CN1469253A - Monodirectional message transmission system for virtual network - Google Patents
Monodirectional message transmission system for virtual network Download PDFInfo
- Publication number
- CN1469253A CN1469253A CNA021242860A CN02124286A CN1469253A CN 1469253 A CN1469253 A CN 1469253A CN A021242860 A CNA021242860 A CN A021242860A CN 02124286 A CN02124286 A CN 02124286A CN 1469253 A CN1469253 A CN 1469253A
- Authority
- CN
- China
- Prior art keywords
- vlan
- address
- monodirectional
- message transmission
- virtual network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The mono-directional message transmission system for virtual network may contain several VLAN comprising server, exchanger and computers. There are always over 30 VLANs combined and partitioned via IP addresses, MAC addresses and exchanger ports to determine their authority and exchange direction. In available VLAN scheme without router being used, the present invention avoids the invasion and damage via route to reach safety, reliability and security.
Description
Technical field
The present invention relates to the information transmission of Virtual Local Area Network, exactly is the system of control information one-way transmission.Be highly suitable for technology development center, research institution, need the strict unit that externally maintains secrecy.
Background technology
Continuous expansion along with the computer utility scope, function constantly strengthens, more because the transmission of its information, the convenience of handling, fast, and can form the network of wide-scale distribution information, make it become our routine work gradually, the part of life, but along with development of computer, safety problem seems and becomes more and more important, many unique people often utilize the leak of network that computer system is attacked, to be objective, can avoid safe puzzlement without any a network, according to the statistics that Financial Times once did, just have a network to be invaded average per 20 seconds.The assailant can pass through the multiple connection invasion of networks such as ICP/IP protocol, Web website, carries out activities such as Data Theft, destruction, and these behaviors are regardless of having a mind to or unintentionally, often bringing very big loss to the user.Therefore reliable computer system, it is very important that its security performance seems, at present effectively and the secured fashion that often adopts for everybody be fire wall is set, utilizes security strategies such as the user right of Windows 2000 systems is provided with to control.
Fire wall is by application software that network is set or hardware, avoids common mode harmful and that dangerous visit is taked.Briefly, fire wall is checked all through its information, which internal services fire wall can determine extraneous to visit, extraneous who can be visited which inner service etc., the data that fire wall only allows to authorize are passed through, and cooperate security strategy to use, if there is not comprehensive security strategy, fire wall only limits to the antivirus protection measure and just performs practically no function.The senior relatively more concealed virus of new form is difficult to defence, and fire wall is not omnipotent, a lot of quite high operators (for example hacker or assailant) of computer level can avoid fire wall effectively by multiple channel, or can cheat fire wall, thereby enter into computer system smoothly, simultaneously, also have illegal user, delinquent's problem, cause information resources, data to run off, in addition destroyed.
So, for maintaining secrecy of each user-to-user information, in Windows 2000 products that Microsoft releases, the security strategy of authority that can be by the user is set is controlled, intercept outside illegally entering, its way is that LAN (Local Area Network) inside is each other by being provided with user's authority, realize the communication of part, this control is to be provided with in client, and it is to do blocking-up from Control Software merely, can not prevent that hacker or invador that level is very high from entering, and its security password can leak by mode such as informing, perhaps use default setting to allow other people obtain unnecessary authority, still can carry out illegal unallowed interchange, can't avoid the loss of user profile fully, confidentiality still has very big leak, can't satisfy for example research institute, development centres etc. are to the demand for security of the unit of security requirements strictness, because the common requirement of above-mentioned unit is that the Developmental Engineer is except that the process permission, do not allow to carry out lateral communication, especially the exchange of technology between the different seminars, but it can exchange with the upper-level leader.
