CN101909067A - Antivirus method and system for secure gateway cluster - Google Patents
Antivirus method and system for secure gateway cluster Download PDFInfo
- Publication number
- CN101909067A CN101909067A CN2010102633585A CN201010263358A CN101909067A CN 101909067 A CN101909067 A CN 101909067A CN 2010102633585 A CN2010102633585 A CN 2010102633585A CN 201010263358 A CN201010263358 A CN 201010263358A CN 101909067 A CN101909067 A CN 101909067A
- Authority
- CN
- China
- Prior art keywords
- secure
- security gateway
- cluster
- gateway
- virus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses antivirus method and system for a secure gateway cluster. in the method, the secure gateway cluster selects one of a plurality of secure gateway devices in advance as a main secure gateway, and the other secure gateway devices are used as backup secure gateways; the main secure gateway identifies a data stream needing antivirus processing and sends the data stream needing antivirus processing to the backup secure gateways through inquiring a cluster state database and a predetermined load balancing strategy; the backup secure gateways carry out antivirus processing on the received data stream needing antivirus processing, package and send the processed data stream to the main secure gateway; and the main secure gateway de-package and forward a data packet subjected to antivirus processing. In the invention, the unification of the transparency and the high performance of the secure gateway cluster is realized, and the utilization ratio of overall resources of the secure gateway cluster is improved on the basis of maintaining high availability of the secure gateway cluster through an effective dynamic load balancing mechanism.
Description
Technical field
The present invention relates to the network security technology field, relate in particular to a kind of method and system of secure gateway cluster anti-virus.
Background technology
Along with the continuous development of network technology and network security technology, traditional security gateway function can not satisfy the various new demands that occur day by day.Traditional security gateway is only done central access control in network layer, and is powerless to the safety of application layer, and the security gateway of a new generation need also carry out centralized control to the safety of application layer, controls from two layers to seven layers stereo safety to realize network.In emerging application layer security function, anti-virus functionality has important status, security gateway need be to the FTP through security gateway, HTTP, POP3, SMTP, flows such as IMAP carry out real-time virus scan, the condition code of storing in content in the documents and the anti-virus storehouse, and to contain virus file carry out relevant treatment, if the transmission file be the file of certain compressed format, then virus scan module need be compressed file, scan wherein all files, to realize comprehensively killing virus function.The security gateway virus killing is the intensive action of CPU, and the event data stream amount is bigger, and anti-virus module can take many processor time and internal memory, to the certain influence of other functions generations of whole system, reduces the effective utilization of system with inevitably.
In order to improve the ability of security gateway virus killing, generally be assigned on the different secure gateway cluster equipment by certain mode by the flow that needs is carried out virus scan, improve the throughput of whole system with this.Mainly contain two kinds of implementation methods at present:
First method, by on secure gateway cluster, carrying out the division of a plurality of working groups, also reach effect of load balance, different virus killing flow is by by force the different operating group in the cluster of sending to, each working group in the cluster all can handle after receiving flow, thereby realizes the static load equilibrium of virus killing flow.Adopt the static load balanced way to carry out networking, secure gateway cluster externally shows as a plurality of logical device, and upstream and downstream equipment must carry out complicated configuration.Flow can not carry out load balancing according to the state of each equipment in the secure gateway cluster simultaneously, can only carry out flow according to the strategy that defines and send.Security gateway equipment in the cluster can not optionally be handled for the flow that receives simultaneously, must handle as long as upstream and downstream equipment just sends over.
Second method by add special-purpose load-balancing device in network, can reach dynamic load balancing effect.Utilize the upper-layer protocol identification and the flow dynamics ability of equalization of special equipment, can be according to the state of flow and secure gateway cluster equipment realize the killing virus dynamic load leveling of flow.Based on the dynamic load leveling scheme shortcoming of special-purpose load-balancing device also clearly, general special-purpose load-balancing device is very expensive, simultaneously if the Single Point of Faliure in the eliminating network, must carry out the networking with the pattern of two-node cluster hot backup, cause when having enlarged input, having wasted the system resource of load balancing backup secure and secure gateway cluster backup secure.
Summary of the invention
In view of above-mentioned analysis, the present invention aims to provide a kind of method and system of secure gateway cluster anti-virus, is assigned to the problems of being brought on the different secure gateway cluster equipment by certain mode in order to solve the flow that passing through of existing in the prior art carry out needs virus scan.
