CN101052047B - Load equalizing method and device for multiple fire-proof wall - Google Patents
Load equalizing method and device for multiple fire-proof wall Download PDFInfo
- Publication number
- CN101052047B CN101052047B CN2007101031628A CN200710103162A CN101052047B CN 101052047 B CN101052047 B CN 101052047B CN 2007101031628 A CN2007101031628 A CN 2007101031628A CN 200710103162 A CN200710103162 A CN 200710103162A CN 101052047 B CN101052047 B CN 101052047B
- Authority
- CN
- China
- Prior art keywords
- fire compartment
- compartment wall
- state
- virtual
- association
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 25
- 238000004891 communication Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 102100022823 Histone RNA hairpin-binding protein Human genes 0.000 description 1
- 101000825762 Homo sapiens Histone RNA hairpin-binding protein Proteins 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Abstract
The invention uses multi firewalls to construct a highly efficient and stable route link. The invention also provide an apparatus thereof used for providing a virtual gateway address for each firewall; each client is pointed to different virtual gateway so as to balance the traffic on each firewall; when one firewall fails, other firewalls can take over the address of the failure firewall to keep the network traffic in normal state.
Description
Technical field
The present invention is a kind of load-balancing method and device of multiple fire-proof wall, belongs to network service and field of information security technology, relates to balanced and the improvement of redundancy backup technology and the raising of performance to the routing overhead of fire compartment wall.
Background technology
Usually, the main frame of internal network all disposes a default gateway, next jumps the interior network interface IP address for the outlet fire compartment wall, all messages of each host access external network of internal network will all at first be sent to the outlet fire compartment wall like this, carry out message by this fire compartment wall then and transmit, thus the communication between realization internal host and the external network.
Adopt the default route mode, because the outlet fire compartment wall only has one, when the outlet fire compartment wall broke down, all were that the main frame and the communication between the external network of default gateway will be interrupted with this fire compartment wall in the internal network, and the communication reliability can't guarantee.
Even if use many fire compartment walls, can not form complementary backup between each fire compartment wall, also just carry out work separately, when wherein one when failure conditions occurring, other fire compartment walls can not be taken over its work effectively, the network interruption may occur.
Summary of the invention
The present invention designs load-balancing method and the device that a kind of multiple fire-proof wall is provided at the problem of depositing in the above-mentioned prior art just, its objective is the load-balancing method that a kind of fire compartment wall is provided, this method makes many fire compartment walls form the routing link of an efficient stable, realizes the highly reliable and high availability of route.Another object of the present invention provides a kind of device that is applicable to this method, this device is every virtual gateway address of fire compartment wall, All Clients points to different gateways, thereby traffic sharing is to each fire compartment wall, when wherein certain fire compartment wall breaks down, other fire compartment walls can the taking over fault wall the address, it is unimpeded to guarantee that network continues.
The inventive method is applicable to the local area network (LAN) of supporting multicast or broadcasting (as Ethernet etc.), supports many Vlan environment, does not need to change the user networking situation, and configuration is simple, and main frame is not had any operation burden, has realized the backup of main frame default gateway.