For this reason, a kind of new local area network technology--Virtual Local Area Network can partly address the above problem.In the LAN (Local Area Network), Internet resources are that everybody shares, and external connection relies on router.And router is in important status, by router, realizes the contact with foreign countries and the information transmission of variety of way.Based on above-mentioned thinking, a kind of virtual local area network technology (VLAN Virtual Local Area Network) is arisen at the historic moment.Its objective is a big LAN (Local Area Network) is divided into some little virtual subnets, make each subnet all become an independent broadcast domain, communication between the subnet must be passed through routing device, VLAN is after dividing on the switch like this, equipment between the different VLAN is as physically having been cut apart, can not consider user's geographic position, according to function, factors such as application with the user from being divided into the network of function opposite independent one by one in logic, each subscriber's main station all is connected on the switch of a supported vlans, and belong to a VLAN, member among the same VLAN shares broadcasting, form a broadcast domain, and broadcast message is to isolate mutually between the different VLAN.Simultaneously, between different VLAN, information is in confidential state.Therefore, can utilize the division of different VLAN to reach the problem of forbidding lateral communication.
But for research institute or development centre and other unit that need hold in close confidence, the setting of its LAN (Local Area Network) normally independently, be connected with extraneous by router, the safe guarantee that is set to of router has stayed hidden danger, its reason still is similar and above-mentioned situation, the invador can illegally enter into each VLAN by router, theft data and technical information, even destroy data and technical information.And the VLAN that does not have router is considered to irrealizable usually, or even forbidden.
Therefore, providing a cover effective solution, is considerable for the safety problem that solves above-mentioned unit.
Summary of the invention
The problems referred to above, especially the aspect that is provided with about VLAN is in VLAN in the whole network connection and realizes, and bring corresponding shortcoming, for simple research institution or development centre or the strict unit that externally maintains secrecy of needs, what it was paid close attention to is reliability safe, that maintain secrecy, and its problem is local, microcosmic, if can be from the part, cast aside the idea that must be connected and the thinking of route, can solve safety problem well by VLAN with network.
The connection relationship of network for convenience of explanation, with VLAN according to its application and rank be divided into the supvr with by the supvr, the supvr can be divided into ranks such as A, B, C, D according to its range of application and authority according to actual conditions, to confirm its authority and priority level.Minimum VLAN unit is by the supvr, and generally speaking, for convenient management, each VLAN is by the supvr.The supvr of its immediate superior is D level supvr, and the upper management person of D level is C level supvr, can according to circumstances the rest may be inferred, but for the setting of VLAN, and do not require and comprise all supervisory levels.Above-mentioned situation is a kind of for the description that situation may take place.
Based on above-mentioned analysis, the objective of the invention is to propose effective solution, utilize existing Virtual Local Area Network scheme, the use of cancellation router, avoid the invador to invade or destroy, make to reach security requirements safely and reliably by route.
Simultaneously, another object of the present invention provides a kind of Monodirectional message transmission system that is used for virtual network, and this system can avoid each minimum lateral communication of developing between the unit, makes it and can only carry out unidirectional exchanging with higher level's supvr.
Another object of the present invention is to make higher level's supvr can read the file of any one subordinate's computing machine, and supvr at the same level or can not be exchanged between the supvr.
The present invention is achieved in that
Actual conditions according to research institute or development centre, the Monodirectional message transmission system that is used for virtual network, it can comprise a plurality of VLAN, VLAN is made of server, switch and Duo Tai computing machine, VLAN is provided with the VLAN of common employing more than 30, divide with IP address, MAC Address and the combination of switch ports themselves cluster between each VLAN, to determine its authority and to exchange direction.
Concrete mode is that each minimum application units enjoys a VLAN, and be divided into an independently network segment according to the IP address, its upper management person adopts the automatic identification mode in IP address, share its subordinate by gerentocratic VLAN, and use and be provided with the distributing IP address automatically, above-mentioned IP address is divided in conjunction with the port of switch, make it to be connected and fixed, can only carry out unidirectional information interchange, make the supvr to exchange with its subordinate, and the supvr or by the supvr can not be laterally with supvr at the same level or exchanged between the supvr, same, forbidden by exchanging also between supvr and non-higher level's the supvr.
So-called minimum application units, be meant the machine units of like products being carried out same design, exploitation or management, it can be a PC, also can be the combination of multiple pc machine, they have same function and purposes limits, and have equal rights of using.
