CN101345711B - Packet processing method, fire wall equipment and network security system - Google Patents
Packet processing method, fire wall equipment and network security system Download PDFInfo
- Publication number
- CN101345711B CN101345711B CN2008101351762A CN200810135176A CN101345711B CN 101345711 B CN101345711 B CN 101345711B CN 2008101351762 A CN2008101351762 A CN 2008101351762A CN 200810135176 A CN200810135176 A CN 200810135176A CN 101345711 B CN101345711 B CN 101345711B
- Authority
- CN
- China
- Prior art keywords
- message
- list item
- vpn
- compartment wall
- fire compartment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a message processing method, comprising: configurating different virtual special network VPN values for different virtual local area network VLAN when transmitting messages, and encapsulating parameters including VPN into data frame heads corresponding to the messages; resolving the messages, when the resolution is in a transparent mode, setting a global identification for identifying that the messages enter a firewall through a bilaminar transmitting interface; building corresponding status list items for the messages and transmitting the messages after the messages pass through relative process of the firewall, wherein the status list items include parameter information including VPN value. The invention also discloses a firewall device and a network security system, thereby solving the problems that message transmission is disordered when the address is superposed.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of message processing method, firewall box and network safety system.
Background technology
At present, growing along with network, the safety problem of network is more and more outstanding.People mainly concentrate on attentiveness and come from outside attack, therefore exert safety product with huge sum of money on-premise network border, for example fire compartment wall, intruding detection system (IDS, Intrusion Detection Systems) etc.
Hardware firewall is meant accomplishes the chip the inside to firewall program, carries out these functions by hardware, can reduce the burden of CPU, makes route more stable.Hardware firewall is the important barrier together that ensures internal network security.In addition, through creating virtual firewall (Vfw, Virtual firewall) in logic, hardware firewall can provide the fire compartment wall letting.Virtual firewall is the synthesis of VPN (VPN, Virtual Private Network) instance, safe instance and profile instance, can privately owned routing forwarding plane, security service and configuration management plane be provided for the virtual firewall user.
In existing two layers of network environment, (VLAN, Virtual Local Area Network) distinguishes different zones through VLAN, in each VLAN, moving separate business.In the prior art message under transparent mode through fire compartment wall and carry out firewall services when handling; In different VLAN, cannot dispose identical IP address; If there are two different flow points not point to two identical IP addresses, then through fire compartment wall the time, because the value of different VLAN of no use is distinguished stream; Can cause two not homogeneous turbulence set up identical state list item, being embodied in the fire compartment wall is exactly same session (session).At this moment, if arbitrary stream connect to be initiated then possibly caused this stream can not send to correct destination address in these two streams.
In practice process; The inventor is through discovering: owing to can not identify a unique stream in the prior art; Therefore five-tuple (source IP, purpose IP, source port, destination interface, protocol number) phase homogeneous turbulence possibly appear through fire compartment wall the time; It is pairing that the list item that hits is not necessarily to belong to the stream of this firewall services, mistake will occur if still transmit according to this list item, thereby cause service disconnection.
Summary of the invention
The embodiment of the invention provides a kind of fire compartment wall transparent mode message processing method, firewall box and network safety system, and the message that occurs in the time of can solving address overlap is transmitted chaotic problem.
The embodiment of the invention provides following technical scheme:
The embodiment of the invention provides a kind of message processing method, comprising:
When E-Packeting, the VPN VPN value different to different virtual LAN VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message; Wherein, said VLAN interface and said VPN value have one-to-one relationship;
Said message is resolved, when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; , set up corresponding state list item and said message is forwarded through after the relevant treatment of fire compartment wall at said message, comprise the parameter information of VPN value in the said state list item for said message.
The embodiment of the invention also provides a kind of firewall box, comprising:
Professional retransmission unit SFU is used for when E-Packeting, the VPN VPN value different to different virtual LAN VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message; Wherein, said VLAN interface and said VPN value have one-to-one relationship;
Safety service cell S SU is used for the message that said SFU transmits is resolved, and when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; After the relevant treatment of said message through fire compartment wall on the SSU, set up corresponding state list item and said message is forwarded for said message, comprise the parameter information of VPN value in the said state list item.
The embodiment of the invention also provides a kind of network safety system that comprises above-mentioned firewall box.
The embodiment of the invention provides message processing method, firewall box and network safety system under a kind of fire compartment wall transparent mode, and the message that occurs in the time of can solving address overlap is transmitted chaotic problem.The embodiment of the invention can dispose in different VLAN under the situation of identical IP address, through increasing sign with difference IP address phase homogeneous turbulence, and sets up the different state list item respectively, thus can be correct E-Packet.When the subsequent packet of same stream arrived, the state list item that hits correspondence that also can be correct obtained relevant parameter and transmits processing, and like this, the legitimacy of subsequent packet can fast detecting be come out, and transmits processing then fast.
Description of drawings
Fig. 1 is a virtual firewall system assumption diagram in the prior art;
Fig. 2 is a message processing method flow chart under the embodiment of the invention fire compartment wall transparent mode;
Fig. 3 is that message is transmitted sketch map under the embodiment of the invention distributed fire wall transparent mode;
Fig. 4 is an embodiment of the invention firewall box structural representation;
Fig. 5 is an embodiment of the invention Security Architecture sketch map;
Fig. 6 is the application scenarios sketch map of the many instances of embodiment of the invention distributed fire wall transparent mode.
Embodiment
The embodiment of the invention provides message processing method, firewall box and network safety system under a kind of fire compartment wall transparent mode, and the message that occurs in the time of can solving address overlap is transmitted chaotic problem.The said fire compartment wall of the embodiment of the invention both can be centralized fire compartment wall, also can be distributed fire wall.For making the object of the invention, technical scheme and advantage clearer, the embodiment that develops simultaneously with reference to the accompanying drawings is to further explain of the present invention.
As shown in Figure 2, message processing method flow chart under the fire compartment wall transparent mode that provides for the embodiment of the invention comprises following process:
The field that encapsulates in step 202, the message of SSU to the SFU forwarding is resolved, and when resolving to transparent mode, fire compartment wall is provided with overall identification and is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; After the relevant treatment of said message through fire compartment wall on the SSU, set up corresponding state list item for said message and also this message is forwarded, comprise the parameter information of VPN value in the said state list item;
Need to prove, in step 202, can further include:
If said message is not gone up the relevant treatment of fire compartment wall through SSU, then be that said message is set up corresponding invalid packet list item, comprise the parameter information and the handled mode of VPN value in the said invalid packet list item; When subsequent packet arrives, then from said invalid packet list item, obtain relevant parameter and carry out handled.
Said method can further include:
In step 203, said follow-up forwarding is handled and is specifically comprised:
SSU will comprise that the parameter information of VPN value is encapsulated in the data frame head of said message;
SSU carries out that state changes, timestamp refreshes etc. to the corresponding state list item of said message and upgrades operation, and the outgoing interface and the SFU of the correspondence of said message transmitted in identification, and the SFU that the message after will encapsulate sends to correspondence transmits.
As shown in Figure 3, transmit sketch map for message under the embodiment of the invention distributed fire wall transparent mode, SFU_A wherein and SFU_B are the unit that physically receives and transmit data, are used for simple message encapsulation, flow process forwarding; SSU_A and SSU_B are main Service Processing Units, are used to discern the legitimacy of message and set up corresponding with it state information.The detailed process that message is transmitted is explained as follows:
Step a: message gets into from SFU_A, enables two layers of forward command through configuration and makes this interface get into two layers of forwarding state, and configuration VLAN also lets this interface add.Configuration VPN also binds with this VLAN, and the interface that belongs to like this this VLAN under all can have the VPN value of correspondence to identify.
SFU_A carries out message after relevant action such as simple traffic identification handles; Can deliver to corresponding SSU unit to this stream according to self-defining algorithm handles; Supposition is to be sent to SSU_A (can certainly be sent to SFU_B) in the present embodiment, can be encapsulated into relevant parameter in this course to deliver in the self-defining frame head when SSU_A supplies follow-up business to handle to use.
Step b:SSU_A receives the message that SFU_A sends here; Can resolve the information in the corresponding frame head of said message; Can know that through the identification of relevant position this message gets into from two layers of forwarding interface; Fire compartment wall can be provided with an overall identification to such message, is used for follow-up special processing to such stream.