The objective of the invention is to realize by following measure:
The load-balancing method of this kind multiple fire-proof wall is characterized in that: steps of the method are:
(1) on each fire compartment wall, sets up user-defined configuration information, comprise example and related two parts content in the configuration information, example is the set that is bundled in the virtual ip address on the some network interfaces of fire compartment wall, there are a plurality of examples on the fire compartment wall, association is meant the set of the example that is associated together, there are a plurality of associations on the fire compartment wall, wherein
Example comprises:
-example title;
The IP address that network interface on the-fire compartment wall is virtual;
-virtual route ID and priority;
The port title of-binding;
-select major state, from one of state default conditions as an example;
Association comprises:
-related title;
The title of example in the-association;
(2) on each fire compartment wall, set up a plurality of examples with related, wherein Guan Lian quantity equates with the quantity of the fire compartment wall of foundation, related corresponding one by one on association on each fire compartment wall and other fire compartment wall, there are and have only the default conditions of an association to be main state on each fire compartment wall, all the other related default conditions are from state, and the association that default conditions are main state only appears on the fire compartment wall;
(3) the network interface virtual ip address of the example in the association that default conditions are main state comes into force, and as the gateway of terminal PC, the network interface virtual ip address of all the other default conditions for the example from the association of state is not come into force;
(4) virtual gateway of the fire compartment wall that the gateway sensing of user PC is different, the network interface virtual ip address of the example in the association that the default conditions that promptly come into force are main state;
(5) when certain fire compartment wall lost efficacy, promptly the network interface virtual ip address of this fire compartment wall lost efficacy, with default conditions on related corresponding other fire compartment walls that default conditions on this fire compartment wall are main state for to conduct an election mutually from the related of state, elect an association that priority is the highest and take over the association that default conditions are main state on the inefficacy fire compartment wall, and its state-transition is main state, and its network interface virtual ip address is come into force, will turn to the fire compartment wall at the related place of coming out in the past by new election by the data flow of inefficacy fire compartment wall;
(6) when the fire compartment wall described in the above-mentioned steps (5) is resumed work, the association that its default conditions are main state comes into force, on other fire compartment walls, elect take over its work the state-transition of association for from state, data flow is again to redirect to again on the fire compartment wall of resuming work.
Be applicable to the device of the load-balancing method of above-mentioned multiple fire-proof wall, it is characterized in that: this device comprises:
Core processing module is responsible for example state conversion and event handling scheduling;
The Command Line Parsing module is responsible for resolving configuration file;
State detection module is responsible for monitoring network interface state;
Network communication module is responsible for the reception and the transmission of data message;
Network conf iotag. module is responsible for configuring network interface virtual IP address and virtual route;
Annexation is: Command Line Parsing module, state detection module, network communication module and Network conf iotag. module all are connected with core processing module and construction system.
Adopt vrrp (Virtual Router Redundancy Protocol) agreement in the technical solution of the present invention, vrrp is as a kind of protocol for error tolerance, is applicable to the local area network (LAN) of supporting multicast or broadcasting (as Ethernet etc.).
Description of drawings
Fig. 1 is the load-sharing mode network topological diagram of the embodiment of the invention
Fig. 2 switches topological diagram when going wrong for fire compartment wall in the embodiment of the invention
Fig. 3 is the work transition diagram of the example state machine of the embodiment of the invention
Fig. 4 is the startup software flow pattern of the embodiment of the invention
Fig. 5 is the flow chart of the major state election software of the embodiment of the invention
Fig. 6 is the flow chart of the software of major state synchronously in the association of the embodiment of the invention
Fig. 7 is synchronously from the flow chart of the software of state in the association of the embodiment of the invention
Fig. 8 is the flow chart of the software of error status synchronously in the association of the embodiment of the invention
Fig. 9 is the structural representation of the device of the embodiment of the invention
Embodiment
Below with reference to drawings and Examples technical solution of the present invention is further described:
Shown in accompanying drawing 1, be example with operating state and the process of two fire compartment wall A and fire compartment wall B, illustrate and adopt the routing overhead equilibrium state that technical solution of the present invention realized.Fire compartment wall A is connected respectively with client computer 7 with server 6 with fire compartment wall B, installs in its operating system and realizes the needed computer program file of technical solution of the present invention, and the flow process of this computer program is shown in accompanying drawing 4~8.