In the practical application, for each actual developer, deviser or supvr, its action does not repeat fully, preferably every PC is designed to a VLAN, the PC that has similar functions or application generally is provided with the workstation with management function, this workstation is enjoyed public port, can exchange with each above-mentioned VLAN, but can not carry out lateral communication between each VLAN.
Described VLAN can also divide by MAC Address simultaneously.Because MAC Address is globally unique, can fix authority and the application of every computing machine and VLAN by it.
Setting up of MAC Address is the hardware address according to every computing machine network interface card, with and the port that connected, on switch, increase its MAC Address, and specify the VLAN under it, determine that the safe condition of described port is static getting final product.
Above-mentioned concrete scheme be every computing machine as a VLAN, on server and PC workstation, it is carried out the IP address setting, gerentocratic IP address field uses automatically and is provided with, the computing machine of being managed is divided according to the IP address field; The computing machine of different stage is divided according to different IP address fields, and in conjunction with MAC Address, directly on server and switch it is provided with.
The division of described IP address, from the network segment 1, preceding 2 IP addresses of each network segment are all left server for, and other IP address assignment is given individual by the supvr.The best mode according to the address field appointment of the distribution of IP address is given each computing machine assigned ip address, and for two IP addresses reserving, one of them is to keep for the supvr, leaves server for for one and uses.
The division of above-mentioned IP address for the supvr, is provided with VLAN on its computing machine network interface card, and the IP address is not set, and in the IP address field shared of the computing machine of each gerentocratic computing machine and its management, first IP address field is that gerentocratic computing machine is reserved.
The required segmentation that is noted that above-mentioned IP address is to be provided with conveniently in order planning, unifiedly to be convenient to control, especially in order to obtain higher work efficiency; If the PC workstation is less, it is few to divide VLAN, and IP resource abundance also can adopt and be regardless of the network segment, the random mode of dividing, but necessarily can not cause the conflict of resource, and particularly among same VLAN, server, switch, and the difference setting of PC.
Described server, its port is crossed over each vlan port of sharing switch, about sharing of VLAN, focuses on the setting of its public port, performs the mark of IEEE 802.1Q.
And for server, only add VLAN, the IP address is not set.
Described network interface card, make server or special P C become the member of a plurality of VLAN simultaneously, must support the 802.1Q agreement of IEEE, to realize that different VIAN members finish mutual communication in the scope of server specified domain, the setting of network interface card is by planning and set the network segment and the address of IP, and adopt concrete IP to be provided with and the automatic mode that combines of discerning, for the supvr, be set to automatic identification, other the concrete IP that carries out is provided with, and the supvr can exchange with any one subordinate like this, simultaneously because the division of the network segment, make resource reasonably be cut apart, promptly improved efficient, can not clash again.
When a plurality of VLAN are positioned at same switch, can pass through the port forwarding information,, vlan trunking must be set in order to ensure unimpeded, the direct contact of VLAN, i.e. VLANTrunking, the agreement of describing vlan trunking is IEEE 802.1Q.
Common VLAN is provided with all must be by the interchange of its network of route implementing and information, but route makes VLAN can not accomplish physically disconnection, the present invention can realize disconnection fully physically, thereby avoid independent binding with any network, make the whole VLAN system can be independent, turn round safely and work, simultaneously can reach for the data of being maintained secrecy (specifically being distributed in each) and can't be realized two-way exchange by supvr or supvr at the same level by each by between the supvr, and can only carry out unidirectional interchange to its upper management person, and this interchange measure also can't realize by cracking authority and password.
And, the present invention couples together the contact between a plurality of VLAN in part by the VLAN that setting has public port, whole VLAN can be coupled together in this way then, form tree-shaped connection, exchange way, can form effective one-way communication mode, can avoid horizontal interchange and unallowed illegal the interchange fully, thereby make whole network have very high safety and reliability.
