CN109600396A - Realize the firewall system of highly reliable safety - Google Patents

Realize the firewall system of highly reliable safety Download PDF

Info

Publication number
CN109600396A
CN109600396A CN201910063269.7A CN201910063269A CN109600396A CN 109600396 A CN109600396 A CN 109600396A CN 201910063269 A CN201910063269 A CN 201910063269A CN 109600396 A CN109600396 A CN 109600396A
Authority
CN
China
Prior art keywords
firewall
sub
business
highly reliable
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910063269.7A
Other languages
Chinese (zh)
Inventor
田春丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Andian Science And Technology Co Ltd
Original Assignee
Zhejiang Andian Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Andian Science And Technology Co Ltd filed Critical Zhejiang Andian Science And Technology Co Ltd
Priority to CN201910063269.7A priority Critical patent/CN109600396A/en
Publication of CN109600396A publication Critical patent/CN109600396A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of firewall systems for realizing highly reliable safety, the sub- firewall of management and the sub- firewall of at least two business including being configured on a physical equipment;Physical equipment has multicore cpu;Every sub- firewall is individually bound with cpu core, and mutual process is run alone;Each sub- firewall of business is connect with sub- firewall is managed, and enables process processing business, and pass in and out according to the data packet of preset safety detection tree control business;Sub- firewall is managed, the sub- firewall of each business is managed by heartbeat mechanism;When the CPU usage for monitoring the sub- firewall of some business is higher than first threshold, the process scheduling of the sub- firewall of the business to CPU usage is lower than in the sub- firewall of business of second threshold and is run.The present invention can save the up-front investment and follow-up maintenance cost of user under the premise of solving user demand, reduce the wasting of resources.

Description

Realize the firewall system of highly reliable safety
Technical field
Invention is related to firewall technology field more particularly to a kind of firewall system for realizing highly reliable safety.
Background technique
Firewall is the first line of defence of system, and effect is the entrance for preventing illegal user.In industrial environment, to string Stability, robustness and the requirement of safety for joining equipment in a network are very high, thus to being deployed in industrial network Firewall have more requirements.
Tradition is one firewall system of deployment on a physical equipment, and with individual process or the operation shape of multiple processes State mode will lead to service disconnection once bursting because device software bug or external attack cause firewall system to be run quickly.Furthermore not Same service feature, the requirement to safety is also different, so the requirement to firewall security processing is also different.Tradition improves net Network robustness, the method for reducing service disconnection probability are two-node cluster hot backup or multimachine deployment.And solve the logical of different business safety It is the different safety equipment of deployment with way.This mode drawback is: needs disposably buy two or more firewalls, right It is not high in service traffics bandwidth and under the diversified application scenarios of business, will cause the wasting of resources;And networking and management service Complexity, once backup not in time, also results in problem of service interruption, furthermore to network management personnel requirement between two physics fire walls Also higher.
Therefore, bandwidth is needed in user it is not high, and to anti-the case where business further flexibility and in the networks such as industry Wall with flues equipment requirement high stable, reliability application demand, the early investment as caused by current solution is big and dimension It protects at high cost, and will cause the wasting of resources.
Summary of the invention
The firewall system for the highly reliable safety of realization that invention provides, main purpose is to overcome existing by solving at present Certainly early investment caused by scheme greatly and maintenance cost height, and the problem of will cause the wasting of resources.
In order to solve the above technical problems, invention adopts the following technical scheme that
A kind of firewall system for realizing highly reliable safety, including the management fire prevention being configured on a physical equipment Wall and the sub- firewall of at least two business;The physical equipment has multicore cpu;
Every sub- firewall is individually bound with cpu core, and mutual process is run alone;
Each sub- firewall of the business connect with the sub- firewall of management, enables process processing business, and according to pre- If safety detection tree control business data packet disengaging;
The sub- firewall of management, is managed the sub- firewall of each business by heartbeat mechanism;Monitoring some It is when the CPU usage of the sub- firewall of business is higher than first threshold, the process scheduling of the sub- firewall of the business is low to CPU usage It is run in the sub- firewall of business of second threshold.
As an embodiment, the sub- firewall of management is also used to, and is run quickly monitoring the sub- firewall of some business When bursting, the process scheduling of the sub- firewall of the business to CPU usage is lower than in the sub- firewall of business of second threshold and is run.
As an embodiment, the safety detection tree is by the safety regulation with every sub- firewall processes configuration Compiling creates in memory.
As an embodiment, the sub- firewall of business described in every two forms a backup group;Industry in backup group Sub- firewall be engaged in using identical safety detection tree.
As an embodiment, in a backup group, each sub- firewall of business will create shared drive use In the corresponding forwarding table data of storage.
As an embodiment, the forwarding table data include routing table, arp table and conversational list.
As an embodiment, the sub- firewall of the business includes the first protection firewall, the second protection firewall And third protects firewall;
The first protection firewall, connect with the network interface card of industrial message;
The second protection firewall, connect with the network interface card of database;
The third protects firewall, connect with the network interface card of enterprise office online.
As an embodiment, the first protection firewall is the firewall of backup group.
As an embodiment, the sub- firewall of management, connect with the network interface card of management message.
Compared with prior art, the technical program has the advantage that
The firewall system for the highly reliable safety of realization that invention provides, on a physical equipment, by configuring outlet pipe Sub- firewall and the sub- firewall of at least two business are managed, and physical equipment has multicore cpu;Every sub- firewall individually with Cpu core is bound, and mutual process is run alone;The sub- firewall of each business is carried out by managing sub- firewall Management;When the CPU usage for monitoring the sub- firewall of some business is higher than first threshold, by the process of the sub- firewall of the business Be dispatched to CPU usage lower than second threshold the sub- firewall of business in run.To make full use of multicore cpu in physical equipment The sub- firewall of resource matching management and the sub- firewall of at least two business, need not high, and business to meet user to bandwidth In the networks such as the case where further flexibility and industry to firewall box require high stable, reliability application need It asks, and saves the up-front investment and follow-up maintenance cost of user, reduce the wasting of resources.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of the firewall system for the highly reliable safety of realization that inventive embodiments one provide.
In figure: 1, managing sub- firewall;2, the sub- firewall of business.
Specific embodiment
Below in conjunction with attached drawing, the technical characteristic and advantage of inventing above-mentioned and other are clearly and completely described, shown So, described embodiment is only the section Example invented, rather than whole embodiments.
Referring to Fig. 1, the firewall system for the highly reliable safety of realization that inventive embodiments one provide, including it is configured at one The sub- firewall 1 of management and the sub- firewall 2 of at least two business on platform physical equipment;Physical equipment has multicore cpu;
Every sub- firewall is individually bound with cpu core, and mutual process is run alone;
Each sub- firewall 2 of business connect with sub- firewall 1 is managed, enables process processing business, and according to preset peace Full inspection surveys the data packet disengaging of tree control business;
Sub- firewall 1 is managed, the sub- firewall of each business 2 is managed by heartbeat mechanism;Monitoring some industry Be engaged in sub- firewall 2 CPU usage be higher than first threshold when, the process scheduling of the sub- firewall 2 of the business is low to CPU usage It is run in the sub- firewall 2 of business of second threshold.
It should be noted that the present invention makes full use of the resource of a physical equipment multicore cpu, on a physical equipment The system of multiple sub- firewalls is set, every sub- firewall system opens one or more processes, using the compatibility of cpu, into Journey is bound with cpu core.Every sub- firewall is independent process business, on the whole from outside, every sub- firewall system System is similar to a traditional physics fire wall system, i.e., process isolation between sub- firewall system, memory isolation, safety regulation Isolation, network layer isolation.Here sub- firewall includes managing sub- firewall 1 and the sub- firewall 2 of at least two business.Management Also it is isolated between firewall 1 and the sub- firewall 2 of business, different safety detection trees is used between them.To improve safety.
That is, multiple sub- firewalls are fictionalized on the physical equipment of a multicore cpu framework, every sub- firewall It can bring as a true firewall and use.One of them sub- firewall does not run business, is specifically used to as management Sub- firewall 1.Its minor firewall is used to run business, as the sub- firewall 2 of business;Each sub- firewall 2 of business has oneself solely Vertical process carrys out processing business.It manages sub- firewall 1 and is specifically used to the sub- firewall 2 of all business of monitoring management, carry out unified money Source scheduling;To the multicore cpu resource of a physical equipment;Sub- firewall 1 and the fire prevention of multiple business are managed by being created that Wall 2, for the protection of effective safety detection and high stable high-performance fire-resistant wall, thus in the premise for sufficiently solving customer demand Under, save the up-front investment and follow-up maintenance cost of user.
It managing sub- firewall 1 and manages the sub- firewall 2 of all business, it possesses the relevant information of the sub- firewall 2 of all business, Relevant information may include the receiving queue and transmit queue of the correspondence network interface card of each sub- firewall 2 of business;Each business is anti- Which industry are contained in each backup group for the information of 2 backup group of wall with flues, i.e., how many backup group on entire firewall system It is engaged in sub- firewall 2, the cpu that each sub- firewall 2 of business uses;The information of the process run on each sub- firewall 2 of business;Often A sub- firewall 2 of business forwarding table data used in shared drive, forwarding table data include routing table, arp table and meeting Talk about the related datas such as table.Managing sub- firewall 1 is to monitor cpu and process by heartbeat mechanism, to obtain each business in real time The operating status of firewall 2, to carry out unified resource scheduling.
On a physical equipment, by configuring the sub- firewall 1 of management and the sub- firewall 2 of at least two business, and object Managing equipment has multicore cpu;Every sub- firewall is individually bound with cpu core, and mutual process is run alone; The sub- firewall of each business 2 is managed by managing sub- firewall 1;Make in the CPU for monitoring the sub- firewall 2 of some business Business when being higher than first threshold with rate, by the process scheduling of the sub- firewall 2 of the business to CPU usage lower than second threshold It is run in firewall 2.To make full use of the sub- firewall 1 and at least two of the resource matching management of multicore cpu in physical equipment The sub- firewall 2 of business, needed with to meet user to bandwidth it is not high, and the case where business further flexibility and in the networks such as industry Demand to the application of firewall box requirement high stable, reliability, and save the up-front investment and follow-up maintenance of user Cost reduces the wasting of resources.
In an embodiment, unified resource scheduling can be, in the CPU usage for monitoring the sub- firewall 2 of some business When higher than first threshold, business by the process scheduling of the sub- firewall 2 of the business to CPU usage lower than second threshold is prevented fires It is run in wall 2.It is also possible to the process scheduling of the sub- firewall 2 of the business to CPU usage lower than second threshold, and CPU makes It is run in the sub- firewall 2 of the minimum business of rate.Specifically: it manages and opens a process on sub- firewall 1 as monitoring process, For monitoring the operating status of cpu used in sub- 2 process of firewall of each business, i.e. cpu utilization rate.Cpu utilization rate is higher than the When one threshold value, illustrate sub- 2 heavy traffic of firewall of business using this cpu;When cpu utilization rate is lower than second threshold, explanation makes It is idle with sub- 2 business of firewall of the business of this cpu;To judge the operation shape of the sub- firewall 2 of business by cpu service condition State.First threshold and second threshold can be different, and first threshold is bigger than second threshold.First threshold and second threshold It can be identical.In this present embodiment, it to this and is not limited.Once the CPU for monitoring the sub- firewall 2 of some business makes Business when being higher than first threshold with rate, by the process scheduling of the sub- firewall 2 of the business to CPU usage lower than second threshold It is run in firewall 2, to improve the stability and reliability of operation.
In another embodiment, monitor the sub- firewall 2 of some business run quickly burst when, by the business sub- firewall 2 into Journey be dispatched to CPU usage lower than second threshold the sub- firewall 2 of business in run.It is also possible to the sub- firewall 2 of the business Process scheduling be lower than second threshold to CPU usage, and run in the minimum sub- firewall 2 of business of CPU usage.Management Monitoring process on firewall 1 can periodically send out heartbeat probe messages to the process run on the sub- firewall 2 of each business.If management Sub- firewall 1 can receive the heartbeat message of sub- 2 process of firewall of business sent within the expeced time being previously set, then illustrate Sub- 2 operational excellence of firewall of this business;Otherwise illustrate that sub- 2 process of the firewall collapse of this business namely the sub- firewall 2 of business are collapsed It bursts.For example, bursting because external attack or software bug cause a sub- firewall system to be run quickly;As the prison managed on sub- firewall 1 Control process can perceive to obtain at once because of that cannot receive heartbeat message on time, thus the current all fortune learnt by monitoring The cpu service condition of the normal sub- firewall 2 of business of row is in time adjusted the business run on the routed sub- firewall 2 of that business of running quickly It spends on the sub- firewall 2 of the minimum business of current cpu utilization rate.Specifically, it is exactly first looked in the sub- firewall 2 of all business Sub- 2 system of firewall of the minimum business of current cpu occupancy out, it is assumed that the minimum sub- firewall 2 of business of current cpu occupancy is remembered For the sub- firewall 2 of business, sub- firewall 1 is then managed to the sub- firewall 2 of business and sends out a message, referred to as service take-over notice disappears Breath;It include the receiving queue and transmit queue of the network interface card for the sub- firewall 2 of business taken in this adapter tube notification message, and by The sub- firewall 2 of the business of adapter tube forwarding table data used in shared drive (including arp table, routing table and conversational list).
The present invention is compared to two-shipper or multi-computer back-up, the speed of service take-over scheduling faster, each sub- firewall 2 of business it Between business do not perceive.In addition, different data source, data characteristics is different for firewall, to security protection requirement Difference, safe and applicable safety regulation are also different.And safety detection tree is by the safety with every sub- firewall processes configuration Rule compiles creation in memory.That is safety detection tree is one generated in memory according to firewall security rule Kind binary tree, so that safety detection tree is also different.In general, a safety detection tree is created on a sub- firewall, especially Integrated safe strategy is using even more so on second generation firewall.Different business models, security strategy emphasis is different, The safety detection tree that compiling creation generates is also different.So the sub- firewall 2 of business that different business uses is different.
In this present embodiment, the sub- firewall 2 of every two business forms a backup group;The sub- firewall of business in backup group 2 use identical safety detection tree.Of course, it is possible to form a backup group by the sub- firewall 2 of multiple business.Using backup group, It can be further improved network stabilization and reliability, as shown in Figure 1, the sub- firewall A of business and the sub- firewall B composition one of business A backup group.The configuration of each sub- firewall 2 of business is the same in backup group, i.e., the same security strategy rule configuration.Often A sub- firewall 2 of business compiles the safety detection tree for generating oneself according to the safety regulation of configuration in the memory of oneself, then Safety detection tree in backup group on the sub- firewall 2 of all business is the same.In addition, each sub- firewall 2 of business makes Forwarding table data are placed on shared drive, i.e., by creation shared drive, the sub- forwarding of firewall 2 of business in backup group is needed Routing table, arp table and conversational list be all placed in shared drive.And each sub- firewall 2 of business creates alone oneself Table exclusively enjoys respective routing table, arp table and conversational list.Firewall packet receiving forward when be look into routing forwarding, so need using Routing table and arp table, subsequent packet are circulation hairs, look into conversational list forwarding.And conversational list is in firewall first packet by preventing It is created after wall with flues safety detection, for specifying subsequent packet to forward.
Under normal circumstances, the sub- firewall 2 of each business takes message, analytic message from the network interface card receiving queue of oneself.It is right For first packet, safety detection is first carried out: message being detected using safety detection tree in the memory of oneself, generate conversational list It is placed in shared drive in the conversational list of oneself.Message is put into oneself corresponding network interface card transmit queue by tabling look-up by message later In.For non-first packet message, go to look into correlation table in shared drive.So under normal circumstances, each sub- firewall respectively runs respective industry Business, respectively searches the table of oneself, uses a table compared to shared, does not need using lock, since table separates, searches effect to improve Rate.
In backup group, burst when monitoring that the sub- 2 generation process of firewall of some business is run quickly, it can be by the sub- firewall of the business 2 traffic scheduling is run in another sub- firewall 2 of business into backup group.When the sub- firewall 2 of some business occurs in backup group Process, which is run quickly, bursts.For example, the sub- firewall A of business breaks down, process, which is run quickly, bursts, and the sub- firewall B of business in backup group takes at once The business of the sub- firewall A of business.Detailed process: process collapse occurs for the sub- firewall A mono- of business, manages sub- firewall 1 and passes through the heart Jump mechanism can perceive to obtain at once, the cpu service condition for the sub- firewall 2 of each business in backup group that then basis monitors, The notr busy sub- firewall of current cpu is found out, the business for that the sub- firewall for then notifying it that adapter tube is gone to break down.I.e. It manages the sub- firewall B of sub- 1 notice business of firewall and does two pieces thing: first, go connecing for the sub- corresponding network interface card of firewall A of business It receives in queue and takes message, that is, go in the receiving queue of network interface card 1 and network interface card 2 that message is taken to be handled.It needs to table look-up when forwarding, go altogether The related forwarding table for looking into the sub- firewall A of business in memory is enjoyed, when needing to do safety detection, it is existing that the sub- firewall B of business can be used At safety detection rule tree carry out a series of detections;Second, each forwarding table data (meeting of the sub- firewall A of adapter tube maintenance service Talk about table/routing table/arp table).
For expanded application scene, when carrying out safety detection for different business models, the sub- firewall 2 of business includes the One protection firewall, the second protection firewall and third protect firewall;First protection firewall, the network interface card with industrial message Connection;Second protection firewall, connect with the network interface card of database;Third protects firewall, the network interface card company for online of handling official business with enterprise It connects.Sub- firewall 1 is managed, is connect with the network interface card of management message.First protection firewall can be the firewall of backup group.Yu Qi In his embodiment, second protection firewall and third protection firewall may be backup group firewall.
For example, on same physical equipment, two business are anti-when carrying out safety detection for different business models Wall with flues 2 is used as a backup group, and the as first protection firewall is used for industrial network data processing for connecing industrial network;This The outer sub- firewall 2 of a business is used for database firewall;As second protection firewall is dedicated for database protection;Also One third protection firewall is used for enterprise network firewall gateway for connecing office network.There are three types of firewall roles altogether, this three The type of service run on kind firewall is different, and applicable safety regulation is different.For example, firewall is mainly run in industrial network Industrial protocol message, security protection rule is primarily directed to public network network hole and virus and attack.Database firewall It is mainly used for the protection of database, the business run thereon is mainly various database protocols, and security protection rule is for number It steals secret information according to the loophole in library and attack and data.It is the various Message processings of general employee's online on enterprise network firewall, Security protection rule and first two are also different.
Although invention has been described by way of example and in terms of the preferred embodiments, it is not for limiting invention, any art technology Personnel may be by the methods and technical content of the disclosure above to inventive technique side in the spirit and scope for not departing from invention Case makes possible variation and modification, therefore, all contents without departing from inventive technique scheme, the technical spirit pair according to invention Any simple modifications, equivalents, and modifications made by above embodiments belong to the protection scope of inventive technique scheme.