Said system adopts the load-balancing method of multiple fire-proof wall of the present invention at work, the steps include:
(1) sets up user-defined configuration information at fire wall A and fire wall B; Comprise example and related two parts content in the configuration information; Example is the set that is bundled in the virtual ip address on the some network interfaces of fire wall; Such as the 10.0.2.253 of Fe2 and the 10.0.1.253 of Fe3; There is Multi-instance on the fire wall; Association refers to the set of the example that is associated together; Set such as the 10.0.1.253 of the 10.0.2.253 of Fe2 and Fe3; It is exactly a kind of association; There are a plurality of associations on the fire wall; Wherein
Example comprises:
-example title;
The IP address that network interface on the-fire compartment wall is virtual;
-virtual route ID and priority;
The port title of-binding;
-select major state, from one of state default conditions as an example;
Association comprises:
-related title;
The title of example in the-association;
Example adopts following format description in the user-defined configuration information of setting up on each fire compartment wall:
vrrp_instance v1{
state MASTER
interface fe2
virtual_router_id 50
priority 100
authentication{
auth_type PASS
auth_pass 5678
}
virtual_ipaddress{
10.0.2.253/24
}
}
| Keyword | Illustrate and above-mentioned state parameter |
| vrrp_instance | VRRP example title: v1 |
| state | The VRRP state, MASTER or BACKUP |
| interface | The port title that detects: fe2 |
| virtual_router_id | VRID, the ID of VRRP example number, scope 1-255: 50 |
| priority | The priority of VRRP, scope 1-254: 100 |
| advert_int | Send the time interval of VRRP multicast bag: 1 second |
| auth_type | Authentication mode, PASS or AH:PASS |
| auth_pass | Authentication password, 8 characters of length: 5678 |
| virtual_ipaddress | Virtual ip address, maximum 20: 10.0.2.253/24 |
The following format description of related employing in the user-defined configuration information of on each fire compartment wall, setting up:
vrrp_sync_group VGA{
group{
v1
v3
}
}
| Keyword | Illustrate and above-mentioned state parameter |
| vrrp_sync_group | Associated name: VGA |
| group | The title of example in the association: v1 v3 |
If all examples all come into force in the association, then this association comes into force; If there is an example in this association to lose efficacy, then think this related whole inefficacy, promptly all examples all lost efficacy in the association.Each is associated with four kinds of states---and init state, major state, from state and error status, concrete state machine conversion is referring to Fig. 3.
(2) it is related with two to set up 4 examples on each fire compartment wall, wherein Guan Lian quantity equates with the quantity of the fire compartment wall of foundation, it all is two, related corresponding one by one on association on each fire compartment wall and another fire compartment wall, there are and have only the default conditions of an association to be main state on each fire compartment wall, all the other related default conditions are from state, and the association that default conditions are main state only appears on the fire compartment wall;
On fire compartment wall A, example is 10.0.2.253, the 10.0.2.254 of Fe2 and 10.0.1.253, the 10.0.1.254 of Fe3, totally four, wherein, be associated as the 10.0.2.254 of 10.0.1.253, Fe2 of the 10.0.2.253 of Fe2 and Fe3 and the 10.0.1.254 of Fe3, totally two, wherein, the related default conditions of the 10.0.2.253 of Fe2 and the 10.0.1.253 of Fe3 are main state, effectively and in the drawings show, and the related default conditions of the 10.0.1.254 of the 10.0.2.254 of Fe2 and Fe3 are from state, wouldn't come into force, so do not show in the drawings;
On the corresponding fire compartment wall B of fire compartment wall A, it is related with two also to exist above-mentioned four examples, and so opposite on just related default conditions and the fire compartment wall A is demonstration situation difference.Like this, related on fire compartment wall A and the fire compartment wall B just formed mutually redundant relation.The gateway of client computer points to the virtual gateway of two fire compartment walls respectively, and two fire compartment walls are shared the flow of whole link.
(3) as previously mentioned, the network interface virtual ip address of the example in the association that default conditions are main state comes into force, and as the gateway of terminal PC, the network interface virtual ip address of all the other default conditions for the example from the association of state is not come into force;
(4) virtual gateway of the fire compartment wall that the gateway sensing of user PC is different, the network interface virtual ip address of the example in the association that the default conditions that promptly come into force are main state;
(5) when certain fire compartment wall lost efficacy, promptly the network interface virtual ip address of this fire compartment wall lost efficacy, when being provided with many fire compartment walls, with default conditions on related corresponding other fire compartment walls that default conditions on this fire compartment wall are main state for to conduct an election mutually from the related of state, elect an association that priority is the highest and take over the association that default conditions are main state on the inefficacy fire compartment wall, and its state-transition is main state, and its network interface virtual ip address is come into force, will turn to the fire compartment wall at the related place of coming out in the past by new election by the data flow of inefficacy fire compartment wall;
In the present embodiment, shown in accompanying drawing 2, because have only two fire compartment wall A and B, so, when the relevant failure of the 10.0.1.253 of the 10.0.2.253 of the Fe2 on the fire compartment wall A and Fe3, on the fire compartment wall B just change major state into, and its network interface virtual ip address is come into force with the related of 10.0.1.253 of 10.0.2.253 its corresponding Fe3 and Fe3, bear the work of fire compartment wall A by it, its validity also shows in the drawings.Fire compartment wall B can be on 3 seconds inner connecting tube fire compartment wall A virtual gateway, bear the flow of whole link.
(6) when the fire compartment wall described in the above-mentioned steps (5) is resumed work, the association that its default conditions are main state comes into force, on other fire compartment walls, elect take over its work the state-transition of association for from state, data flow is again to redirect to again on the fire compartment wall of resuming work.In the present embodiment, after fire compartment wall A recovers, two fire compartment walls again can operate as normal in the routing overhead equilibrium state.
In the present embodiment, adopt technique scheme to be to the process that fire compartment wall A is configured:
1. the fe2 of configuring firewalls A and fe3 mouth are operated in route pattern, add a packet filtering safety regulation that allows the 224.0.0.0/255.0.0.0 multicast address to pass through;
2. the IP address of configuring firewalls fe1, fe2 and fe3;
3. add four virtual gateways of fe2 and fe3 mouth;
Wherein: the virtual route ID of four examples can not be identical, the port that virtual route ID is identical is mutually redundant port, in the example of configuring firewalls B, the virtual route ID of the virtual gateway that the virtual route ID of virtual gateway will be identical with fire compartment wall A among the fire compartment wall B is identical below.
4. add two associations, when an example breaks down, think that all examples in this association all break down like this;
5. start this two associations;
6. synchronous at fe1 mouth starting state:
Adopt technique scheme to be to the process that fire compartment wall B is configured:
1. the fe2 of configuring firewalls A and fe3 mouth are operated in route pattern, add a packet filtering safety regulation that allows the 224.0.0.0/255.0.0.0 multicast address to pass through;
2. the IP address of configuring firewalls fe1, fe2 and fe3;
3. add four virtual gateways of fe2 and fe3 mouth;
Wherein: the virtual route ID in four examples will be respectively to go up fe2 identical with the virtual route ID of fe3 port corresponding virtual gateway with fire compartment wall A;
4. add two associations, when an example breaks down, think that all examples in this association all break down like this;
5. start this two associations;
6. synchronous at fe1 mouth starting state.
Adopt the fire compartment wall A of technical solution of the present invention and fire compartment wall B in the course of the work, wherein:
1. the master firewall start-up course is:
● the vrrp example that is labeled as vrrp state state on the master firewall and is MASTER starts and is main state
● the netlink kernel interface by linux is provided with the virtual ip address that defines among the virtual_ipaddress to network interface (interface that is provided with among the interface)
● on corresponding interface, start the virtual route of virtual IP address by the netlink kernel interface of linux
● send the IGMP multicast message by this network interface to the 224.0.0.18 multicast address, add in the multicast group
● destination address was 224.0.0.18, comprised ID, priority, password and the virtual ip address of this vrrp example in the vrrp multicast message to slave firewall transmission VRRP multicast message in 1 second at interval by this network interface
● send gateway by this network interface to client rs PC and upgrade ARP broadcasting, the MAC Address of the virtual ip address MAC Address of network interface for this reason in the ARP message
2. the slave firewall start-up course is:
● the vrrp example that is labeled as vrrp state state on the slave firewall and is BACKUP starts and is main state
● the netlink kernel interface by linux is provided with the virtual ip address that defines among the virtual_ipaddress to network interface (interface that is provided with among the interface)
● on corresponding interface, start the virtual route of virtual IP address by the netlink kernel interface of linux
● send the IGMP multicast message by this network interface to the 224.0.0.18 multicast address, add in the multicast group
If ● at this moment receive the VRRP multicast message of master firewall, check successively password in the vrrp message, ID, virtual IP address whether with oneself conform to, conforming to then receives, otherwise abandons
● if the height of the priority ratio oneself in the vrrp message of master firewall then will be downgraded to oneself from state
● the netlink kernel interface by linux removes virtual IP address and the virtual route that the preceding step is provided with
● reduce to from state with the related vrrp example of the same vrrp of this vrrp example synchronously, remove corresponding virtual IP address and virtual route equally
● slave firewall no longer sends the vrrp multicast message, receives only the vrrp message of master firewall
3. when master firewall breaks down, will carry out the principal and subordinate and switch, principal and subordinate's fire compartment wall is done following processing respectively:
3.1 the master firewall example state changes:
● if network interface breaks down (netting twine breaks or network interface card breaks down), and then the SLBP state detection module knows that by netlink network interface down falls, and the vrrp example transitions that is bundled in this network interface is an error status.Be error status with the related vrrp example of the same vrrp of this vrrp example synchronously simultaneously, remove corresponding virtual IP address and virtual route, and send the vrrp message notifying slave firewall that the vrrp example lost efficacy
● if the whole fire compartment wall down machine (as outage or system in case of system halt) that breaks down, all network interfaces no longer send the vrrp multicast message to slave firewall
3.2 slave firewall vrrp example state changes:
● the vrrp example on the slave firewall is in from state, and when receiving the vrrp message that vrrp example that master firewall is sent lost efficacy or do not receive the correct vrrp multicast message of master firewall 3 seconds, the vrrp example will be from being upgraded to major state from state
● after all vrrp examples all were upgraded to major state, the vrrp association was upgraded to major state, started corresponding virtual IP address and virtual route, and sent the vrrp multicast message
● before slave firewall really becomes master firewall, all slave firewalls will conduct an election, election determines (if priority is identical by priority in other slave firewall vrrp message of relatively receiving and the priority of oneself, what then MAC Address was little is high priority): if the priority ratio of receiving oneself is high, then the vrrp example transitions is from state, corresponding vrrp association changes into from state, and fire compartment wall transforms back into slave firewall; If the priority of receiving is all than own low, then explanation is own is now elected as new master firewall, and state is constant
● the every interval of new master firewall 1 second sends the vrrp multicast message to slave firewall
● new master firewall sends gateway to client rs PC and upgrades ARP broadcasting, the MAC Address of the virtual ip address MAC Address of fire compartment wall corresponding network interface for this reason in the ARP message
4. when the master firewall trouble shooting, master firewall recovers, and the master firewall that master firewall and top election are come out is done following processing respectively:
4.1 the master firewall example state changes:
● the vrrp example that is labeled as vrrp state state on the master firewall and is MASTER starts and is main state
● the netlink kernel interface by linux is provided with the virtual ip address that defines among the virtual_ipaddress to network interface (interface that is provided with among the interface)
● on corresponding interface, start the virtual route of virtual IP address by the netlink kernel interface of linux
● send the IGMP multicast message by this network interface to the 224.0.0.18 multicast address, add in the multicast group
● destination address was 224.0.0.18, comprised ID, priority, password and the virtual ip address of this vrrp example in the vrrp multicast message to slave firewall transmission VRRP multicast message in 1 second at interval by this network interface
● send gateway by this network interface to client rs PC and upgrade ARP broadcasting, the MAC Address of the virtual ip address MAC Address of network interface for this reason in the ARP message
4.2 the master firewall vrrp example state that election is come out changes:
● receive the vrrp multicast message of master firewall, it is high that the priority ratio of vrrp example oneself is wanted, and corresponding vrrp example is reduced to from state, and the vrrp association is reduced to from state, removes corresponding virtual IP address and virtual route, reduces to slave firewall
● no longer send the vrrp multicast message, receive only the vrrp message of master firewall
Shown in accompanying drawing 9, be applicable to the device of the load-balancing method of above-mentioned multiple fire-proof wall, it is characterized in that: this device comprises:
Command Line Parsing module 2 is responsible for resolving configuration file;
Network conf iotag. module 5 is responsible for configuring network interface virtual IP address and virtual route;
Annexation is: Command Line Parsing module 2, state detection module 3, network communication module 4 and Network conf iotag. module 5 all are connected with core processing module 1 and construction system.
Technical solution of the present invention compared with prior art has the advantages such as network topology that load balancing, the switching time of supporting many fire walls are short, do not change the user.
Claims (5)
1. the load-balancing method of a multiple fire-proof wall is characterized in that: steps of the method are:
(1) on each fire compartment wall, sets up user-defined configuration information, comprise example and related two parts content in the configuration information, example is the set that is bundled in the virtual ip address on the some network interfaces of fire compartment wall, there are a plurality of examples on the fire compartment wall, association is meant the set of the example that is associated together, there are a plurality of associations on the fire compartment wall, wherein
Example comprises:
-example title;
The IP address that network interface on the-fire compartment wall is virtual;
-virtual route ID and priority;
The port title of-binding;
-select major state, from one of state default conditions as an example;
Association comprises:
-related title;
The title of example in the-association;
(2) on each fire compartment wall, set up a plurality of examples with related, wherein Guan Lian quantity equates with the quantity of the fire compartment wall of foundation, related corresponding one by one on association on each fire compartment wall and other fire compartment wall, there are and have only the default conditions of an association to be main state on each fire compartment wall, all the other related default conditions are from state, and the association that default conditions are main state only appears on the fire compartment wall;
(3) the network interface virtual ip address of the example in the association that default conditions are main state comes into force, and as the gateway of terminal PC, the network interface virtual ip address of all the other default conditions for the example from the association of state is not come into force;
(4) virtual gateway of the fire compartment wall that the gateway sensing of user PC is different, the network interface virtual ip address of the example in the association that the default conditions that promptly come into force are main state;
(5) when certain fire compartment wall lost efficacy, promptly the network interface virtual ip address of this fire compartment wall lost efficacy, with default conditions on related corresponding other fire compartment walls that default conditions on this fire compartment wall are main state for to conduct an election mutually from the related of state, elect an association that priority is the highest and take over the association that default conditions are main state on the inefficacy fire compartment wall, and its state-transition is main state, and its network interface virtual ip address is come into force, will turn to the fire compartment wall at the related place of coming out in the past by new election by the data flow of inefficacy fire compartment wall;
(6) when the fire compartment wall described in the above-mentioned steps (5) is resumed work, the association that its default conditions are main state comes into force, the state-transition of the association of taking over its work of electing on other fire compartment walls is that data flow can redirect on the fire compartment wall of resuming work again again from state.
2. the load-balancing method of multiple fire-proof wall according to claim 1, it is characterized in that: example adopts following format description in the user-defined configuration information of setting up on each fire compartment wall:
vrrp_instance v1{
state MASTER
interface fe2
virtual_router_id 50
priority 100
advert_int 1
authentication{
auth_type PASS
auth_pass 5678
}
virtual_ipaddress{
10.0.2.253/24
}
}
Keyword in the above-mentioned form is described as follows:
Vrrp_instance VRRP example title
State VRRP state, MASTER or BACKUP
The port title that interface detects
Virtual_router_id VRID, the ID of VRRP example number, scope 1-255
The priority of priority VRRP, scope 1-254
Advert_int sends the time interval of VRRP multicast bag
The auth_type authentication mode, PASS or AH
The auth_pass authentication password, 8 characters of length
The virtual_ipaddress virtual ip address, maximum 20
3. the load-balancing method of multiple fire-proof wall according to claim 1 is characterized in that: relatedly in the user-defined configuration information of setting up on each fire compartment wall adopt following format description:
vrrp_sync_group VGA{
group{
v1
v3
}
}
Keyword in the above-mentioned form is described as follows:
Vrrp_sync_group VRRP association is formed an association to several VRRP examples
The title of example in the group VRRP association
4. the load-balancing method of multiple fire-proof wall according to claim 1, it is characterized in that: the quantity of fire compartment wall is 2~30.
5. the device of the load-balancing method of a multiple fire-proof wall that is applicable to one of aforesaid right requirement 1~4, it is characterized in that: this device comprises:
Core processing module (1) is responsible for example state conversion and event handling scheduling;
Command Line Parsing module (2) is responsible for resolving configuration file;
State detection module (3) is responsible for monitoring network interface state;
Network communication module (4) is responsible for the reception and the transmission of data message;
Network conf iotag. module (5) is responsible for configuring network interface virtual IP address and virtual route;
Annexation is: Command Line Parsing module (2), state detection module (3), network communication module (4) and Network conf iotag. module (5) all directly are connected with core processing module (1) and construction system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101031628A CN101052047B (en) | 2007-05-22 | 2007-05-22 | Load equalizing method and device for multiple fire-proof wall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101031628A CN101052047B (en) | 2007-05-22 | 2007-05-22 | Load equalizing method and device for multiple fire-proof wall |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101052047A CN101052047A (en) | 2007-10-10 |
| CN101052047B true CN101052047B (en) | 2010-06-09 |
Family
ID=38783236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101031628A Active CN101052047B (en) | 2007-05-22 | 2007-05-22 | Load equalizing method and device for multiple fire-proof wall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101052047B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546414B (en) * | 2012-01-06 | 2015-04-22 | 北京星网锐捷网络技术有限公司 | Message forwarding method, device and system |
| CN106789634B (en) * | 2016-11-17 | 2020-06-26 | 深信服科技股份有限公司 | Static route management method and system based on link load dual-main environment |
| CN112152700B (en) * | 2020-11-25 | 2021-02-23 | 迪泰(浙江)通信技术有限公司 | Double-antenna system and selection method thereof |
| WO2023065294A1 (en) * | 2021-10-22 | 2023-04-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Moveable ip based network resilience |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5473599A (en) * | 1994-04-22 | 1995-12-05 | Cisco Systems, Incorporated | Standby router protocol |
| CN1531262A (en) * | 2003-03-11 | 2004-09-22 | ��Ϊ��������˾ | Network communication method for carrying out load division |
| CN1533108A (en) * | 2003-03-21 | 2004-09-29 | ��Ϊ��������˾ | Method for realizing dynamic gateway load sharing and backup |
| US7139926B1 (en) * | 2002-08-30 | 2006-11-21 | Lucent Technologies Inc. | Stateful failover protection among routers that provide load sharing using network address translation (LSNAT) |
-
2007
- 2007-05-22 CN CN2007101031628A patent/CN101052047B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5473599A (en) * | 1994-04-22 | 1995-12-05 | Cisco Systems, Incorporated | Standby router protocol |