Description of drawings
Fig. 1 is the topological diagram of the embodiment of the invention,
Fig. 2 is the synoptic diagram of the tree-shaped interchange of the embodiment of the invention,
Fig. 3 illustrates the situation that is provided with of IP address of the server network interface card of the embodiment of the invention,
Fig. 4 illustrates the IP address assignment situation of embodiment of the invention C level supvr network interface card,
Fig. 5 illustrates embodiment of the invention D level supvr and by gerentocratic IP address assignment situation,
Fig. 6 is provided with the distribution condition explanation for the port of embodiment of the invention switch.
Embodiment
Shown in Figure 1, the present invention is applied to a development and Design unit, adopts the internal lan structure of sealing, and physically isolated fully with the external world, every PC is as an independent VLAN, and each VLAN is connected on the server by switch.
Switch adopts SuperStack 3 Switch 4300 series of switchs of 3COM Corp., it is 48 port switch, can support the setting of 30 VLAN, carry out to reach 60 VLAN after the software upgrading, but it is not enough to the technical support of public port, port can not be set make it become the public port that does not belong to any VLAN.
In addition, network interface card is the necessary facility that VLAN is set, and about network interface card, what we selected is the network interface card of the 8470C3 of Intel Company and these two kinds of models of 8460C3, the network interface card supported vlans technology IEEE 802.1Q standard of this model.
The network interface card of server and the special PC of workstation is set, the appendage (carrying when buying network interface card) of a supported vlans will be installed earlier, get final product according to the explanation setting that its hardware provided then.
The setting of the vlan port of switch focuses on mark (tag) utilization, and promptly a port then must perform the mark setting as VLAN of needs and other ports share, specifically can be referring to the relevant explanation that is provided with of use hardware device.
Shown in Figure 1, the PC of switch difference Connection Service device and each department, and utilize its port that PC and the server that is connected carried out the setting of VLAN, in the present embodiment, every PC is as a VLAN.Can make like this between technological development personnel's the computing machine and can not carry out information interchange mutually, prevent the loss of technical information, simultaneously, in order to carry out suitable interchange, allow each technological development personnel and its higher level supvr's (being D level supvr)--the departmental manager carries out one-way communication.
Generally speaking, each minimum application units is provided with as a VLAN, minimum application units are meant the machine units of like products being carried out same design, exploitation or management, it can be a PC, it also can be the combination of multiple pc machine, they have same function and purposes limits, and have equal rights of using.
The mode that exchanges as shown in Figure 2.In the figure, the A level supvr do not list, and can be administerial chief executive, can be similar supvr, as president yet; B level supvr normally is responsible for the work of certain part, and is more terse if mechanism is provided with, also can be for the highest senior officer of administration, as the general manager (GM); C level supvr normally takes charge, the responsible official of co-ordination, as the deputy general manager of developing department; D level supvr then is the supvr of basic unit, or perhaps concrete exploitation responsible official, as certain Products Development manager, the responsible official of technology department.
Shown in Figure 2, every PC is set to one independently behind the VLAN, each can only be carried out unidirectional exchanging with its higher level's supvr (departmental manager) by supvr (technological development personnel), and can't exchange with the developer of peer, also can't exchange with other supvr not at the same level; For the supvr, as D level supvr, except with being exchanged of subordinate by the supvr, can also exchange with higher level's C level supvr, subordinate can be one by the supvr, also can be a plurality of, but can't exchange with the supvr of peer, also can't exchange, can't exchange with upper management person not at the same level with non-self-administered minor executive; C level supvr also is this situation.B level supvr, its higher level has only one, thus there is not the problem that can't exchange with the higher level, and for fairly simple control mode, common chief executive can only be set to B level supvr and get final product.
Shown in Figure 3, VLAN is divided into 1-40, VLAN1 is the switch default vlan, reservation need not, remaining VLAN is according to affiliated department and use setting, and for example, wherein VLAN2-7 is an Industrial Design Department, the IP address assignment of its server network interface card is divided (listed among the figure) according to the network segment, VLAN7 is a public port, does not mark, and is set to the gerentocratic VLAN of D level, automatic identification mode setting is adopted in its IP address, the port of VLAN2-VLAN6 performs mark, so that link up with VLAN7, simultaneously, can not exchange between the VLAN2-VLAN6 of division IP address, make VLAN2-VLAN6 to carry out unidirectional exchanging with VLAN7.