On SSU_A, can carry out the processing of firewall services, comprise that attack-defending detects, virus identification etc.If message can be smoothly through various detections; Then SSU_A can set up corresponding state list item for this stream, and the major parameter of this state list item comprises IP, PORT (port); Protocol (protocol number); By the SFU_A encapsulation, subsequent packet then can directly hit this state list item and transmit in step a for information such as VPN value, VPN value.If message is not through detecting; Promptly be identified as invalid packet by SSU_A; Then to this message can abandon, processing such as invalid packet counting, and set up the list item of invalid packet for this stream, when follow-up invalid packet is come, then can hit the list item of this invalid packet and directly handle it.
Step c:SSU_A accomplishes the coherent detection of message, and after setting up corresponding state list item, SSU_A can be filled in the self-defining frame head structure carrying out encapsulation process with the relevant parameter of this stream.
Steps d: SSU_A is to message and list item carries out the IP address and timestamp upgrades, and identifies the outgoing interface of message through the field in the state list item, is assumed to SFU_B.After actions such as renewal are accomplished, can deliver to corresponding SFU unit to this stream and handle, suppose that the purpose SFU unit of present embodiment is SFU_B.
Step e:SFU_B carries the information of coming through message from SSU_A and carries out processing such as simple message classification identification, after finishing message is forwarded.
Can find out in the above-described embodiments; Because different VLAN has bound different VPN values; Even the identical IP address of configuration in the different VLAN of same network environment like this, when the stream of identical five-tuple was on SSU, SSU also can set up the different state list item; If follow-up like this have flowing to of identical five-tuple to reach SSU, can not occur causing professional obstructed situation because of state list item confusion yet.
As shown in Figure 4, the firewall box structural representation for the embodiment of the invention provides comprises: professional retransmission unit SFU 411-41n and safety service cell S SU 421-42m, wherein:
Said SFU is used for when E-Packeting, and to the different different VPN values of VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message;
Said SSU is used for the message that SFU transmits is resolved, and when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; After the relevant treatment of said message through fire compartment wall on the SSU, set up corresponding state list item and said message is forwarded for said message, comprise the parameter information of VPN value in the said state list item.
When subsequent packet need be transmitted, said SSU also was used for obtaining relevant parameter from said state list item and carries out follow-up forwarding processing.Wherein, to carry out that follow-up forwarding handles specifically be that the parameter information that comprises the VPN value is encapsulated in the self-defining frame head structure of said message to said SSU; And said message and state list item upgraded operation, and identify the outgoing interface and the SFU of said message through the field in the said state list item, the message after the encapsulation is sent to corresponding SFU transmit.
Need to prove that when said message did not pass through the relevant treatment of fire compartment wall on the SSU, said SSU also was used to said message and sets up corresponding invalid packet list item, comprised the parameter information and the handled mode of VPN value in the said list item; When follow-up invalid packet need be transmitted, then from said invalid packet list item, obtain relevant parameter and carry out handled.
Can find out in the above-described embodiments; Because different VLAN has bound different VPN values; Even disposed identical IP like this, there is identical stream on SSU_A, also to have one's own list item, thereby can not occur causing professional obstructed situation to take place because of state is chaotic.
As shown in Figure 5, be the Security Architecture sketch map that the embodiment of the invention provides, comprise firewall box 510 and condition detecting device 500, wherein:
Said firewall box 510 specifically comprises: several professional retransmission unit SFU 511-51n and several safety service cell S SU 521-52m, wherein:
Said SFU is used for when E-Packeting, and to the different different VPN values of VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message;
Said SSU is used for the message that SFU transmits is resolved, and when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; , set up corresponding state list item and said message is forwarded through after the relevant treatment of SSU fire compartment wall at said message, comprise the parameter information of VPN value in the said state list item for said message.
When subsequent packet need be transmitted, said SSU also was used for obtaining relevant parameter from said state list item and carries out follow-up forwarding processing.Wherein, to carry out that follow-up forwarding handles specifically be that the parameter information that comprises the VPN value is encapsulated in the self-defining frame head structure of said message to said SSU; And said message and state list item upgraded operation, and identify the outgoing interface and the SFU of said message through the field in the said state list item, the message after the encapsulation is sent to corresponding SFU transmit.