| US7139926B1 (en) * | 2002-08-30 | 2006-11-21 | Lucent Technologies Inc. | Stateful failover protection among routers that provide load sharing using network address translation (LSNAT) |
| CN1531262A (en) * | 2003-03-11 | 2004-09-22 | ��Ϊ��������˾ | Network communication method for carrying out load division |
| CN1533108A (en) * | 2003-03-21 | 2004-09-29 | ��Ϊ��������˾ | Method for realizing dynamic gateway load sharing and backup |
Non-Patent Citations (4)
| Title |
|---|
| R.Hinden etc..Virtual Router Redundancy Protocol (VRRP).Network Working Group Request for Comments 3768.2004,1-21页. * |
| 左骅.高可用性防火墙组网方案分析.中国数据通信11.2003,1116-20. * |
| 杨卫华等.利用VRRP实现接入层的备份和负载分担.西部广播电视 6.2005,(6),24-26. |
| 杨卫华等.利用VRRP实现接入层的备份和负载分担.西部广播电视 6.2005,(6),24-26. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101052047A (en) | 2007-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1982447B1 (en) | System and method for detecting and recovering from virtual switch link failures | |
| CN102315975B (en) | Fault processing method based on intelligent resilient framework (IRF) system and equipment thereof | |
| EP3373547B1 (en) | Method for realizing disaster tolerance backup | |
| US20060274674A1 (en) | Packet transmitting apparatus for setting configuration | |
| JP4790591B2 (en) | Ring node device | |
| CN102148677B (en) | Method for updating address resolution protocol table entries and core switch | |
| US9019816B2 (en) | Communication system, communication method, and communication apparatus | |
| US9385944B2 (en) | Communication system, path switching method and communication device | |
| JP4922972B2 (en) | Communications system | |
| CN111865779A (en) | Route synchronization method and cross-device link aggregation group | |
| GB2386524A (en) | Stackable Network Units with Resilience Function | |
| CN102984057A (en) | Multi-service integration dual-redundancy network system | |
| CN105656645A (en) | Decision making method and device for fault processing of stacking system | |
| CN109218232B (en) | Method, equipment and system for realizing Mux machine | |
| US20100091784A1 (en) | Filtering of redundant frames in a network node | |
| Du et al. | Software-defined networking for real-time ethernet | |
| US8625407B2 (en) | Highly available virtual packet network device | |
| CN101052047B (en) | Load equalizing method and device for multiple fire-proof wall | |
| JP2007251817A (en) | Ring node device, and ring node redundancy method | |
| US20060182088A1 (en) | Gateway unit | |
| CN108234305B (en) | Control method and equipment for cross-machine frame link redundancy protection | |
| KR101075462B1 (en) | Method to elect master nodes from nodes of a subnet | |
| JP6383232B2 (en) | Relay system and switch device | |
| CN100409619C (en) | Data network equipment and its management controlling method | |
| RU2577194C1 (en) | Communication system, control device, communication device, information relay method and programme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: WANGSHEN INFORMATION TECHNOLOGY (BEIJING) CO., LTD Free format text: FORMER NAME: WANGYUSHENZHOU TECH (BEIJING) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing city Haidian District Zone Development Road No. 7 Pioneer Building Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Address before: 100085 Beijing city Haidian District Zone Development Road No. 7 Pioneer Building Patentee before: LEGENDSEC TECHNOLOGY Co.,Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: LEGENDSEC TECHNOLOGY (BEIJING) CO., LTD. Effective date: 20121224 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20121224 Address after: 100085 Beijing city Haidian District on the pioneering Road No. 7 building two layer 1 pioneer Patentee after: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee after: Legendsec Technology (Beijing) Co.,Ltd. Address before: 100085 Beijing city Haidian District Zone Development Road No. 7 Pioneer Building Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) INC. |
|
| DD01 | Delivery of document by public notice |
Addressee: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) INC. Document name: Notification of Passing Examination on Formalities |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 2nd Floor, Building 1, Yard 26, Xizhimenwai South Road, Xicheng District, Beijing, 100032 Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Legendsec Technology (Beijing) Co.,Ltd. Address before: 100085, 7, Pioneer Road, Haidian District, Beijing, building two, 1 Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Legendsec Technology (Beijing) Co.,Ltd. |