Purpose of the present invention mainly is achieved through the following technical solutions:
The invention provides a kind of method that realizes the secure gateway cluster anti-virus, comprising:
Secure gateway cluster elects one of them as main security gateway in advance in a plurality of security gateway equipment, and other are as backup secure;
Described main security gateway is discerned the data flow that receives, identify the data flow that to kill virus, and the data flow of needs being killed virus by inquiry cluster slip condition database and employing predetermined load balance policy sends on its selected backup secure;
The data flow that the needs that described selected backup secure will receive the are killed virus processing of killing virus, and send to described main security gateway after will being packaged into packet through the data flow that virus killing is handled;
Described main security gateway receive that described selected backup secure sends behind the packet that virus killing is handled, described packet is carried out decapsulation, by the normal process flow process described packet is transmitted then.
Further, described secure gateway cluster elects one of them as main security gateway in advance in a plurality of security gateway equipment, and other steps as backup secure specifically comprise:
Described secure gateway cluster elects one of them as main security gateway according to the security gateway priority facility of setting, and other are as backup secure; And described secure gateway cluster also is used for each monitor-interface of security gateway equipment is carried out weight setting, when priority is consistent, selects main security gateway according to different interface weights.
Further, described method also comprises: after described secure gateway cluster detects current main security gateway generation abnormal conditions cisco unity malfunction, in all backup secure, choose one again as main security gateway according to priority algorithm, and carry out the migration process of main security gateway.
Further, described main security gateway is discerned the data flow that receives, identify the data flow that need kill virus, and the step that sends on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs comprises specifically:
Described main security gateway carries out safety regulation coupling to the data flow that receives, and needs data flow and the connection table of handling thereof of killing virus carried out mark; The data flow of needs being killed virus according to the predetermined load balance policy sends to the processing of killing virus on its selected backup secure then; Wherein, comprise five-tuple attribute specification in the described safety regulation to the IP message that meets ICP/IP protocol in the data flow; Described predetermined load balance policy is: polling algorithm, weight polling algorithm or dynamic polling algorithm.
Further, described method also comprises: described main security gateway is monitored the state of all backup secure of secure gateway cluster in real time, when defining certain backup secure inefficacy, this backup secure is shielded, and other equipment in the cluster are transferred in the work of this backup secure.
The present invention also provides a kind of system that realizes the secure gateway cluster anti-virus, comprising: the secure gateway cluster that a plurality of security gateway equipment are formed, wherein,
Described secure gateway cluster is used for electing one of them as main security gateway at a plurality of security gateway equipment in advance, and other are as backup secure;
Described main security gateway is used for the data flow that receives is discerned, and identifies the data flow that need kill virus, and sends on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; And described main security gateway also be used for receive that described selected backup secure sends behind the packet that virus killing is handled, packet is carried out decapsulation, by the normal process flow process described packet is transmitted then;
Described backup secure is used for the data flow that the needs that receive the are killed virus processing of killing virus, and will be packaged into through the data flow that virus killing is handled and send to described main security gateway behind the packet and transmit.
Further, described secure gateway cluster specifically is used for, and elects one of them as main security gateway according to the security gateway priority facility of setting, and other are as backup secure; And described secure gateway cluster also is used for each monitor-interface of security gateway equipment is carried out weight setting, when priority is consistent, selects main security gateway according to different interface weights.
Further, described secure gateway cluster also is used for, after detecting current main security gateway generation abnormal conditions cisco unity malfunction, in all backup secure, choose one again as main security gateway according to priority algorithm, and carry out the migration process of main security gateway.
Further, described main security gateway specifically comprises: flow detection module and load balancing module, wherein,
Described flow detection module is used for the data flow that receives is carried out safety regulation coupling, and needs data flow and the connection table of handling thereof of killing virus carried out mark; Comprise five-tuple attribute specification in the described safety regulation to the IP message that meets ICP/IP protocol in the data flow;
Described load balancing module is used for sending to the processing of killing virus on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; Described predetermined load balance policy is: polling algorithm, weight polling algorithm or dynamic polling algorithm.
Further, described main security gateway also is used for, the state of all backup secure of monitoring secure gateway cluster when defining certain backup secure inefficacy, sends to the data flow on this backup secure on other backup secure according to the load balancing strategy in real time.
Beneficial effect of the present invention is as follows:
The present invention carries out dynamic load leveling by the secure gateway cluster main equipment to the flow that needs virus scan between secure gateway cluster, realize cluster internal burden equalization function.Simultaneously after an equipment in the cluster breaks down, flow can be redistributed between the surplus equipment of cluster automatically, after the main equipment of secure gateway cluster breaks down, cluster can carry out new main equipment election automatically, and adapter cluster load-balancing function, the transparency and the high performance unification of secure gateway cluster have been realized, on the basis that keeps the secure gateway cluster high availability, by effective dynamic load balancing mechanism, promoted the whole resource utilization of secure gateway cluster.Secure gateway cluster has good retractility and autgmentability simultaneously, can promote the throughput of security gateway virus killing by the new security gateway of simple increase under the condition that does not change network topology.
Other features and advantages of the present invention will be set forth in the following description, and become apparent from specification, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Fig. 1 is the schematic flow sheet of the method for the invention;
Fig. 2 is the topological structure schematic diagram of a secure gateway cluster in the method for the invention example;
Fig. 3 is the structural representation of system of the present invention.
Embodiment
Specifically describe the preferred embodiments of the present invention below in conjunction with accompanying drawing, wherein, accompanying drawing constitutes the application's part, and is used from explaination principle of the present invention with embodiments of the invention one.For clear and simplification purpose, when it may make theme of the present invention smudgy, with specifying in detail of known function and structure in the omission device described herein.
1 pair of the method for the invention is elaborated at first in conjunction with the accompanying drawings.
As shown in Figure 1, Fig. 1 is the schematic flow sheet of the method for the invention, specifically can comprise the steps:
Step 101: secure gateway cluster elects one of them as main security gateway in advance in a plurality of security gateway equipment, and other are as backup secure; Be exactly specifically, owing to will realize that virus scan (AV) flow carries out load-balancing function in secure gateway cluster, and support the transparent access upstream and downstream of secure gateway cluster network environment, secure gateway cluster must elect the interaction process that a main security gateway is responsible for carrying out with the upstream and downstream network environment flow in inside, only communicating by letter with main security gateway as backup secure of other keeps transparent relation with the upstream and downstream environment;
Wherein, election process specifically comprises: secure gateway cluster is selected main security gateway and backup secure according to the priority facility of setting, and what priority was high is main security gateway, and all the other are backup secure.Simultaneously can carry out weight setting to each monitor-interface of security gateway, the availability of big more this interface of representative of weights is high more, under the situation of priority facility unanimity, secure gateway cluster can carry out the election of main security gateway according to different interface weights;
Step 102: main security gateway is discerned the data flow that receives, and identifies the data flow that need kill virus, and sends on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; Be exactly specifically, after entering main security gateway, packet at first carries out the safety regulation coupling, comprise five-tuple attribute specification in the safety regulation, also include simultaneously the Killing Tactics that need carry out packet in the safety regulation the IP message that meets ICP/IP protocol in the packet.Packet is then no longer proceeded the coupling of other safety regulations after having mated a safety regulation, the security strategy that is complementary can be carried out data flow and connection table thereof that anti-virus handles to needs and be carried out mark; Which be sent on the backup secure in the cluster by inquiry cluster slip condition database and dynamic load leveling strategy specified data bag then, heart beat interface by the secure gateway cluster special use sends to corresponding backup secure with packet encapsulation; Secure gateway cluster slip condition database data record the state information of whole cluster, state information comprises the cpu busy percentage of each member device in the cluster, memory usage, linking number size, interface status information, priority facility information, virus base information etc.After the connection table is labeled, all subsequent packets that mate this connection all can be sent to identical backup secure by main security gateway and handle, when carrying out flow load balance, guarantee that the packet between the same stream is assigned on the same backup secure, guarantee the consistency of service and data;
Step 103: the data flow that the needs that backup secure will receive the are killed virus processing of killing virus, and send to main security gateway after will being packaged into packet through the data flow that virus killing is handled; Be exactly specifically, after backup secure receives the packet that the heartbeat oral instructions bring, packet is carried out carrying out after the decapsulation virus scan handle, and the flow after the virus scan (AV) is encapsulated the heartbeat mouth of back by backup secure again flow is sent it back main security gateway;
Step 104: main security gateway receive that backup secure sends behind the packet that virus killing is handled, packet is carried out decapsulation, by the normal process flow process packet is transmitted then.
The method of the invention also comprises:
(device hardware fault after secure gateway cluster detects main security gateway generation abnormal conditions cisco unity malfunction, the monitor-interface fault, the monitoring software fault), can carry out the migration work of main security gateway at the secure gateway cluster equipment room according to priority algorithm; After the main security gateway migration, new main security gateway is taken over the external all functions of whole secure gateway cluster, is responsible for the flow that receives is carried out the work of load balancing according to the secure gateway cluster slip condition database simultaneously.
And, main security gateway is monitored other equipment states in the cluster in real time, after backup secure loses efficacy, can adjust the load balancing strategy in real time, this backup secure was shielded, and other equipment in the cluster were transferred in the work of this backup secure; Be exactly specifically, in case main security gateway detects the backup secure that inefficacy is arranged in the cluster, can be immediately with its shielding, and the secure gateway cluster slip condition database of other renewal of the equipment this locality in the notice secure gateway cluster, make its computing that no longer participates in cluster and load balancing, and other equipment in the cluster are transferred in work; And if the equipment that main security gateway detects in the cluster temporarily can't be worked, then detect again twice, unless all this equipment failure is just thought in failure, thereby guarantee can not carry out error masking to it, thereby cause interrupting the normal efficient that reduces whole secure gateway cluster that connects because separate unit security gateway equipment is temporarily busy.
Other backup nodes in the secure gateway cluster are except the flow of handling main security gateway distribution, also can carry out internal state with other equipment detects, by monitoring the operation conditions of main security gateway, guarantee that each equipment in the cluster all has a unified secure gateway cluster slip condition database, can when main security gateway lost efficacy, carry out new main security gateway election at once, avoid main security gateway Single Point of Faliure.
In the present invention, secure gateway cluster load balancing strategy can be RR (Round Robin, poll) algorithm, WRR (Weight Round Robin, weight poll) algorithm or DRR (Dynamic RoundRobin, dynamic poll) algorithm specifies as follows:
RR algorithm: the simplest also the most a kind of method of easy realization.In whole secure gateway cluster, each security gateway node all has identical status, and algorithm each node circulation wheel in secure gateway cluster changes to be selected, and each node in the cluster is all selected under identical status in turn.The advantage of this method is simple, reduce between the group system communication, conserve system resources is applicable to all node processing abilities situation all identical with performance in the cluster.
WRR algorithm: the notion that on the basis of polling algorithm, has added weight, can add a weighted value for each equipment in the cluster, when system carries out polling algorithm, can judge the different position of node in the cluster, thereby distribute corresponding flow according to different weighted values.Can set different weights according to the different disposal ability of distinct device, the equipment that disposal ability is high can be assigned to more flow.
DRR algorithm: because network traffics are distributed and the uncertainty of security gateway equipment working state, the static equilibrium algorithm can not be adjusted flow according to the state of load and equipment itself, can not guarantee real load balancing in essence, at this moment will adopt the scheme of dynamic load leveling.The slip condition database meeting regular update of whole secure gateway cluster, when main security gateway carries out data load balance, can dynamically adjust load-balancing mechanism according to the cluster slip condition database, after having detected a device processes ability drop or cisco unity malfunction, can reduce the flow be sent to this equipment, on unnecessary flow load balance other equipment in the cluster.Each equipment in the secure gateway cluster all can be set up a unified cluster slip condition database.This database includes the connection state information of each equipment in the secure gateway cluster, interface status information, CPU state information, internal storage state information, equipment weight information etc.The state information of each cluster device is pushed in the secure gateway cluster automatically, the cluster status data library information of other equipment meeting real-time update oneself after receiving the state information of other equipment in the cluster.Each node in the secure gateway cluster is formed the group system of backup mutually of monitoring mutually, realizes the consistency of cluster internal data.
The secure gateway cluster slip condition database need be safeguarded two tables, one is sender-table, one is recipient's table, data show that corresponding secure gateway cluster node load need move task greater than its threshold value in the sender-table, and record shows that the corresponding node load can accept new task less than its threshold value in the recipient table.Content in every table is carried out real-time update by the state information between cluster, guarantees that the main security gateway in the secure gateway cluster can carry out the dynamic load leveling of flow according to the real time information in the table.
Dynamic polling algorithm no longer simply travels through each equipment in the cluster or carries out the distribution of load according to the weighted value of static state, can be dynamically adapted to the flow of respective nodes according to the operating state of different nodes, after a node processing ability drop, can loading on other available devices with flow dynamics.
In order further to understand the method for the invention, will lift a concrete example below and describe.
As shown in Figure 2, Fig. 2 is the topological structure schematic diagram of a secure gateway cluster, comprise: fire compartment wall A, fire compartment wall B, fire compartment wall C and fire compartment wall D form a secure gateway cluster, this cluster is by SWITCH-1 and SWITCH-2 access network environment, cluster externally shows as the logical device of a platform independent, externally have only an IP address, other equipment in the network need not be concerned about the number and the networking situation of equipment in the cluster.Security gateway in the cluster connects heartbeat mouth separately by SWITCH-3, and electing A by the cluster priority algorithm is main security gateway, and other equipment are backup secure.The flow that upstream and downstream equipment sends to cluster all can be sent on the main security gateway A, the A security gateway is analyzed identification to the flow that receives, and the flow that needs virus scan (AV) is sent to corresponding backup secure according to the dynamic load leveling strategy by special purpose interface.
3 pairs of systems of the present invention are elaborated below in conjunction with accompanying drawing.
As shown in Figure 3, Fig. 3 is the structural representation of the described system of the embodiment of the invention, specifically can comprise: comprise the secure gateway cluster of a plurality of security gateways, main security gateway and backup secure, in order to carry out the seamless switching between master/slave device, need all identical security strategy should be arranged by each security gateway in cluster, virus base and connection table information, these information can be carried out between cluster in the course of work of cluster synchronously automatically, and guaranteeing to switch the back has consistent processing behavior to flow.
(1) secure gateway cluster comprises a plurality of security gateway equipment, externally shows as a security gateway independently in logic, mainly be responsible in a plurality of security gateway equipment election one of them as main security gateway, other are as backup secure; Be exactly specifically, owing to will realize that virus scan (AV) flow carries out load-balancing function in secure gateway cluster, and support the transparent access upstream and downstream of secure gateway cluster network environment, secure gateway cluster must elect the interaction process that a main security gateway is responsible for carrying out with the upstream and downstream network environment flow in inside, only communicating by letter with main security gateway as backup secure of other keeps transparent relation with the upstream and downstream environment; Wherein, election process specifically comprises: secure gateway cluster is selected main security gateway and backup secure according to the priority facility of setting, and what priority was high is main security gateway, and all the other are backup secure.Simultaneously can carry out weight setting to each monitor-interface of security gateway, the availability of big more this interface of representative of weights is high more, under the situation of priority facility unanimity, secure gateway cluster can carry out the election of main security gateway according to different interface weights; And, (device hardware fault after secure gateway cluster detects main security gateway generation abnormal conditions cisco unity malfunction, the monitor-interface fault, the monitoring software fault), can carry out the migration work of main security gateway at the secure gateway cluster equipment room according to priority algorithm; After the main security gateway migration, new main security gateway is taken over the external all functions of whole secure gateway cluster, is responsible for the flow that receives is carried out the work of load balancing according to the secure gateway cluster slip condition database simultaneously.
(2) main security gateway, be used for main security gateway and mainly be responsible for the load balancing work of whole secure gateway cluster flow, and as the unique gateway through the secure gateway cluster flow, all flows of being handled by backup secure also need to send by main security gateway at last; Be exactly specifically, the data flow that receives is discerned, identify the data flow that to kill virus, and send on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; And receive that backup secure sends behind the packet that virus killing is handled, packet is carried out decapsulation, carry out the forwarding of packet then by the normal process flow process;
Main security gateway specifically can comprise: flow detection module and load balancing module, wherein,
The flow detection module is used for the data flow that receives is carried out the safety regulation coupling, comprises the five-tuple attribute specification to the IP message that meets ICP/IP protocol in the packet in the safety regulation, and the flow and the connection table thereof that needs are carried out the anti-virus processing carry out mark;
Load balancing module, be used for being sent to which backup secure of cluster by inquiry cluster slip condition database and dynamic load leveling strategy specified data bag, heart beat interface by the secure gateway cluster special use sends to corresponding backup secure with packet encapsulation; Described predetermined load balance policy can be: polling algorithm, weight polling algorithm or dynamic polling algorithm;
And, main security gateway also will be monitored the state of all backup secure of secure gateway cluster in real time, when defining certain backup secure and lost efficacy, this backup secure is shielded, and other equipment in the cluster are transferred in the work of this backup secure.
(3) backup secure is used for the data flow that the needs that receive the are killed virus processing of killing virus, and will be packaged into through the data flow that virus killing is handled and send to main security gateway behind the packet and transmit; Be exactly specifically, after backup secure receives the packet that the heartbeat oral instructions bring, packet is carried out carrying out after the decapsulation virus scan handle, and the flow after the virus scan (AV) is encapsulated the heartbeat mouth of back by backup secure again flow is sent it back main security gateway; Simultaneously, alternate device also must be monitored the state of whole cluster, so that after current main security gateway inefficacy, re-electing main security gateway, the new main security gateway that produces can be taken over the function to whole cluster in real time.
In sum, the invention provides a kind of method and system of secure gateway cluster anti-virus, secure gateway cluster externally shows as a security gateway independently in logic, carry out main security gateway election in cluster inside by proprietary algorithm, the main security gateway that election is come out can carry out status checkout and key message and wait work synchronously to other equipment in the cluster, other equipment in the cluster are backup secure.Except that main security gateway, backup secure in the cluster is also monitored the state information of whole cluster, after detecting main security gateway inefficacy, can carry out new main security gateway election automatically, because backup secure has also been carried out the state-detection of whole cluster before, on the main security gateway of new election, can accomplish needing the seamless load balancing of virus scan (AV) flow.Main security gateway is responsible for communicating with external environment, backup secure only is responsible for handling the flow that main wall sends, flow after all backup secure are handled is all transmitted by main security gateway again by proprietary passage, guarantees the transparent access network of whole cluster.
The present invention has realized in secure gateway cluster the dynamic load leveling to virus scan (AV) flow, solved secure gateway cluster static load balanced way access network complexity, flexibility is low and use special-purpose load-balancing device to have high input problems such as the wasting of resources in network.New system model has scheme cost performance height, is easy to realize, system is strong, fail safe and the strong advantage of manageability.Provide a kind of cheapness on existing network configuration basis, effectively, transparent method promotes secure gateway cluster utilization rate of equipment and installations and virus scan flow throughput.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (10)
1. a method that realizes the secure gateway cluster anti-virus is characterized in that, comprising:
Secure gateway cluster elects one of them as main security gateway in advance in a plurality of security gateway equipment, and other are as backup secure;
Described main security gateway is discerned the data flow that receives, identify the data flow that to kill virus, and the data flow of needs being killed virus by inquiry cluster slip condition database and employing predetermined load balance policy sends on its selected backup secure;
The data flow that the needs that described selected backup secure will receive the are killed virus processing of killing virus, and send to described main security gateway after will being packaged into packet through the data flow that virus killing is handled;
Described main security gateway receive that described selected backup secure sends behind the packet that virus killing is handled, described packet is carried out decapsulation, by the normal process flow process described packet is transmitted then.
2. method according to claim 1 is characterized in that, described secure gateway cluster elects one of them as main security gateway in advance in a plurality of security gateway equipment, and other steps as backup secure specifically comprise:
Described secure gateway cluster elects one of them as main security gateway according to the security gateway priority facility of setting, and other are as backup secure; And described secure gateway cluster also is used for each monitor-interface of security gateway equipment is carried out weight setting, when priority is consistent, selects main security gateway according to different interface weights.
3. method according to claim 1 and 2, it is characterized in that, described method also comprises: after described secure gateway cluster detects current main security gateway generation abnormal conditions cisco unity malfunction, in all backup secure, choose one again as main security gateway according to priority algorithm, and carry out the migration process of main security gateway.
4. method according to claim 1 and 2, it is characterized in that, described main security gateway is discerned the data flow that receives, identify the data flow that need kill virus, and the step that sends on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs comprises specifically:
Described main security gateway carries out safety regulation coupling to the data flow that receives, and needs data flow and the connection table of handling thereof of killing virus carried out mark; The data flow of needs being killed virus according to the predetermined load balance policy sends to the processing of killing virus on its selected backup secure then; Wherein, comprise five-tuple attribute specification in the described safety regulation to the IP message that meets ICP/IP protocol in the data flow; Described predetermined load balance policy is: polling algorithm, weight polling algorithm or dynamic polling algorithm.
5. method according to claim 1 and 2, it is characterized in that, described method also comprises: described main security gateway is monitored the state of all backup secure of secure gateway cluster in real time, when defining certain backup secure inefficacy, this backup secure is shielded, and other equipment in the cluster are transferred in the work of this backup secure.
6. a system that realizes the secure gateway cluster anti-virus is characterized in that, comprising: the secure gateway cluster that a plurality of security gateway equipment are formed, wherein,
Described secure gateway cluster is used for electing one of them as main security gateway at a plurality of security gateway equipment in advance, and other are as backup secure;
Described main security gateway is used for the data flow that receives is discerned, and identifies the data flow that need kill virus, and sends on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; And described main security gateway also be used for receive that described selected backup secure sends behind the packet that virus killing is handled, packet is carried out decapsulation, by the normal process flow process described packet is transmitted then;
Described backup secure is used for the data flow that the needs that receive the are killed virus processing of killing virus, and will be packaged into through the data flow that virus killing is handled and send to described main security gateway behind the packet and transmit.
7. system according to claim 6 is characterized in that described secure gateway cluster specifically is used for, and elects one of them as main security gateway according to the security gateway priority facility of setting, and other are as backup secure; And described secure gateway cluster also is used for each monitor-interface of security gateway equipment is carried out weight setting, when priority is consistent, selects main security gateway according to different interface weights.
8. according to claim 6 or 7 described systems, it is characterized in that, described secure gateway cluster also is used for, after detecting current main security gateway generation abnormal conditions cisco unity malfunction, in all backup secure, choose one again as main security gateway according to priority algorithm, and carry out the migration process of main security gateway.
9. according to claim 6 or 7 described systems, it is characterized in that described main security gateway specifically comprises: flow detection module and load balancing module, wherein,
Described flow detection module is used for the data flow that receives is carried out safety regulation coupling, and needs data flow and the connection table of handling thereof of killing virus carried out mark; Comprise five-tuple attribute specification in the described safety regulation to the IP message that meets ICP/IP protocol in the data flow;
Described load balancing module is used for sending to the processing of killing virus on its selected backup secure according to the data flow that the predetermined load balance policy is killed virus needs; Described predetermined load balance policy is: polling algorithm, weight polling algorithm or dynamic polling algorithm.
10. according to claim 6 or 7 described systems, it is characterized in that, described main security gateway also is used for, monitor the state of all backup secure of secure gateway cluster in real time, when defining certain backup secure inefficacy, the data flow on this backup secure is sent on other backup secure according to the load balancing strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102633585A CN101909067A (en) | 2010-08-26 | 2010-08-26 | Antivirus method and system for secure gateway cluster |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102633585A CN101909067A (en) | 2010-08-26 | 2010-08-26 | Antivirus method and system for secure gateway cluster |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101909067A true CN101909067A (en) | 2010-12-08 |
Family
ID=43264385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102633585A Pending CN101909067A (en) | 2010-08-26 | 2010-08-26 | Antivirus method and system for secure gateway cluster |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101909067A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724142A (en) * | 2011-06-03 | 2012-10-10 | 北京天地互连信息技术有限公司 | Gateway level determination method supporting IPv6 and gateway having robustness |
| CN103514407A (en) * | 2013-09-16 | 2014-01-15 | 北京电视台 | Method and system for killing viruses of audio/video files transmitted from office network to production network |
| CN104243487A (en) * | 2014-09-28 | 2014-12-24 | 网神信息技术(北京)股份有限公司 | Rule matching method and rule matching device of security gateway |
| CN104363136A (en) * | 2014-11-07 | 2015-02-18 | 网神信息技术(北京)股份有限公司 | Security gateway device testing method and device |
| CN106130898A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of virtual flow-line link support method and device |
| CN108092971A (en) * | 2017-12-13 | 2018-05-29 | 新华三信息安全技术有限公司 | A kind of method and device of processing business message |
| CN109067620A (en) * | 2018-09-27 | 2018-12-21 | 深圳壹账通智能科技有限公司 | The monitoring method and device of gateway |
| CN109067546A (en) * | 2018-09-19 | 2018-12-21 | 杭州数梦工场科技有限公司 | A kind of method, apparatus, equipment and computer storage medium managing safety certificate |
| CN109669410A (en) * | 2018-12-17 | 2019-04-23 | 积成电子股份有限公司 | Communication main management machine electoral machinery based on multi-source information |
| CN109815019A (en) * | 2019-02-03 | 2019-05-28 | 普信恒业科技发展(北京)有限公司 | Method for scheduling task, device, electronic equipment and readable storage medium storing program for executing |
| CN110233875A (en) * | 2019-05-10 | 2019-09-13 | 厦门网宿有限公司 | A kind of data processing method, object storage gateway pond and operation system |
| CN113572591A (en) * | 2020-04-28 | 2021-10-29 | 北京科东电力控制系统有限责任公司 | Real-time high-concurrency safety access device and access method for intelligent energy service system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512729A (en) * | 2002-12-31 | 2004-07-14 | 联想(北京)有限公司 | Method for network equipment self adaption load equalization |
| CN1722664A (en) * | 2004-07-13 | 2006-01-18 | 联想网御科技(北京)有限公司 | Method for realizing high-usability of network security equipment under cluster mode |
| CN1725702A (en) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
| CN101729573A (en) * | 2009-12-18 | 2010-06-09 | 四川长虹电器股份有限公司 | Dynamic load balancing method of network intrusion detection |
-
2010
- 2010-08-26 CN CN2010102633585A patent/CN101909067A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512729A (en) * | 2002-12-31 | 2004-07-14 | 联想(北京)有限公司 | Method for network equipment self adaption load equalization |
| CN1722664A (en) * | 2004-07-13 | 2006-01-18 | 联想网御科技(北京)有限公司 | Method for realizing high-usability of network security equipment under cluster mode |
| CN1725702A (en) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | Network safety equipment and assemblied system and method for implementing high availability |
| CN101729573A (en) * | 2009-12-18 | 2010-06-09 | 四川长虹电器股份有限公司 | Dynamic load balancing method of network intrusion detection |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724142B (en) * | 2011-06-03 | 2015-07-15 | 北京天地互连信息技术有限公司 | Gateway level determination method supporting IPv6 and gateway having robustness |
| CN102724142A (en) * | 2011-06-03 | 2012-10-10 | 北京天地互连信息技术有限公司 | Gateway level determination method supporting IPv6 and gateway having robustness |
| CN103514407B (en) * | 2013-09-16 | 2019-02-22 | 北京电视台 | The virus method and system of the audio-video document of production net are transferred to from Office Network |
| CN103514407A (en) * | 2013-09-16 | 2014-01-15 | 北京电视台 | Method and system for killing viruses of audio/video files transmitted from office network to production network |