Equally, concrete condition according to exploitation, the development centre that the present invention uses is divided into Industrial Design Department, systems engineering portion, software portion, Hardware Subdivision, tough body (firmware) and the several exploitation units of the vice president of research and development department, except that the vice president of research and development department, the VLAN method to set up of each exploitation unit is consistent with being provided with of above-mentioned Industrial Design Department.
For the vice president of research and development department (being C level supvr), its VLAN is set to VLAN39, corresponding to server network interface card IP address, also adopt automatic identification mode setting, so that it can exchange and transfer data with all technician's VLAN and departmental manager (D level supvr).
The wire size of the correspondence of above-mentioned VLAN is unique, and corresponding with being provided with of other network interface card, equipment.
Figure 4 shows that the IP address assignment situation of embodiment of the invention C level supvr (being the vice president of research and development department) network interface card.Among Fig. 4, the distribution condition of VLAN and the IP address of network interface card and the wire size of wiring are corresponding with the setting of server shown in Figure 3.
No matter the IP address of the VLAN18 in engineering room is at the server network interface card, and still the setting at C level supvr (vice president of research and development department) network interface card all is duplicate.
Each technician's (by the supvr) network interface card, setting on server, its position, end is " 1 ", and the position, end that is provided with on C level supvr's (vice president of research and development department) the network interface card is " 3 ", and the position, end that is provided with on D level supvr's (departmental manager) the network interface card is " 4 " (as shown in Figure 5).
Fig. 5 is embodiment of the invention D level supvr and by gerentocratic IP address distribution condition on D level supvr (departmental manager) network interface card.Among Fig. 5, for D level supvr (departmental manager), the IP address of each VLAN is corresponding with the IP address of the server network interface card of this VLAN, C level supvr (vice president of research and development department) network interface card.
Simultaneously, also discern C level supvr's (vice president of research and development department) IP address on each D level supvr's (departmental manager) the network interface card automatically.
For the distribution wire size of each VLAN, consistent shown in this figure with Fig. 3, Fig. 4.
Fig. 6 is provided with the explanation of distribution condition for the port of embodiment of the invention switch.Shown in Figure 6, switch is assigned as its port the VLAN of Industrial Design Department, systems engineering portion, tough body, engineering room, software portion and Hardware Subdivision in order successively, wherein, VLAN7, VLAN12, VLAN16, VLAN29, VLAN38 are the departmental manager's (D level supvr) of each department VLAN, and they can exchange with each VLAN of its department respectively.
Wherein, Server (server) 1b (being abbreviated as S1b) port is crossed over each vlan port of sharing this switch.
As for the method to set up of concrete VLAN etc., prior art fully disclosed, and about corresponding regulation is also arranged in the IEEE 802.1Q standard, did not elaborate at this.
Described above is a kind of reasonable embodiment of the present invention, is not to realize the only resource of the present invention, and other embodiment that also can select not depart from the scope of the invention and purpose is realized.
Claims (14)
1, a kind of Monodirectional message transmission system that is used for virtual network, it can comprise a plurality of VLAN, VLAN is made of server, switch and Duo Tai computing machine, it is characterized in that the VLAN of the common employing of being provided with of VLAN more than 30, divide with IP address, MAC Address and the combination of switch ports themselves cluster between each VLAN, to determine its authority and to exchange direction.
2, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1, it is characterized in that each minimum application units enjoys a VLAN, and be divided into an independently network segment according to the IP address, its upper management person adopts the automatic identification mode in IP address, share its subordinate by gerentocratic VLAN, and use and be provided with the distributing IP address automatically, above-mentioned IP address is divided in conjunction with the port of switch, make it to be connected and fixed, can only carry out unidirectional information interchange.
3, the Monodirectional message transmission system that is used for virtual network as claimed in claim 2, it is characterized in that minimum application units, be meant the machine units of like products being carried out same design, exploitation or management, it can be a PC, it also can be the combination of multiple pc machine, they have same function and purposes limits, and have equal rights of using.
4, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1, it is characterized in that every PC is designed to a VLAN, the PC that has similar functions or application generally is provided with the workstation with management function, this workstation is enjoyed public port, can exchange with each above-mentioned VLAN, but can not carry out lateral communication between each VLAN.
5, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1 is characterized in that described VLAN can also divide by MAC Address simultaneously.
6, the Monodirectional message transmission system that is used for virtual network as claimed in claim 5, it is characterized in that setting up of MAC Address, it is hardware address according to every computing machine network interface card, with and the port that connected, on switch, increase its MAC Address, and specify its affiliated VLAN, determine that the safe condition of described port is static getting final product.
7, as claim 4 or the 6 described Monodirectional message transmission systems that are used for virtual network, it is characterized in that every computing machine as a VLAN, on server and PC workstation, it is carried out the IP address setting, gerentocratic IP address field uses automatically and is provided with, and the computing machine of being managed is divided according to the IP address field; The computing machine of different stage is divided according to different IP address fields, and in conjunction with MAC Address, directly on server and switch it is provided with.
8, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1 or 2 is characterized in that the division of described IP address, and from the network segment 1, preceding 2 IP addresses of each network segment are all left server for, and other IP address assignment is given individual by the supvr.The best mode according to the address field appointment of the distribution of IP address is given each computing machine assigned ip address, and for two IP addresses reserving, one of them is to keep for the supvr, leaves server for for one and uses.
9, the Monodirectional message transmission system that is used for virtual network as claimed in claim 8, it is characterized in that the division of above-mentioned IP address, for the supvr, on its computing machine network interface card VLAN is set, the IP address is not set, and in the IP address field that the computing machine of each gerentocratic computing machine and its management is shared, first IP address field is that gerentocratic computing machine is reserved.
10, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1, it is characterized in that described server, its port is crossed over each vlan port of sharing switch, about sharing of VLAN, focus on the setting of its public port, perform the mark of IEEE 802.1Q.
11, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1 is characterized in that and for server, only adds VLAN, and the IP address is not set.
12 Monodirectional message transmission systems that are used for virtual network as claimed in claim 1, it is characterized in that described network interface card, make server or special P C become the member of a plurality of VLAN simultaneously, must support the 802.1Q agreement of IEEE, to realize that different member of vlans finish mutual communication in the scope of server specified domain, the setting of network interface card is by planning and set the network segment and the address of IP, and adopt concrete IP to be provided with and the automatic mode that combines of discerning, for the supvr, be set to automatic identification, other the concrete IP that carries out is provided with.
13, the Monodirectional message transmission system that is used for virtual network as claimed in claim 1, when it is characterized in that a plurality of VLAN are positioned at same switch, can pass through the port forwarding information, in order to ensure unimpeded, the direct contact of VLAN, vlan trunking must be set, be VLANTrunking, the agreement of describing vlan trunking is IEEE 802.1Q.