Need to prove that when said message did not pass through the relevant treatment of fire compartment wall on the SSU, said SSU also was used to said message and sets up corresponding invalid packet list item, comprised the parameter information and the handled mode of VPN value in the said list item; When follow-up invalid packet need be transmitted, then from said invalid packet list item, obtain relevant parameter and carry out handled.
Certainly; In practical application; The formation more complicated of network safety system possibly be not limited to the situation of the above embodiment of the present invention, also possibly comprise some other auxiliary equipment; Those skilled in the art can just can not carry out significant expansion and various distortion through creative work on the basis of the embodiment of the invention, repeat no more here.
In addition, the adaptable scene of the firewall box that the above embodiment of the present invention provides is more extensive, the outlet of for example big-and-middle-sized client, various metropolitan area networks or porch etc.
Below, through a concrete application example the above embodiment of the present invention is described further.
As shown in Figure 6, the application scenarios sketch map of the many instances of distributed fire wall transparent mode that provide for the embodiment of the invention.
Scene description is following:
Client A and client B rent a distributed hardware fire compartment wall simultaneously, and wherein, client A adds virtual firewall VFW1, and client B adds virtual firewall VFW2, and client A and client B support address overlap.Client A is divided into trust, dmz and untrust zone, and wherein, trust is a private net address, and dmz has external server, and the untrust district has public network address.Client B is divided into trust, dmz and untrust zone, and wherein, trust and dmz district provide external server, and the untrust district is a private net address.
Suppose that client A belongs to VLAN1, bind VFW1, interface e4/0/1 belongs to the trust territory of VFW1, address 192.168.1.1; Client B belongs to VLAN2, binds VFW2, and interface e4/0/5 belongs to the trust territory of VFW2, address 192.168.1.1; Gateway belongs to the untrust territory of VFW0, address 10.110.200.2.
If client A initiates to be connected to gateway with client B, then can on fire compartment wall, set up two state list items, wherein, IP, Port, Protocol are identical, but the VPN value is inequality.The VPN value of the state list item that client A sets up is VPN1, and the VPN value of the state list item that client B sets up is VPN2.
When belong to respectively client A, client B different flow through the time all can hit one's own state list item through VPN value, thereby professional obstructed situation generation can not appear causing because of state is chaotic.
One of ordinary skill in the art will appreciate that and realize that all or part of step that the foregoing description method is carried is to instruct relevant hardware to accomplish through program; Described program can be stored in a kind of computer-readable recording medium; This program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If said integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
In sum, this paper provides message processing method, firewall box and network safety system under a kind of fire compartment wall transparent mode, and the message that occurs in the time of can solving address overlap is transmitted chaotic problem, can be applied on the fire compartment wall of different frameworks.
The embodiment of the invention can dispose in different VLAN under the situation of identical IP address, through increasing sign with difference IP address phase homogeneous turbulence, and sets up the different state list item respectively, thus can be correct E-Packet.When the subsequent packet of same stream arrived, the state list item that hits correspondence that also can be correct obtained relevant parameter and transmits processing, and like this, the legitimacy of subsequent packet can fast detecting be come out, and transmits processing then fast.
More than message processing method, firewall box and network safety system under the fire compartment wall transparent mode provided by the present invention have been carried out detailed introduction; Used concrete example among this paper principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand scheme of the present invention; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1. a message processing method is characterized in that, comprising:
When E-Packeting, the VPN VPN value different to different virtual LAN VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message; Wherein, said VLAN interface and said VPN value have one-to-one relationship;
Said message is resolved, when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; , set up corresponding state list item and said message is forwarded through after the relevant treatment of fire compartment wall at said message, comprise the parameter information of VPN value in the said state list item for said message.
2. message processing method according to claim 1 is characterized in that, also comprises:
When subsequent packet need be transmitted, from said state list item, obtain relevant parameter and carry out follow-up forwarding processing.
3. message processing method according to claim 2 is characterized in that, said follow-up forwarding is handled and specifically comprised:
The parameter information that will comprise the VPN value is encapsulated in the self-defining frame head structure of said message;
Said message and state list item are upgraded operation, identify the outgoing interface of said message, the message after the encapsulation is sent to corresponding outgoing interface transmit through the field in the said state list item.
4. message processing method according to claim 1 is characterized in that, also comprises:
Set up corresponding invalid packet list item if said message not through the relevant treatment of fire compartment wall, then is said message, comprise the parameter information and the handled mode of VPN value in the said list item;
When follow-up invalid packet need be transmitted, then from said invalid packet list item, obtain relevant parameter and carry out handled.
5. a firewall box is characterized in that, comprising:
Professional retransmission unit SFU is used for when E-Packeting, the VPN VPN value different to different virtual LAN VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message; Wherein, said VLAN interface and said VPN value have one-to-one relationship;
Safety service cell S SU is used for the message that said SFU transmits is resolved, and when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; After the relevant treatment of said message through fire compartment wall on the SSU, set up corresponding state list item and said message is forwarded for said message, comprise the parameter information of VPN value in the said state list item.
6. firewall box according to claim 5 is characterized in that,
When subsequent packet need be transmitted, said SSU also was used for obtaining relevant parameter from said state list item and carries out follow-up forwarding processing.
7. firewall box according to claim 6 is characterized in that,
It specifically is that the parameter information that comprises the VPN value is encapsulated in the self-defining frame head structure of said message that said SSU carries out follow-up forwarding processing; And said message and state list item upgraded operation, and identify the outgoing interface and the SFU of said message through the field in the said state list item, the message after the encapsulation is sent to corresponding SFU transmit.
8. firewall box according to claim 5 is characterized in that,
When said message did not pass through the relevant treatment of fire compartment wall on the SSU, said SSU also was used to said message and sets up corresponding invalid packet list item, comprised the parameter information and the handled mode of VPN value in the said list item; When follow-up invalid packet need be transmitted, then from said invalid packet list item, obtain relevant parameter and carry out handled.
9. firewall box according to claim 5 is characterized in that said fire compartment wall is specially centralized fire compartment wall or distributed fire wall.
10. a network safety system is characterized in that, comprising: firewall box, and said firewall box specifically comprises:
Professional retransmission unit SFU is used for when E-Packeting, the VPN VPN value different to different virtual LAN VLAN interface configuration, and will comprise that the parameter of VPN value is encapsulated in the corresponding data frame head of said message; Wherein, said VLAN interface and said VPN value have one-to-one relationship;
Safety service cell S SU is used for the message that said SFU transmits is resolved, and when resolving to transparent mode, overall identification is set is used to identify said message through two layers of forwarding interfaces entering fire compartment wall; After the relevant treatment of said message through fire compartment wall on the SSU, set up corresponding state list item and said message is forwarded for said message, comprise the parameter information of VPN value in the said state list item.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008101351762A CN101345711B (en) | 2008-08-13 | 2008-08-13 | Packet processing method, fire wall equipment and network security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008101351762A CN101345711B (en) | 2008-08-13 | 2008-08-13 | Packet processing method, fire wall equipment and network security system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101345711A CN101345711A (en) | 2009-01-14 |
CN101345711B true CN101345711B (en) | 2012-08-08 |
Family
ID=40247604
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008101351762A Active CN101345711B (en) | 2008-08-13 | 2008-08-13 | Packet processing method, fire wall equipment and network security system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101345711B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468359A (en) * | 2014-11-27 | 2015-03-25 | 杭州华三通信技术有限公司 | Packet forwarding method and device |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103023942B (en) * | 2011-09-27 | 2016-08-03 | 北京奇虎科技有限公司 | A kind of server load balancing method, Apparatus and system |
CN102611700B (en) * | 2012-02-24 | 2015-04-22 | 汉柏科技有限公司 | Method for realizing VPN (Virtual Private Network) access under transparent mode |
CN103731348B (en) * | 2012-10-15 | 2018-06-26 | 中国移动通信集团江苏有限公司 | A kind of IMS network message distribution method and device |
CN105450603A (en) * | 2014-08-22 | 2016-03-30 | 杭州迪普科技有限公司 | Message-processing method and device |
CN105577628B (en) * | 2014-11-11 | 2020-01-21 | 中兴通讯股份有限公司 | Method and device for realizing virtual firewall |
CN104618143B (en) * | 2014-12-31 | 2018-03-06 | 北京和利时系统工程有限公司 | A kind of method and apparatus for managing industrial fireproof wall |
CN104717205A (en) * | 2015-02-04 | 2015-06-17 | 上海展湾信息科技有限公司 | Industrial control firewall control method based on message reconstitution |
CN107800581B (en) * | 2016-09-01 | 2022-03-18 | 中兴通讯股份有限公司 | Two-layer network and loopback detection method thereof |
CN111683308B (en) * | 2020-05-29 | 2022-04-29 | 烽火通信科技股份有限公司 | Method and device for realizing flexible bridging service on home gateway |
CN114844733A (en) * | 2021-01-30 | 2022-08-02 | 华为技术有限公司 | Interface management method for access user equipment and access user equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832443A (en) * | 2005-03-08 | 2006-09-13 | 杭州华为三康技术有限公司 | Method for reducing VPN network arranging |
CN1838633A (en) * | 2005-03-22 | 2006-09-27 | 杭州华为三康技术有限公司 | Enhanced VPN network optimization method and apparatus |
CN101009683A (en) * | 2006-01-13 | 2007-08-01 | 飞塔信息科技(北京)有限公司 | Computer system and method for processing network flow |
CN101087236A (en) * | 2007-08-09 | 2007-12-12 | 杭州华三通信技术有限公司 | VPN access method and device |
-
2008
- 2008-08-13 CN CN2008101351762A patent/CN101345711B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832443A (en) * | 2005-03-08 | 2006-09-13 | 杭州华为三康技术有限公司 | Method for reducing VPN network arranging |
CN1838633A (en) * | 2005-03-22 | 2006-09-27 | 杭州华为三康技术有限公司 | Enhanced VPN network optimization method and apparatus |
CN101009683A (en) * | 2006-01-13 | 2007-08-01 | 飞塔信息科技(北京)有限公司 | Computer system and method for processing network flow |
CN101087236A (en) * | 2007-08-09 | 2007-12-12 | 杭州华三通信技术有限公司 | VPN access method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468359A (en) * | 2014-11-27 | 2015-03-25 | 杭州华三通信技术有限公司 | Packet forwarding method and device |
CN104468359B (en) * | 2014-11-27 | 2018-02-09 | 新华三技术有限公司 | Message forwarding method and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN101345711A (en) | 2009-01-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101345711B (en) | Packet processing method, fire wall equipment and network security system | |
CN109561108B (en) | Policy-based container network resource isolation control method | |
US10263808B2 (en) | Deployment of virtual extensible local area network | |
US20140006585A1 (en) | Providing Mobility in Overlay Networks | |
CN107959654A (en) | A kind of data transmission method, device and mixing cloud system | |
US9083656B2 (en) | Service communication method and system for access network apparatus | |
RU2544766C2 (en) | Method, device and system for routing data between network segments | |
WO2017054757A1 (en) | Broadband access | |
CN102571738B (en) | Based on the intrusion prevention method and system that VLAN exchanges | |
US20130173788A1 (en) | Network access apparatus | |
CN100473040C (en) | VPN realizing method | |
CN102413060B (en) | User private line communication method and equipment used in VPLS (Virtual Private LAN (Local Area Network) Service) network | |
WO2015165311A1 (en) | Method for transmitting data packet and provider edge device | |
KR20140027455A (en) | Centralized system for routing ethernet packets over an internet protocol network | |
CN109274570B (en) | VPN construction method and device and computer readable storage medium | |
CN101461198A (en) | Relay network system and terminal adapter | |
CN101515859B (en) | Method for multicast transport in Internet protocol secure tunnel and device | |
CN107018076B (en) | A kind of monitoring messages method and apparatus | |
CN112822037B (en) | Flow arrangement method and system for security resource pool | |
CN107659484B (en) | Method, device and system for accessing VXLAN network from VLAN network | |
CN107995083A (en) | Realize the method, system and equipment of L2VPN and VxLAN intercommunications | |
US20190215191A1 (en) | Deployment Of Virtual Extensible Local Area Network | |
WO2011147342A1 (en) | Method, equipment and system for exchanging routing information | |
CN109474507A (en) | A kind of message forwarding method and device | |
CN103795630A (en) | Message transmitting method and device of label switching network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: Huawei Symantec Technologies Co., Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: Chengdu Huawei Symantec Technologies Co., Ltd. |