CN100521603C - Method for realizing high-usability of network security equipment under cluster mode - Google Patents
Method for realizing high-usability of network security equipment under cluster mode Download PDFInfo
- Publication number
- CN100521603C CN100521603C CNB2004100709033A CN200410070903A CN100521603C CN 100521603 C CN100521603 C CN 100521603C CN B2004100709033 A CNB2004100709033 A CN B2004100709033A CN 200410070903 A CN200410070903 A CN 200410070903A CN 100521603 C CN100521603 C CN 100521603C
- Authority
- CN
- China
- Prior art keywords
- node
- security device
- network security
- network
- device node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Hardware Redundancy (AREA)
Abstract
This invention discloses a method realizing high availability (HA) of the network safeguard in colony model, characterized in that when the on-line conditions of the network safeguard node changing, the colony system will distribute the network load again; the main network safeguard node monitors the working chain circuit in the colony system, when the working chain circuit out of work, the colony system will distribute the network load again. By said method, it can avoid the business not being processed because the lapse network safeguard and chain circuit accident; besides, it provides network conversation protect, which can avoid the network conversation lost because the safeguard off line or lapse.
Description
Technical field
The present invention relates to realize under network and the field of information security technology, particularly cluster mode the method for Network Security Device high availability (HA).
Background technology
Along with the continuous expansion of computer application field and advancing by leaps and bounds of network communications technology, network and information security technology more and more come into one's own, and be also more and more higher to the requirement of the Network Security Device overall performance that ensures the network information security.Network Security Device commonly used at present has fire compartment wall, VPN (VPN), Network Intrusion Detection System (NIDS) and secure sockets layer (SSL) accelerator etc.
Network Security Device belongs to gateway device, the general network data message of all inflow and outflows Network Security Device of all must flowing through, and Network Security Device day by day becomes the bottleneck of limiting network bandwidth and the single failure point of system.Performance And Reliability to Network Security Device has very high requirement, and the Network Security Device cluster mode is the more satisfactory scheme that meets this requirement.The common cluster mode of Network Security Device has three kinds, and pattern, load-sharing mode and two-shipper are equipped with pattern mutually fully to be respectively principal and subordinate's heat.
Under the hot pattern fully of principal and subordinate, there is one to be the master network safety means in a plurality of Network Security Devices, all the other Network Security Devices are from Network Security Device, be in the hot Network Security Device that is equipped with under the pattern of principal and subordinate and have only master network safety means wherein to be in active state, and the packet of receiving is handled.Principal and subordinate's heat is equipped with pattern two kinds of implementations, a kind of is that the all-network safety means can both be received identical packet, have only the master network safety means that packet is handled, the packet of receiving is not handled, but can utilize packet to upgrade internal state from Network Security Device; Another kind is that only the master network safety means can be received packet and packet is handled, and can not receive packet from Network Security Device.
In load-sharing mode, do not distinguish the master-slave network safety means, all Network Security Devices can both be received identical packet, the cluster control program is determined the load allocating mode according to the state of Network Security Device in the cluster, give each Network Security Device configuration distributing, the Network Security Device that is under the load-sharing mode all is in active state, but only the packet of distributing to its processing is handled.
In two-shipper is equipped with under the pattern mutually, do not distinguish the master-slave network safety means, each Network Security Device can both be received packet, but the packet that each Network Security Device is received and inequality, promptly single packet only sends to a Network Security Device at synchronization.In this pattern, do not carry out the principal and subordinate and judge that each Network Security Device is all handled the packet of receiving.
Being equipped with pattern, load-sharing mode or two-shipper in principal and subordinate's heat is equipped with under the pattern mutually, the inefficacy of Network Security Devices self such as Network Security Device may be undesired owing to network interface card work, internal memory or cpu resource exhaust causes the professional cisco unity malfunction handled by this Network Security Device, thereby can reduce the availability of cluster mode lower network safety means.And, netting twine loose contact, Network Security Device and on every side other reasons such as connection failure of key equipment or server also can cause the professional cisco unity malfunction of handling by this Network Security Device, thereby also can reduce the availability of cluster mode lower network safety means.And if Network Security Device off-line or inefficacy, the BlueDrama that this Network Security Device is being handled can all be lost, the reliability of the equipment that can not guarantee network security.
Summary of the invention
In view of this, main purpose of the present invention is the method that proposes to realize cluster mode lower network safety means high availability, to realize the high availability of cluster mode lower network safety means.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of cluster mode is realized the method for Network Security Device high availability down, be applicable to and comprise the group system that is no less than two Network Security Device nodes, describedly be no less than two Network Security Device nodes and comprise that master network safety means node and at least one from the Network Security Device node, may further comprise the steps:
Network Security Device node in A1, the master network safety means monitoring nodes group system;
B1, master network safety means node judge whether that the presence of Network Security Device node changes, if have, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, each determines the load of self from the Network Security Device node according to described load allocating message, if do not have then process ends.
Described Network Security Device is fire compartment wall, VPN, NIDS or SSL accelerator.
In steps A 1, master network safety means node is further to message lock in time that comprises the system time of this master network safety means node from the Network Security Device node broadcasts, after receiving described lock in time of message, upgrade described system time from the Network Security Device node from the Network Security Device node.
In steps A 1, when the Network Security Device node had new BlueDrama, the synchronization message that this Network Security Device node will comprise this new BlueDrama was synchronized to other Network Security Device node; When the BlueDrama of Network Security Device node disappeared, the synchronization message that this Network Security Device node will comprise the BlueDrama of described disappearance was synchronized to other Network Security Device node.
In steps A 1, if being arranged, the Network Security Device node receives configuration order, this Network Security Device node is carried out this configuration order, and in group system other this configuration order of Network Security Device node broadcasts, other Network Security Device node in the described group system receives also carries out described configuration order.
In steps A 1, when Network Security Device adds described group system, master network safety means node sends synchronous configuration order to the Network Security Device that adds, and the Network Security Device of this adding is got the configuration of master network safety means node, and carries out described synchronous configuration order.
The described presence of Network Security Device node that judges whether of step B1 is changed into: judge whether the Network Security Device node off-line or the Network Security Device node failure is not arranged or do not have new Network Security Device node to add.
Sending load allocating message described in the step B1 is: master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from the load Hash value space of Network Security Device node; Each determines that according to described load allocating message the load of self is from the Network Security Device node described in the step B1: each determines the load of self according to described load Hash value space from the Network Security Device node.
This method further comprises, the chosen in advance resource parameters, and the failure threshold of setting resource parameters, the monitoring nodes of master network safety means described in the steps A 1 Network Security Device node is: each Network Security Device node is periodically gathered its other resources parameter, and when the Network Security Device node resource parameters occurred and is greater than or equal to the threshold value that this resource parameters lost efficacy, this Network Security Device node was to master network safety means node sending node thrashing message and self is set lost efficacy; Described in the step B1 when Network Security Device node presence changes, master network safety means node is to sending load allocating message from the Network Security Device node, determine that according to load allocating message the load of self is from the Network Security Device node: after master network safety means node is being received node failure message, comprise described load allocating message from Network Security Device node load scope to each from the transmission of Network Security Device node, each determines the load of self according to described load allocating message from the Network Security Device node.
The described selected resource parameters that causes that Network Security Device lost efficacy is: select a kind of in cpu busy percentage, memory usage, disk space utilance, current network flow, current network session connection number, response time, the network interface operating state or more than one combination in any.
A kind of cluster mode is realized the method for Network Security Device high availability down, be applicable to and comprise the group system that is no less than two Network Security Device nodes, describedly be no less than two Network Security Device nodes and comprise that master network safety means node and at least one from the Network Security Device node, may further comprise the steps:
The active link of the Network Security Device node in A2, the master network safety means monitoring nodes group system;
B2, master network safety means node judge whether that the active link of Network Security Device node lost efficacy, if have, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, each determines the load of self from the Network Security Device node according to described load allocating message, if do not have then process ends.
Described Network Security Device is fire compartment wall, VPN, NIDS or SSL accelerator.
In steps A 2, master network safety means node is further to message lock in time that comprises the described master network safety means node system time from the Network Security Device node broadcasts, after receiving described lock in time of message, upgrade described system time from the Network Security Device node from the Network Security Device node.
In steps A 2, when the Network Security Device node had new BlueDrama, the synchronization message that this Network Security Device node will comprise described new BlueDrama was synchronized to other Network Security Device node; When the BlueDrama of Network Security Device node disappeared, the synchronization message that this Network Security Device node will comprise the BlueDrama of described disappearance was synchronized to other Network Security Device node.
In steps A 2, if being arranged, the Network Security Device node receives configuration order, this Network Security Device node is carried out this configuration order, and in group system other this configuration order of Network Security Device node broadcasts, other Network Security Device node in the described group system receives also carries out described configuration order.
In steps A 2, when Network Security Device adds described group system, master network safety means node sends synchronous configuration order to the Network Security Device that adds, and the Network Security Device of this adding is got the configuration of master network safety means node, and carries out described synchronous configuration order.
This method further comprises, the IP address of the active link of the described Network Security Device node of chosen in advance, and set the weight and the active link failure threshold of selected IP address, the active link of Network Security Device is in the monitoring nodes of master network safety means described in the steps A 2 group system: the Network Security Device node periodically sends request package to selected IP address, can not receive the answer bag of selected IP address in the given time when the Network Security Device node, then assert this IP address failure, when the weight sum of the IP address of losing efficacy surpassed or equal described active link failure threshold, this Network Security Device node was to master network safety means node sending node thrashing message and self is set lost efficacy; Described in the step B2 when the Network Security Device active link lost efficacy, master network safety means node sends load allocating message to each from the Network Security Device node, and each determines that according to load allocating message the load of self is from the Network Security Device node: after master network safety means node is received node failure message, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, and each determines the load of self according to described load allocating message from the Network Security Device node.
The IP address of described selected network safety means active link is: the combination in any more than or among the IP of the IP of selection router, the IP of demilitarized zone (DMZ) server, three-tier switch.
Describedly periodically send request package and be: periodically send ARP(Address Resolution Protocol) request package or Internet Control Message Protocol (ICMP) request package to selected IP address to selected IP address.
From above technical scheme as can be seen, after using the present invention, in the group system Network Security Device has been carried out monitoring of tools, when Network Security Device lost efficacy, redistributed the load of group system, thereby the business that has guaranteed the Network Security Device of equipment failure also can obtain handling.Active link to Network Security Device in the group system is also monitored, and redistributes the load of group system when the active link of Network Security Device loses efficacy, thereby the business that has guaranteed the Network Security Device that active link lost efficacy also can obtain handling.So behind application the present invention, no matter the inefficacy of Network Security Device self takes place, the active link inefficacy that Network Security Device still takes place can guarantee that the business of this Network Security Device can obtain to handle, so greatly improved the availability of cluster mode lower network safety means, realized the high availability of cluster mode lower network safety means.
Simultaneously; when Network Security Device has BlueDrama disappearance or new BlueDrama to set up; this Network Security Device is synchronized to other Network Security Device with BlueDrama or the new BlueDrama that disappears; thereby provide the BlueDrama protection to Network Security Device; realized the level and smooth adapter of BlueDrama; avoided losing, so greatly improved the reliability of Network Security Device because of the BlueDrama that Network Security Device off-line or inefficacy cause.
Simultaneously, in the process that group system is monitored, the system time of each Network Security Device has been carried out synchronously, thereby the time that guarantees each Network Security Device in the group system is consistent; When new Network Security Device adds group system, initiate Network Security Device is disposed synchronously, make the configuration consistency of this initiate Network Security Device and master network safety means; And if the configuration of certain Network Security Device is changed, the configuration of other Network Security Device also can be changed accordingly, thereby makes that the configuration of all-network safety means is consistent in the group system.Therefore, whole group system is made up of the Network Security Device of implementing identical general safety strategy and shared identical configuration, so when the master network safety means with when between Network Security Device, switching, need not move virtual ip address and virtual mac address, and only with readjusting load, thereby accelerated switch speed significantly.
Description of drawings
Fig. 1 realizes the schematic flow sheet of Network Security Device high availability down for cluster mode of the present invention.
Fig. 2 causes the schematic flow sheet that the Network Security Device node failure is operated for one embodiment of the invention by equipment failure.
Fig. 3 causes the schematic flow sheet that the Network Security Device node failure is operated for one embodiment of the invention by link failure.
Fig. 4 is the schematic flow sheet that the Network Security Device node of one embodiment of the invention adds the Network Security Device cluster.
Fig. 5 is the schematic flow sheet of the Network Security Device node deviated from network safety means cluster of one embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention express clearlyer, the present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Generally speaking, Network Security Device group system (hereinafter to be referred as group system) is made up of the Network Security Device node (hereinafter to be referred as node) that is no less than, comprising a master network safety means node (hereinafter to be referred as host node) and be no less than one from Network Security Device node (hereinafter to be referred as from node).In group system, all be provided with node state table in each node, comprise unique identification, the priority level of all nodes and the sync status of all nodes of all nodes in group system in this node state table.In group system, each node all has priority, and what at first start is host node, has the highest priority, and the priority of other node determines that according to the sequencing of this node startup the node priority that starts more early is high more.Fig. 1 is a schematic flow sheet of realizing the Network Security Device high availability under the cluster mode of the present invention.As shown in Figure 1, may further comprise the steps:
Step 101: each node is monitored, and carried out between each node synchronously.
Monitoring to each node can comprise heartbeat monitor, monitoring of tools or path monitoring.
Utilize heartbeat monitor to monitor the operating state and the dynamic whole group system of control and management of each node in real time.In group system, host node is responsible for the whole group system of dynamic keyholed back plate.Host node is propagated to each heartbeat alive property information cycle ground of oneself by broadcast or multicast message from node, pass through unicast messages or broadcast or multicast message from node the heartbeat alive property information cycle ground of oneself is propagated to host node.It no matter is host node or from node, the data frame content of heartbeat alive information all comprises the unique identification of this node in same group system and the priority of this node.
If host node is not received a certain heartbeat alive information from node at the appointed time, then think this from node off-line, this moment, host node delete this from node in the node state table of self, readjust the load of each node in the group system simultaneously.After redistributing load, host node is to sending synchronization node state table message, the node state table of self is given synchronously other node in the group system from node.
If host node off-line, what have next priority will can not receive the heartbeat alive message of host node at the appointed time from node, then this node with next priority will be automatically upgraded to host node with the whole group system of keyholed back plate, and the original host node of deletion in the node state table of oneself, readjust the offered load of each node in the group system simultaneously, send synchronization node state table message to other node then, the node state table of self is given synchronously other node in the group system.Therefore, at the host node off-line or after losing efficacy, can determine host node by the highest node by the node state table medium priority of initiatively selecting equipment of itself from node, and need not passively redefine host node, so can accelerate the switch speed of whole group system.
Simultaneously, if occur in certain node a certain resource is used too high situation, this Network Security Device node will break down and cisco unity malfunction, so need carry out monitoring of tools to each node.
Cause that the resource that node breaks down comprises cpu busy percentage, memory usage, disk space utilance, current network flow, current network session connection number, response time and network interface operating state etc.The combination that can select to cause in these resources that node breaks down one or several is as resource parameters, and sets the failure threshold of every resource parameters.Each Network Security Device is monitored the state of each Network Security Device by the behaviour in service of periodically gathering these resource parameters.When the selected resource parameters of node surpasses the pre-set threshold of this resource parameters, this node other node sending node thrashing message in the Network Security Device group system comprises unique identification and the node failure indication of this node in same Network Security Device group system in this node failure message.When all resource parameters of the node that lost efficacy return to again when being lower than failure threshold, this node other node sending node in the Network Security Device group system activates message, and this node activates and comprises unique identification and the node activation indication of this node in same Network Security Device group system in the message.Node failure message and node activate the foundation that message is node priority and offered load in the regulating networks safety means group system.
Monitoring of tools to Network Security Device in the above process is illustrated.Preferably, in the monitor network safety means, the active link of monitor network safety means.
In the time of can not detecting the important IP address of peripheries such as the IP address of router, the IP address of DMZ district server or the IP address of three-tier switch when Network Security Device, though will cause this Network Security Device to work, the active link of this Network Security Device in fact but can not normally use.Network Security Device is monitored the connection status of each Network Security Device active link by execution route.
The IP address of chosen in advance Network Security Device active link, and set the weight and the active link failure threshold of selected IP address.Each node is surveyed the connection state of the IP address of its peripheral equipment by periodically sending ARP request package or ICMP request package, if do not receive the response bag of some IP address at the appointed time, then this node is thought and is surveyed this IP address failure, and thinks this IP address failure.When the weight sum of all inefficacy IP addresses of certain node surpasses or equals pre-set threshold, the link failure of this node is described, then this node other node sending node thrashing message in the Network Security Device group system comprises unique identification and the node failure indication of this node in same Network Security Device group system in this node failure message.When the node that lost efficacy is received the response bag of the IP address that certain once lost efficacy again, think that then do not lose efficacy in this IP address and recovery is normal.When the weight sum of the inefficacy IP address of the node of link failure is lower than pre-set threshold again, illustrate that the link of this node recovers normal again.At this moment, this node other node sending node in the Network Security Device group system activates message, and this node activates and comprises unique identification and the node activation indication of this node in same Network Security Device group system in the message.
In group system, each node is monitored, and carried out between each node synchronously.Comprise that synchronously increment configuration synchronization, time configuration synchronization and real-time session are synchronous between each node.
The increment configuration synchronization is for when group system runs well, if the configuration of certain node is changed, then this node is to the configuration order message of other node active broadcast change of whole group system.After other node is received this message, parse and propagate the configuration order come and carry out this configuration order, thereby make that the configuration of all nodes remains unanimity in the whole group system.
The time configuration synchronization is that host node cycle ground comprises message lock in time of host node system time to each from node broadcasts.In lock in time of receiving that host node sends over after the message, upgrade the system time of self, thereby the time clock that guarantees each node in the group system is consistent from node.
When the active link that node device inefficacy or node are arranged in the group system lost efficacy, all to lose in order to prevent the BlueDrama that this node is being handled, it is synchronous to need session between each node.In a single day any node has new BlueDrama to set up in group system, the broadcasting packet of the network message that this node will comprise new BlueDrama state by link layer is synchronized to other node in the group system, and in case there is BlueDrama to disappear, node can be synchronized to the broadcasting packet of network message by link layer that comprises the BlueDrama state of disappearance other node in the group system, thereby realizes that session is synchronous.No matter be to set up new BlueDrama or BlueDrama disappears, all comprise the information such as unique identification, Network Synchronization session identification of state, the group system of this BlueDrama and Hash value thereof, this BlueDrama in the network message.
Step 102: judge that the presence whether node is arranged in the group system changes, if having then execution in step 103, otherwise execution in step 101 once more.
In heartbeat monitor,, then judge this node off-line if can not receive the heartbeat alive information of this node in the given time to node; In monitoring of tools,, judge that then this node device lost efficacy if the use weight of the resource parameters that this node is selected surpasses the threshold value of this resource parameters to node; In path monitoring, if the weight sum of the inefficacy IP address of certain node surpasses or when equaling the active link failure threshold, judge that then this node link lost efficacy to node.Simultaneously, in the work of group system, also have new node adding or the node that lost efficacy and recover normal again.The node that the no matter link failure of node off-line, node device, node device lost efficacy, new node adds or lost efficacy recovers again normally to think that all the presence of this node changes.
Step 103: the node that presence changes is handled, redistributed the load of each node, process ends.
When the host node off-line, what have next priority upgrades to host node with the whole group system of keyholed back plate from node, and this node that has upgraded to host node is deleted original host node in the node state table of self, readjust the offered load of each node in the group system simultaneously.When from node off-line, host node is deleted in the node state table of self and is somebody's turn to do from node, and readjusts the offered load of each node in the group system.
When the behaviour in service of the selected resource of certain node surpassed predefined threshold value, this node setting was given all other nodes in the group system with the node failure information broadcast simultaneously from as inefficacy.Under the keyholed back plate of host node, group system is redistributed offered load and synchronization node state table.When the node of this equipment failure is found its other resources again less than threshold value, this node will activate message to the host node sending node of group system, host node receives after this message again to this node distribution network load and synchronization node state table, and makes this node return to effective status.
When the inefficacy weight sum of the selected IP address of certain node equaled or exceeded pre-active link failure threshold, then this node link lost efficacy.So this node setting is given all other nodes in the group system with the node failure information broadcast simultaneously from as inefficacy, group system is redistributed offered load and synchronization node state table under the keyholed back plate of host node.And, when the node of this link failure finds that the inefficacy weight sum of IP address is lower than the active link failure threshold again, this node will activate message to the host node sending node of group system, host node receives after this message again to this node distribution network load and synchronization node state table, and makes this node return to effective status.
Again recover just often as new node adding, node device inefficacy, node link inefficacy, node off-line or from node failure, need redistribute the offered load of whole group system.When group system is operated in principal and subordinate heat and is equipped with pattern, distribute the offered load of whole group system by host node.Be equipped with pattern following time mutually when group system is operated in load-sharing mode or two-shipper, think that the node of first startup is a host node, and also by this host node distribution network load.Wherein: when the link failure of node off-line, node device inefficacy or node device is arranged in the group system, the original load of handling of each normal node is still by this node processing, and the handled load of the node of the node of former cause equipment failure or link failure will be by other node processing in the group system; Recover again just often as new node adding or the original node that lost efficacy, part will or be recovered normal node processing by this new node by the load of each node processing in the original group system.
According to the principle that above offered load distributes, can come the distribution network load by various specific algorithms such as IP message HASH algorithms.For example: host node distributes the HASH load numerical space of certain limit according to the information such as situation and node present load of utilizing of the priority level of the number of node in the group system, node, node resource for each node, and to each from node send comprise this from the synchronized loading assignment messages of the HASH load numerical space of node with the distribution network load.Receive the synchronized loading assignment messages of host node transmission from node after, distribute the load HASH numerical space of self, thereby determine offered load from node according to this synchronized loading assignment messages.Finish load synchronously according to load HASH numerical space after, send load from node to host node and reply message synchronously.
The process of distribution network load is described with a concrete example below.
Supposing had three nodes originally in the group system, be respectively node A, Node B, node C, and the priority of node A is the highest, was the host node of cluster, and the priority ratio node A of Node B is low but than node C height, the priority of node C is minimum.The offered load of whole cluster can be divided into 16 parts, and the HASH load space of three nodes is (5,5 in the cluster, 6), concrete HASH numerical space is HASH[16]={ A, A, A, A, C, B, B, B, A, B, C, C, B, C, C, C} are 5/16 load that node A will handle whole group system, and Node B is handled 5/16 load of whole group system, node C handles 6/16 load of whole group system, if the hash value of certain IP message is 15, and HASH[15]=C, promptly drop on the load space of node C, then this IP message is handled by node C, and other nodes receive that this message can discard.When node C off-line, then the HASH load space of node A and Node B is adjusted to (8,8), HASH[16 then]={ A, A, A, A, A, B, B, B, A, B, A, A, B, B, B, B} are the common load of handling whole group system of node A and Node B, and the original load of handling of node A is still handled by node A, the original load of handling of Node B is still handled by Node B, and the original load meeting of handling of node C is taken over by node A and B, and promptly the hash value is that 15 IP message will be handled by Node B, because HASH[15]=B; If 3 nodes were arranged originally, add or have the node of inefficacy to recover again just often as new node, suppose that this node is node D, then the HASH load space of 4 nodes is (4,4,4,4), HASH[16 then]={ A, A, A, A, C, B, B, B, D, B, C, C, C, D, D, D,, be that the fractional load that original A, B, C handle will be handled by this node D, promptly hash value is that 15 IP message will be by initiate node D processing, because HASH[15]=D, drop in the load space of newly added node D.
Host node is by coming to from node synchronization node state table to send synchronization node state table message from node.Receiving synchronization node state table message and finishing node state table and respond synchronization node state table answer message to host node in the back synchronously from node.
Above procedure declaration cluster mode of the present invention realize down the step of Network Security Device high availability describing the step that causes the node failure operation by equipment failure below in detail.
In resource parameters such as cpu busy percentage, memory usage, disk space utilance, current network flow, current network session connection number, response time and network interface operating state, select some resource parameters in advance, be respectively these resource parameters then and set failure threshold.Based on flow process shown in Figure 1, Fig. 2 causes the schematic flow sheet that node failure is operated for one embodiment of the invention by equipment failure.As shown in Figure 2, may further comprise the steps:
Step 201: node is the utilization of resources situation of detecting self periodically.
In the utilization of resources situation of node detecting self, the network interface that node is surveyed can comprise actual physical interface or logic redundancy interface.The logic redundancy interface comprises a pair of physical interface, is respectively main interface and from interface.If the main interface of logic redundancy interface lost efficacy, then take over main interface work, and the logic redundancy interface lost efficacy not, had only when the principal and subordinate interface of logic redundancy interface all lost efficacy from interface, this logic redundancy interface just lost efficacy.
Step 202: judge whether that resource parameters surpasses the failure threshold of this resource parameters, if then execution in step 203 and subsequent step thereof, otherwise re-execute step 201.
Step 203: node self is set to lose efficacy, and simultaneously the node failure information broadcast is given all nodes in the group system.
Step 204: judge whether group system is in stable state, if, then execution in step 205 and subsequent step thereof, otherwise process ends.The group system that is in stable state is meant that the load allocating of all nodes in this group system and node state table all finish synchronously.Have only when group system is in stable state, group system just can begin the off-line or the adding of processing node.
Step 205: host node is provided with group system and enters unsteady state.Host node finish group system be set enter unsteady state after, this moment, group system was not just handled the off-line or the adding of any other node.
Step 206: host node is provided with the node failure that resource parameters surpasses the failure threshold of this resource parameters in node state table.
Step 207: host node is redistributed load, new node state table and reset group system and enter stable state synchronously, and process ends.
Describe the detailed process that causes the node failure operation by link failure below in detail.
Each node in the group system is surveyed the IP address connection state of its peripheral equipment by periodically sending ARP request or ICMP request package, if do not receive the response bag of some IP address at the appointed time, then thinks and surveys this IP address failure.In actual applications, add weight and the link failure threshold value be set for the IP address that will survey, to represent the significance level of this IP address.When the weight sum of the IP address of surveying failure surpassed predefined link failure threshold value, then group system thought that link failure appears in this node, and this node initiatively lost efficacy self, gave all nodes in the group system with the node failure information broadcast simultaneously.Then, group system is redistributed offered load and synchronization node state table under the keyholed back plate of host node.
Based on flow process shown in Figure 1, Fig. 3 causes the schematic flow sheet that node failure is operated for one embodiment of the invention by link failure.As shown in Figure 3, may further comprise the steps:
Step 301: node is the effective situation of link of detecting self periodically;
Step 302: whether the weight sum of judging the IP address of losing efficacy surpasses the link failure threshold value, if surpass then execution in step 303 and subsequent step thereof, otherwise re-executes step 301;
Step 303: node self is set to lose efficacy, and simultaneously the node failure information broadcast is given all nodes in the group system.
Step 304: judge whether group system is in stable state, if then execution in step 305 and subsequent step thereof, otherwise process ends.The group system that is in stable state is meant that the load allocating of all nodes in this group system and node state table all finish synchronously.Have only when group system is in stable state, group system just can begin the off-line or the adding of processing node, and when group system entered to unsteady state, group system was not handled the off-line or the adding of any other node.
Step 305: host node is provided with group system and enters unsteady state.After host node was finished and group system is set is entered unsteady state, group system was not handled the off-line or the adding of any other node.
Step 306: host node is provided with the IP address of this inefficacy in the host node state table weight sum surpasses the node failure of link failure threshold value;
Step 307: host node is redistributed load, synchronous new node state table, and host node is provided with group system and enters stable state, and process ends.
In the above process, describe the step of carrying out between the node synchronously and each node being monitored in detail.When Network Security Device group system during in operate as normal, if having new node to add or node off-line is arranged, the load of group system, configuration and node state table need synchronously.
When a new node adds group system, host node at first sends synchronous configuration requirement message to initiate node, newly added node receives that all configurations and the security strategy of initiatively getting host node after this message wait until this locality, and makes it to come into force, thus the configuration consistency of complete and host node.
Fig. 4 is the schematic flow sheet that the Network Security Device node of one embodiment of the invention adds group system.As shown in Figure 4, may further comprise the steps:
Step 401: host node receives in the whole group system respectively from the heartbeat alive message of node, periodically checks node state table.
Step 402: host node is being received after the heartbeat alive message of node, whether comprise in the host node decision node state table that all send the node of heartbeat alive information, if do not comprise then execution in step 403 and subsequent step thereof, comprise then re-executing step 401.After host node is received the heartbeat alive information of initiate node, at first in the decision node state table whether this node is arranged.
Step 403: should add group system from node.
Step 404: judge whether group system is in stable state, if then execution in step 405 and subsequent step thereof, otherwise process ends.The group system that is in stable state is meant that the load allocating of all nodes in this group system and node state table all finish synchronously.Have only when group system is in stable state, group system just can begin the off-line or the adding of processing node.After group system entered to unsteady state, group system was not just handled the off-line or the adding of any other node.
Step 405: host node is provided with group system and enters unsteady state.After group system entered unsteady state, group system was not handled the off-line or the adding of any other node.
Step 406: host node increases this node in node state table.
Step 407: host node to initiate node be configured synchronously, load is synchronous, and it is synchronous that all nodes are carried out node state table, group system enters stable state, and process ends.
Fig. 5 leaves the schematic flow sheet of group system for the Network Security Device node of one embodiment of the invention.As shown in Figure 5, may further comprise the steps:
Step 501: host node receives in the whole group system respectively from the heartbeat alive information of node, periodically checks node state table.
Step 502: host node is judged the heartbeat alive information of whether receiving all nodes within the predetermined time, if re-execute step 501, otherwise execution in step 503 and subsequent step thereof.
Step 503: the node off-line of not sending heartbeat alive message.
Step 504: judge whether group system is in stable state, if then execution in step 505 and subsequent step thereof, otherwise process ends.The group system that is in stable state is meant that the load allocating of all nodes in this group system and node state table all finish synchronously.Have only when group system is in stable state, group system just can begin the off-line or the adding of processing node.
Step 505: host node is provided with group system and enters unsteady state.After group system entered unsteady state, group system was not handled the off-line or the adding of any other node.
Step 506: host node is deleted the node of off-line in node state table;
Step 507: host node is redistributed load and synchronous new node state table, and host node is provided with group system and enters stable state, and process ends.
In the above process, after using the present invention, utilize the active link of monitor network safety means and monitor network safety means, guaranteed no matter to take place the inefficacy of Network Security Device self, the active link inefficacy that Network Security Device still takes place can guarantee that the business of this Network Security Device can obtain to handle, so greatly improved the availability of cluster mode lower network safety means, realized the high availability of cluster mode lower network safety means.
And, can dynamically distribute load according to the number of node in the group system, the priority of each node and the situation of utilizing of each resource, from and guaranteed the active load balancing of group system.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1, a kind of cluster mode is realized the method for Network Security Device high availability down, be applicable to and comprise the group system that is no less than two Network Security Device nodes, describedly be no less than two Network Security Device nodes and comprise that master network safety means node and at least one are from the Network Security Device node, it is characterized in that, may further comprise the steps:
Network Security Device node in A1, the master network safety means monitoring nodes group system;
B1, master network safety means node judge whether that the presence of Network Security Device node changes, if have, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, each determines the load of self from the Network Security Device node according to described load allocating message, if do not have then process ends.
2, method according to claim 1 is characterized in that, described Network Security Device is fire compartment wall, VPN VPN, Network Intrusion Detection System NIDS or secure sockets layer SSL accelerator.
3, method according to claim 1, it is characterized in that, in steps A 1, master network safety means node is further to message lock in time that comprises the system time of this master network safety means node from the Network Security Device node broadcasts, after receiving described lock in time of message, upgrade described system time from the Network Security Device node from the Network Security Device node.
4, method according to claim 1, it is characterized in that, in steps A 1, when the Network Security Device node had new BlueDrama, the synchronization message that this Network Security Device node will comprise this new BlueDrama was synchronized to other Network Security Device node; When the BlueDrama of Network Security Device node disappeared, the synchronization message that this Network Security Device node will comprise the BlueDrama of described disappearance was synchronized to other Network Security Device node.
5, method according to claim 1, it is characterized in that, in steps A 1, if being arranged, the Network Security Device node receives configuration order, this Network Security Device node is carried out this configuration order, and in group system other this configuration order of Network Security Device node broadcasts, other Network Security Device node in the described group system receives also carries out described configuration order.
6, method according to claim 1, it is characterized in that, in steps A 1, when Network Security Device adds described group system, master network safety means node sends synchronous configuration order to the Network Security Device that adds, the Network Security Device of this adding is got the configuration of master network safety means node, and carries out described synchronous configuration order.
7, method according to claim 1, it is characterized in that the described presence of Network Security Device node that judges whether of step B1 is changed into: judge whether the Network Security Device node off-line or the Network Security Device node failure is not arranged or do not have new Network Security Device node to add.
8, method according to claim 1, it is characterized in that the load allocating of transmission described in step B1 message is: master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from the load Hash value space of Network Security Device node; Each determines that according to described load allocating message the load of self is from the Network Security Device node described in the step B1: each determines the load of self according to described load Hash value space from the Network Security Device node.
9, method according to claim 1, it is characterized in that, this method further comprises, the chosen in advance resource parameters, and the failure threshold of setting resource parameters, the monitoring nodes of master network safety means described in the steps A 1 Network Security Device node is: each Network Security Device node is periodically gathered its other resources parameter, and when the Network Security Device node resource parameters occurred and is greater than or equal to the threshold value that this resource parameters lost efficacy, this Network Security Device node was to master network safety means node sending node thrashing message and self is set lost efficacy; Described in the step B1 when Network Security Device node presence changes, master network safety means node is to sending load allocating message from the Network Security Device node, determine that according to load allocating message the load of self is from the Network Security Device node: after master network safety means node is being received node failure message, comprise described load allocating message from Network Security Device node load scope to each from the transmission of Network Security Device node, each determines the load of self according to described load allocating message from the Network Security Device node.
10, method according to claim 9, it is characterized in that the described selected resource parameters that causes that Network Security Device lost efficacy is: select a kind of in cpu busy percentage, memory usage, disk space utilance, current network flow, current network session connection number, response time, the network interface operating state or more than one combination in any.
11, a kind of cluster mode is realized the method for Network Security Device high availability down, be applicable to and comprise the group system that is no less than two Network Security Device nodes, describedly be no less than two Network Security Device nodes and comprise that master network safety means node and at least one are from the Network Security Device node, it is characterized in that, may further comprise the steps:
The active link of the Network Security Device node in A2, the master network safety means monitoring nodes group system;
B2, master network safety means node judge whether that the active link of Network Security Device node lost efficacy, if have, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, each determines the load of self from the Network Security Device node according to described load allocating message, if do not have then process ends.
12, method according to claim 11 is characterized in that, described Network Security Device is fire compartment wall, VPN, NIDS or SSL accelerator.
13, method according to claim 11, it is characterized in that, in steps A 2, master network safety means node is further to message lock in time that comprises the described master network safety means node system time from the Network Security Device node broadcasts, after receiving described lock in time of message, upgrade described system time from the Network Security Device node from the Network Security Device node.
14, method according to claim 11, it is characterized in that, in steps A 2, when the Network Security Device node had new BlueDrama, the synchronization message that this Network Security Device node will comprise described new BlueDrama was synchronized to other Network Security Device node; When the BlueDrama of Network Security Device node disappeared, the synchronization message that this Network Security Device node will comprise the BlueDrama of described disappearance was synchronized to other Network Security Device node.
15, method according to claim 11, it is characterized in that, in steps A 2, if being arranged, the Network Security Device node receives configuration order, this Network Security Device node is carried out this configuration order, and in group system other this configuration order of Network Security Device node broadcasts, other Network Security Device node in the described group system receives also carries out described configuration order.
16, method according to claim 11, it is characterized in that, in steps A 2, when Network Security Device adds described group system, master network safety means node sends synchronous configuration order to the Network Security Device that adds, the Network Security Device of this adding is got the configuration of master network safety means node, and carries out described synchronous configuration order.
17, method according to claim 11, it is characterized in that, this method further comprises, the IP address of the active link of the described Network Security Device node of chosen in advance, and set the weight and the active link failure threshold of selected IP address, the active link of Network Security Device is in the monitoring nodes of master network safety means described in the steps A 2 group system: the Network Security Device node periodically sends request package to selected IP address, can not receive the answer bag of selected IP address in the given time when the Network Security Device node, then assert this IP address failure, when the weight sum of the IP address of losing efficacy surpassed or equal described active link failure threshold, this Network Security Device node was to master network safety means node sending node thrashing message and self is set lost efficacy; Described in the step B2 when the Network Security Device active link lost efficacy, master network safety means node sends load allocating message to each from the Network Security Device node, and each determines that according to load allocating message the load of self is from the Network Security Device node: after master network safety means node is received node failure message, master network safety means node sends from the Network Security Device node to each and comprises this load allocating message from Network Security Device node load scope, and each determines the load of self according to described load allocating message from the Network Security Device node.
18, method according to claim 17, it is characterized in that the IP address of described selected network safety means active link is: the combination in any more than or among the IP of the IP of selection router, the IP of demilitarized zone DMZ server, three-tier switch.
19, method according to claim 17, it is characterized in that, describedly periodically send request package and be: periodically send ARP request package or Internet Control Message Protocol ICMP request package to selected IP address to selected IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100709033A CN100521603C (en) | 2004-07-13 | 2004-07-13 | Method for realizing high-usability of network security equipment under cluster mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100709033A CN100521603C (en) | 2004-07-13 | 2004-07-13 | Method for realizing high-usability of network security equipment under cluster mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1722664A CN1722664A (en) | 2006-01-18 |
| CN100521603C true CN100521603C (en) | 2009-07-29 |
Family
ID=35912643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100709033A Expired - Fee Related CN100521603C (en) | 2004-07-13 | 2004-07-13 | Method for realizing high-usability of network security equipment under cluster mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100521603C (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2066101B1 (en) * | 2007-11-28 | 2012-10-17 | Alcatel Lucent | System and method for an improved high availability component implementation |
| CN101488966A (en) * | 2009-01-14 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Video service system |
| CN101909067A (en) * | 2010-08-26 | 2010-12-08 | 北京天融信科技有限公司 | Antivirus method and system for secure gateway cluster |
| CN102685792B (en) * | 2011-03-10 | 2015-09-23 | 电信科学技术研究院 | Method, system and equipment that a kind of wireless link is monitored |
| CN102281190B (en) * | 2011-07-01 | 2014-06-11 | 杭州斯凯网络科技有限公司 | Networking method for load balancing apparatus, server and client access method |
| CN102447603B (en) * | 2012-02-08 | 2016-01-13 | 浙江中控技术股份有限公司 | Based on the bus redundancy method and system of Link State line real time diagnosis |
| CN104301167B (en) * | 2013-07-19 | 2018-09-04 | 方正宽带网络服务股份有限公司 | A kind of monitoring device and method |
| CN103442049B (en) | 2013-08-22 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | The mixed clouds operating system architecture of a kind of component-oriented and communication means thereof |
| CN104243591B (en) * | 2014-09-24 | 2018-02-09 | 新华三技术有限公司 | The method and device of synchronous safety cluster session information |
| CN105591780B (en) * | 2014-10-24 | 2019-01-29 | 新华三技术有限公司 | Cluster monitoring method and equipment |
| CN104980307A (en) * | 2015-06-29 | 2015-10-14 | 小米科技有限责任公司 | Processing method of data access requests, processing device of data access requests and database server |
| US10440620B2 (en) * | 2016-07-22 | 2019-10-08 | Rockwell Automation Technologies, Inc. | Systems and methods for bidirectional network geography delivery |
| CN107071189B (en) * | 2016-11-28 | 2021-11-09 | 深圳市潮流网络技术有限公司 | Connection method of communication equipment physical interface |
| CN109246097A (en) * | 2018-08-30 | 2019-01-18 | 郑州信大壹密科技有限公司 | Multi-stage platform monitoring system based on domestic safety control platform |
| CN111581033B (en) * | 2019-02-19 | 2023-10-27 | 青岛海信网络科技股份有限公司 | Load balancing method, system and device |
| US11777791B2 (en) * | 2020-10-30 | 2023-10-03 | Hewlett Packard Enterprise Development Lp | Failure detection and seamless traffic switchover using a VPN system |
| CN112637791B (en) * | 2020-12-17 | 2022-04-29 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Communication group leader election method |
-
2004
- 2004-07-13 CN CNB2004100709033A patent/CN100521603C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1722664A (en) | 2006-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100521603C (en) | Method for realizing high-usability of network security equipment under cluster mode | |
| TWI724106B (en) | Business flow control method, device and system between data centers | |
| EP2993838B1 (en) | Methods for setting a member identity of gateway device and corresponding management gateway devices | |
| US20180278541A1 (en) | Software-Defined Data Center and Service Cluster Scheduling and Traffic Monitoring Method Therefor | |
| CN111565229B (en) | Communication system distributed method based on Redis | |
| CN105471995B (en) | Extensive Web service group of planes high availability implementation method based on SOA | |
| US6330605B1 (en) | Proxy cache cluster | |
| KR100812374B1 (en) | System and method for managing protocol network failures in a cluster system | |
| US6859830B1 (en) | Method and system for detecting a dead server | |
| CN100574249C (en) | virtual router redundancy protocol message transmission method and device | |
| CN101588304B (en) | Implementation method of VRRP and device | |
| CN105897827A (en) | Server node, local area network server cluster and realizing method thereof | |
| US8880703B2 (en) | Address distribution method, device and system thereof | |
| CN105515812A (en) | Fault processing method of resources and device | |
| CN102035676A (en) | ARP (Address Resolution Protocol) interaction based method and equipment for detecting and recovering link fault | |
| CN103858382A (en) | Application state sharing in a firewall cluster | |
| CN101562576B (en) | Route distribution method and equipment thereof | |
| CN103607293A (en) | Flow protection method and equipment thereof | |
| Thean et al. | Container-based MQTT broker cluster for edge computing | |
| US7519855B2 (en) | Method and system for distributing data processing units in a communication network | |
| CN101340339A (en) | Wideband access server cluster system and apparatus | |
| CN104160667A (en) | Method, Device, and System for Dual-Uplink Tangent Ring Convergence | |
| CN107294845A (en) | VRRP load-balancing methods and device | |
| CN103220189A (en) | Multi-active detection (MAD) backup method and equipment | |
| CN104125079A (en) | Method and device for determining double-device hot-backup configuration information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING LEADSEC TECHNOLOGY CO.,LTD. Free format text: FORMER NAME: LENOVO NET DEFENSE TECHNOLOGY (BEIJING) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee after: Beijing Leadsec Technology Co.,Ltd. Address before: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee before: Lenovo Wangyu Technology (Beijing) Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090729 Termination date: 20150713 |
|
| EXPY | Termination of patent right or utility model |