| CN104243487A (en) * | 2014-09-28 | 2014-12-24 | 网神信息技术(北京)股份有限公司 | Rule matching method and rule matching device of security gateway |
| CN104363136A (en) * | 2014-11-07 | 2015-02-18 | 网神信息技术(北京)股份有限公司 | Security gateway device testing method and device |
| CN106130898A (en) * | 2016-08-29 | 2016-11-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of virtual flow-line link support method and device |
| CN106130898B (en) * | 2016-08-29 | 2019-11-19 | 北京神州绿盟信息安全科技股份有限公司 | A kind of virtual flow-line link support method and device |
| CN108092971A (en) * | 2017-12-13 | 2018-05-29 | 新华三信息安全技术有限公司 | A kind of method and device of processing business message |
| CN109067546A (en) * | 2018-09-19 | 2018-12-21 | 杭州数梦工场科技有限公司 | A kind of method, apparatus, equipment and computer storage medium managing safety certificate |
| CN109067546B (en) * | 2018-09-19 | 2019-06-21 | 杭州数梦工场科技有限公司 | A kind of method, apparatus, equipment and computer storage medium managing safety certificate |
| CN109067620A (en) * | 2018-09-27 | 2018-12-21 | 深圳壹账通智能科技有限公司 | The monitoring method and device of gateway |
| CN109669410A (en) * | 2018-12-17 | 2019-04-23 | 积成电子股份有限公司 | Communication main management machine electoral machinery based on multi-source information |
| CN109815019A (en) * | 2019-02-03 | 2019-05-28 | 普信恒业科技发展(北京)有限公司 | Method for scheduling task, device, electronic equipment and readable storage medium storing program for executing |
| CN109815019B (en) * | 2019-02-03 | 2021-06-15 | 普信恒业科技发展(北京)有限公司 | Task scheduling method and device, electronic equipment and readable storage medium |
| CN110233875A (en) * | 2019-05-10 | 2019-09-13 | 厦门网宿有限公司 | A kind of data processing method, object storage gateway pond and operation system |
| CN113572591A (en) * | 2020-04-28 | 2021-10-29 | 北京科东电力控制系统有限责任公司 | Real-time high-concurrency safety access device and access method for intelligent energy service system |
| CN113572591B (en) * | 2020-04-28 | 2023-09-29 | 北京科东电力控制系统有限责任公司 | Real-time high concurrency safety access device and access method for intelligent energy service system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101909067A (en) | Antivirus method and system for secure gateway cluster | |
| CN104488238B (en) | The system and method controlled for cluster link aggregation in network environment | |
| CN103236949B (en) | Monitoring method, device and the system of a kind of server cluster | |
| CN105721318B (en) | The method and apparatus of network topology are found in a kind of software defined network SDN | |
| CN103944746B (en) | A kind of method and device of two-node cluster hot backup | |
| CN104506513B (en) | Fire wall flow table backup method, fire wall and firewall system | |
| CN101060485B (en) | Topology changed messages processing method and processing device | |
| CN105141571A (en) | Distributed virtual firewall device and method | |
| CN105656715B (en) | Method and apparatus for monitoring the state of cloud computing environment lower network equipment | |
| CN101557343B (en) | Detecting and protecting method of double-layer loop in VRRP topological network | |
| CN104104570A (en) | Aggregation processing method in IRF (Intelligent Resilient Framework) system and device | |
| CN110808873B (en) | Method and device for detecting link failure | |
| CN104518936B (en) | Link dynamic aggregation method and apparatus | |
| CN104320311A (en) | Heartbeat detection method of SCADA distribution type platform | |
| CN104243239B (en) | The condition detection method and device of controller in a kind of SDN clusters | |
| CN102821050A (en) | Processing method for applying rapid spanning tree protocol to monocyclic network topology | |
| CN103227725A (en) | Method and device for dual-server backup of firewall | |
| CN103607293B (en) | A kind of flow rate protecting method and equipment | |
| CN103634131B (en) | One kind virtualization network equipment inter-connection links detection method and equipment | |
| CN102387218A (en) | Multimachine hot standby load balance system for computer | |
| CN103825834B (en) | The method and network-switching equipment of flow load sharing are adjusted in a kind of EVI | |
| CN105516292A (en) | Hot standby method of cloud platform of intelligent substation | |
| CN102970157A (en) | Link failure processing method, intelligent resilient framework (IRF) member device and data communication device | |
| CN102387028A (en) | Network system, network management server, and OAM test method | |
| CN100521603C (en) | Method for realizing high-usability of network security equipment under cluster mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101208 |