14, as claim 2 or the 4 described Monodirectional message transmission systems that are used for virtual network, it is characterized in that for minimum application units and supvr thereof, the IP address assignment of server network interface card is divided according to the network segment, gerentocratic VLAN is set to public port, do not mark, and be set to the gerentocratic VLAN of D level, automatic identification mode setting is adopted in its IP address, the vlan port of each minimum application units performs mark, so that link up with gerentocratic VLAN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA021242860A CN1469253A (en) | 2002-07-15 | 2002-07-15 | Monodirectional message transmission system for virtual network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA021242860A CN1469253A (en) | 2002-07-15 | 2002-07-15 | Monodirectional message transmission system for virtual network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1469253A true CN1469253A (en) | 2004-01-21 |
Family
ID=34142702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA021242860A Pending CN1469253A (en) | 2002-07-15 | 2002-07-15 | Monodirectional message transmission system for virtual network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1469253A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100382529C (en) * | 2004-08-27 | 2008-04-16 | 国际商业机器公司 | Method and apparatus for providing network virtualization |
| CN101411156B (en) * | 2004-05-12 | 2011-04-20 | 阿尔卡特朗讯 | Automated containment of network intruder |
| CN102891778A (en) * | 2012-09-27 | 2013-01-23 | 迈普通信技术股份有限公司 | Control system and method for loop avoidance in automated testing |
| CN101673283B (en) * | 2004-03-19 | 2013-07-17 | 株式会社日立制作所 | Management terminal and computer system |
| CN110933291A (en) * | 2019-06-06 | 2020-03-27 | 北京仁光科技有限公司 | Cross-network interaction system and cross-network interaction method |
| CN112987626A (en) * | 2021-04-22 | 2021-06-18 | 常州微亿智造科技有限公司 | Industrial data transmission system |
-
2002
- 2002-07-15 CN CNA021242860A patent/CN1469253A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101673283B (en) * | 2004-03-19 | 2013-07-17 | 株式会社日立制作所 | Management terminal and computer system |
| CN101411156B (en) * | 2004-05-12 | 2011-04-20 | 阿尔卡特朗讯 | Automated containment of network intruder |
| CN100382529C (en) * | 2004-08-27 | 2008-04-16 | 国际商业机器公司 | Method and apparatus for providing network virtualization |
| CN102891778A (en) * | 2012-09-27 | 2013-01-23 | 迈普通信技术股份有限公司 | Control system and method for loop avoidance in automated testing |
| CN102891778B (en) * | 2012-09-27 | 2016-03-30 | 迈普通信技术股份有限公司 | Control system and the method for loop is avoided in automatic test |
| CN110933291A (en) * | 2019-06-06 | 2020-03-27 | 北京仁光科技有限公司 | Cross-network interaction system and cross-network interaction method |
| CN112987626A (en) * | 2021-04-22 | 2021-06-18 | 常州微亿智造科技有限公司 | Industrial data transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2010200994B2 (en) | Tunneled security groups | |
| US7624434B2 (en) | System for providing firewall capabilities to a communication device | |
| CN1543163A (en) | Method for creating a peer-to-peer home network using common group label | |
| CN101326763A (en) | System and method for authentication of SP Ethernet aggregation networks | |
| CN103959712B (en) | Time control in large-scale firewall cluster | |
| CN1505362A (en) | Method for communication between nodes in peer-to-peer networks using common group label | |
| US20190097940A1 (en) | Network system and method for cross region virtual private network peering | |
| CN1905504A (en) | Method for implementing virtual LAN based on WAPI system in WLAN | |
| JP4636345B2 (en) | Security policy control system, security policy control method, and program | |
| CN106027491B (en) | Separated links formula communication processing method and system based on isolation IP address | |
| US7721324B1 (en) | Securing management operations in a communication fabric | |
| CN103858383A (en) | Authentication sharing in a firewall cluster | |
| CN1469253A (en) | Monodirectional message transmission system for virtual network | |
| US20120137362A1 (en) | Collaborative security system for residential users | |
| Odi et al. | The proposed roles of VLAN and inter-VLAN routing in effective distribution of network services in Ebonyi State University | |
| Hadi et al. | A simple security policy enforcement system for an institution using SDN controller | |
| CN113853776B (en) | Method, system and computer readable medium for network architecture | |
| BR0208227A (en) | System, method, and appliance that isolate virtual private network (vpn) and best-performing traffic to resist denial of service attacks | |
| EP1327934A1 (en) | Compartmented multi operator network management | |
| CN110912878B (en) | VPN-based information management system network security protection method and system | |
| US7359378B2 (en) | Security system for preventing unauthorized packet transmission between customer servers in a server farm | |
| Rodrigues et al. | Implementing a distributed firewall using a DHT network applied to smart grids | |
| CN1787451A (en) | Method and system for realizing area management over sub network | |
| WO2023080278A1 (en) | Whitelisting security method and system for iot-based multi-framework smart lighting system | |
| KR102246290B1 (en) | Method, apparatus and computer program for network separation of software defined network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |