnetic storage media.

[0161] (2) Hard disk: including mechanical hard disks and solid-state hard disks and other fixed storage devices.

[0162] (3) Random Access Memory (RAM): A volatile storage medium used for temporary storage of data and program code.

[0163] (4) Read-only memory (ROM): a non-volatile storage medium used to store fixed programs and data.

[0164] (5) Erasable programmable read-only memory (EPROM) or flash memory: non-volatile storage media that supports multiple erasures and reprogrammings.

[0165] (6) Fiber optic storage devices: storage media based on fiber optic technology.

[0166] (7) Portable compact disc read-only memory (CD-ROM): a read-only medium that stores data in the form of an optical disc.

[0167] (8) Optical storage devices: such as DVDs, Blu-ray discs and other storage media based on optical principles.

[0168] (9) Magnetic storage devices: such as magnetic tapes, disks and other storage media based on magnetic principles.

[0169] (10) Any suitable combination of the above: for example, combining multiple storage media to meet different storage needs.

[0170] These computer-readable storage media can be used to store the program code and related data described in this application to support program execution and persistent data storage.

[0171] Specifically, according to embodiments of this application, the processes described in the flowcharts can be implemented as computer software programs. For example, embodiments of this application relate to a computer program product comprising a computer program carried on a non-transitory computer-readable medium. This computer program contains program code for executing the cloud firewall high-availability protection method based on a multi-master, one-standby architecture disclosed in this application. When this computer program is executed by a processing system, it can achieve the functions defined in the embodiments of this application.

[0172] While the foregoing discussion contains several specific implementation details, these details should not be construed as limiting the scope of this application. The above description is merely a preferred embodiment of this application and an explanation of the technical principles employed. Those skilled in the art should understand that the scope of this application is not limited to technical solutions formed by specific combinations of the above-described technical features. Furthermore, this application should also cover other technical solutions formed by any combination of the above-described technical features or their equivalents without departing from the foregoing disclosed concept.

[0173] Those skilled in the art should also understand that modifications can be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features, without departing from the spirit and scope of the technical solutions of the embodiments of this application. These modifications or substitutions will not cause the essence of the corresponding technical solutions to deviate from the core spirit and scope of the technical solutions of the embodiments of this application.

Claims

1. A high-availability protection method for cloud firewalls based on a multi-master, one-standby architecture, characterized in that, The method includes: S1. Multi-master and one-backup configuration synchronization: Deploy n primary firewall instances and 1 backup firewall instance in the virtual private cloud (VPC) of the cloud platform. Assign a unique context identifier to each primary firewall instance. The backup firewall instance subscribes to policy change events in the control plane, and aggregates and stores the security policies of each primary firewall instance in real time in an isolated manner. S2. Intelligent Fault Detection: Collect multi-dimensional health indicators of each main firewall instance, calculate a health score based on the health indicators, and determine that the corresponding main firewall instance has failed protection when the health score is lower than a preset threshold and continues for a preset duration, and send a switch request to the control plane. S3. Seamless switching of context-aware traffic: The control plane responds to the switching request and switches the traffic route originally directed to the faulty primary firewall instance to the backup firewall instance. The backup firewall instance dynamically loads the corresponding security policy according to the context identifier carried by the traffic, realizing seamless logical takeover. S4. Lightweight operation of backup instances: When the backup firewall instance starts, it loads the policy parsing engine and message subscription client; upon receiving a switching command or the first packet of traffic, it activates the corresponding security policy to the data plane and completes connection status processing and switching confirmation.

2. The method according to claim 1, characterized in that, The context identifier mentioned in step S1 includes tenant information and network context information; The policy change event is published through a message middleware, and the backup firewall instance subscribes to the topic of the message middleware to receive policy updates; the policy change event includes firewall identifier, version number, timestamp, policy content, and digital signature.

3. The method according to claim 2, characterized in that, Step S1 further includes: the backup firewall instance internally maintains a policy cache dictionary, using the firewall identifier as the key and the latest policy snapshot as the value; it only receives policy updates with version numbers higher than the current cached version, and verifies the digital signature or hash value; if verification fails, the update is discarded; and Periodically persist policy cache dictionary snapshots to local disk or object storage for cold start recovery.

4. The method according to claim 1, characterized in that, The multi-dimensional health indicators mentioned in step S2 include: heartbeat survival status, rule hit rate, CPU utilization, new connection rate, and log reporting latency.

5. The method according to claim 1, characterized in that, The health score mentioned in step S2 is calculated using the following weighted formula: H = w1•H hb + w2•H rule + w3•H cpu + w4•H log ; In the formula, H hb H is the normalized value of the heart rate index. rule H is the normalized value of the rule hit rate. cpu H is the normalized value of CPU utilization. log is the log latency normalized value; w1, w2, w3, and w4 are the corresponding weight coefficients, and satisfy w1 + w2 + w3 + w4 = 1.

6. The method according to claim 5, characterized in that, The weighting coefficients are: w1 = 0.2, w2 = 0.4, w3 = 0.3, w4 = 0.

1.

7. The method according to claim 5, characterized in that, Step S2 also includes: calculating the moving average and standard deviation of each indicator based on historical data, and dynamically setting an abnormal threshold; when the indicator value deviates from the moving average by more than a preset multiple of the standard deviation, the indicator is determined to be abnormal.

8. The method according to claim 1, characterized in that, In step S3, the context identifier carried by the traffic is attached to the network layer metadata through traffic marking rules; the backup firewall instance listens to the network interface card traffic, and when it receives the first data packet carrying the context identifier, it queries the policy cache to obtain the corresponding security policy and activates it to the data plane.

9. The method according to claim 1, characterized in that, The connection state handling described in step S4 includes: for stateless protocols, processing is performed directly and the client is allowed to retry; for stateful protocols, the faulty primary firewall instance actively pushes the list of active connection 5-tuples to the backup firewall instance when the health check first fails. The backup firewall instance uses an internal format for its pre-compilation policy of context identifiers for high-frequency access, and the internal format includes a BPF bytecode template. The backup firewall instance normally runs with low resource configuration. When a switchover is triggered, it calls the cloud platform's elastic scaling interface to temporarily expand its capacity, and then automatically shrinks back after a preset duration.

10. A cloud firewall high-availability protection system based on a multi-master, one-standby architecture, characterized in that, The system implements the steps of the cloud firewall high availability protection method based on a multi-master, one-standby architecture as described in any one of claims 1-9 during operation, and the system includes: Multi-master-one-backup configuration synchronization module: used to deploy n primary firewall instances and 1 backup firewall instance in the virtual private cloud (VPC) of the cloud platform, assign a unique context identifier to each primary firewall instance, and the backup firewall instance aggregates and stores the security policies of each primary firewall instance in real time by subscribing to policy change events in the control plane. Intelligent Fault Detection Module: Used to collect multi-dimensional health indicators of each main firewall instance, calculate a health score based on the health indicators, and determine that the corresponding main firewall instance has failed protection when the health score is lower than a preset threshold and continues to reach a preset duration, and send a switch request to the control plane. Seamless traffic switching module: used to control the plane to respond to the switching request and switch the traffic route originally directed to the faulty primary firewall instance to the backup firewall instance. The backup firewall instance dynamically loads the corresponding security policy according to the context identifier carried by the traffic to achieve seamless logical takeover. The backup instance lightweight operation module is used to load the policy parsing engine and message subscription client when the backup firewall instance starts; upon receiving a switching command or the first packet of traffic, it activates the corresponding security policy to the data plane and completes connection state processing and switching confirmation.