Claims (9)

1. a kind of firewall system for realizing highly reliable safety, which is characterized in that including being configured on a physical equipment Manage sub- firewall and the sub- firewall of at least two business;The physical equipment has multicore cpu;
Every sub- firewall is individually bound with cpu core, and mutual process is run alone;
Each sub- firewall of the business connect with the sub- firewall of management, enables process processing business, and according to preset The data packet of safety detection tree control business passes in and out;
The sub- firewall of management, is managed the sub- firewall of each business by heartbeat mechanism;Monitoring some business When the CPU usage of sub- firewall is higher than first threshold, the process scheduling of the sub- firewall of the business to CPU usage is lower than the It is run in the sub- firewall of the business of two threshold values.
2. realizing the firewall system of highly reliable safety as described in claim 1, which is characterized in that the management fire prevention Wall is also used to, monitor the sub- firewall of some business run quickly burst when, by the process scheduling of the sub- firewall of the business to CPU usage Lower than being run in the sub- firewall of the business of second threshold.
3. realizing the firewall system of highly reliable safety as described in claim 1, which is characterized in that the safety detection tree It is by compiling creation in memory with the safety regulation of every sub- firewall processes configuration.
4. realizing the firewall system of highly reliable safety as claimed in claim 3, which is characterized in that business described in every two Sub- firewall forms a backup group;The sub- firewall of business in backup group uses identical safety detection tree.
5. realizing the firewall system of highly reliable safety as claimed in claim 4, which is characterized in that in a backup group In, each sub- firewall of business will create shared drive for storing corresponding forwarding table data.
6. realizing the firewall system of highly reliable safety as claimed in claim 5, which is characterized in that the forwarding table data Including routing table, arp table and conversational list.
7. realizing the firewall system of highly reliable safety as described in claim 1, which is characterized in that the business fire prevention Wall includes that the first protection firewall, the second protection firewall and third protect firewall;
The first protection firewall, connect with the network interface card of industrial message;
The second protection firewall, connect with the network interface card of database;
The third protects firewall, connect with the network interface card of enterprise office online.
8. realizing the firewall system of highly reliable safety as claimed in claim 7, which is characterized in that first protection is anti- Wall with flues is the firewall of backup group.
9. realizing the firewall system of highly reliable safety as described in claim 1, which is characterized in that the management fire prevention Wall is connect with the network interface card of management message.
CN201910063269.7A 2019-01-23 2019-01-23 Realize the firewall system of highly reliable safety Pending CN109600396A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910063269.7A CN109600396A (en) 2019-01-23 2019-01-23 Realize the firewall system of highly reliable safety

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910063269.7A CN109600396A (en) 2019-01-23 2019-01-23 Realize the firewall system of highly reliable safety

Publications (1)

Publication Number Publication Date
CN109600396A true CN109600396A (en) 2019-04-09

Family

ID=65964702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910063269.7A Pending CN109600396A (en) 2019-01-23 2019-01-23 Realize the firewall system of highly reliable safety

Country Status (1)

Country Link
CN (1) CN109600396A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102629217A (en) * 2012-03-07 2012-08-08 汉柏科技有限公司 Network equipment with multi-process multi-operation system and control method thereof
CN103514043A (en) * 2012-06-29 2014-01-15 华为技术有限公司 Multi-processor system and data processing method thereof
CN104460934A (en) * 2013-09-13 2015-03-25 华为终端有限公司 Scheduling method and device for multi central processing units (CPU)
CN104809026A (en) * 2015-05-14 2015-07-29 苏州中晟宏芯信息科技有限公司 Method for borrowing CPU computing resources by using remote node
CN104869016A (en) * 2015-04-28 2015-08-26 杭州华三通信技术有限公司 Method and equipment for transmitting data message
CN106897132A (en) * 2017-02-27 2017-06-27 郑州云海信息技术有限公司 The method and device of a kind of server task scheduling
US20180129525A1 (en) * 2016-11-09 2018-05-10 Samsung Electronics Co., Ltd. Computing system for securely executing a secure application in a rich execution environment
CN108307206A (en) * 2017-12-25 2018-07-20 北京奇艺世纪科技有限公司 A kind of distribution method and device of live streaming encoding tasks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102629217A (en) * 2012-03-07 2012-08-08 汉柏科技有限公司 Network equipment with multi-process multi-operation system and control method thereof
CN103514043A (en) * 2012-06-29 2014-01-15 华为技术有限公司 Multi-processor system and data processing method thereof
CN104460934A (en) * 2013-09-13 2015-03-25 华为终端有限公司 Scheduling method and device for multi central processing units (CPU)
CN104869016A (en) * 2015-04-28 2015-08-26 杭州华三通信技术有限公司 Method and equipment for transmitting data message
CN104809026A (en) * 2015-05-14 2015-07-29 苏州中晟宏芯信息科技有限公司 Method for borrowing CPU computing resources by using remote node
US20180129525A1 (en) * 2016-11-09 2018-05-10 Samsung Electronics Co., Ltd. Computing system for securely executing a secure application in a rich execution environment
CN106897132A (en) * 2017-02-27 2017-06-27 郑州云海信息技术有限公司 The method and device of a kind of server task scheduling
CN108307206A (en) * 2017-12-25 2018-07-20 北京奇艺世纪科技有限公司 A kind of distribution method and device of live streaming encoding tasks

Similar Documents

Publication Publication Date Title
CN102624584B (en) Chain circuit detecting method and device
CN107426206A (en) A kind of protector and method to web server
CN103858382B (en) The method and apparatus shared for the application state that Firewall Group is concentrated
CN104272654B (en) For the adaptive method and apparatus quickly started in link aggregation
CN104506513B (en) Fire wall flow table backup method, fire wall and firewall system
CN104113428B (en) A kind of equipment management device and method
CN103959712B (en) Time control in large-scale firewall cluster
CN107566508A (en) A kind of short message micro services system for automating O&M
CN108055270B (en) Network security cooperative defense method
US11095476B2 (en) Spanning tree protocol enabled n-node link aggregation system
CN109981587A (en) A kind of network security monitoring traceability system based on APT attack
WO2017080161A1 (en) Alarm information processing method and device in cloud computing
CN109391691A (en) The restoration methods and relevant apparatus that NAS is serviced under a kind of single node failure
CN110636086A (en) Network protection test method and device
US11889244B2 (en) Passive optical network for utility infrastructure resiliency
US9122546B1 (en) Rapid processing of event notifications
CN105245336B (en) A kind of file encryption management system
CN108234305A (en) A kind of control method and equipment of across machine frame link redundancy protection
CN103888310B (en) Monitor processing method and system
CN109600396A (en) Realize the firewall system of highly reliable safety
CN109743316A (en) Data transmission method, egress router, firewall and dual stage firewall system
CN104717188A (en) Asset object security protection system and method in industrial control firewall
Zhong et al. Dynamic lines of collaboration in CPS disruption response
CN115242839B (en) Method and device for cascade data transmission of Internet of things, electronic equipment and storage medium
CN210444303U (en) Network protection test system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190409

RJ01 Rejection of invention patent application after publication