CN101316271B - Method for implementing information backup, fire wall and network system - Google Patents

Method for implementing information backup, fire wall and network system Download PDF

Info

Publication number
CN101316271B
CN101316271B CN2008101330215A CN200810133021A CN101316271B CN 101316271 B CN101316271 B CN 101316271B CN 2008101330215 A CN2008101330215 A CN 2008101330215A CN 200810133021 A CN200810133021 A CN 200810133021A CN 101316271 B CN101316271 B CN 101316271B
Authority
CN
China
Prior art keywords
session
message
session information
fire compartment
compartment wall
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008101330215A
Other languages
Chinese (zh)
Other versions
CN101316271A (en
Inventor
吴永清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CN2008101330215A priority Critical patent/CN101316271B/en
Publication of CN101316271A publication Critical patent/CN101316271A/en
Priority to PCT/CN2009/070979 priority patent/WO2010000146A1/en
Priority to US12/469,413 priority patent/US20100005263A1/en
Application granted granted Critical
Publication of CN101316271B publication Critical patent/CN101316271B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2097Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2038Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant with a single idle spare processing component
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2048Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant where the redundant components share neither address space nor persistent storage

Abstract

The embodiment of the invention discloses a method for fulfilling information backup, a firewall and a network system. The method is used for fulfilling the information backup between at least two firewalls and comprises the steps that: a message is received; when the message received causes session information recorded to change is detected, the changed session information is backed up to another firewall. The embodiment of the invention provides a firewall which comprises a receiving unit used for receiving messages, and a processing unit used for backing up the changed session information to another firewall when the message received causes session information recorded to change is detected. The embodiment of the invention also discloses a network system which can ensure that the session information recorded between firewalls is real-time and consistent.

Description

Realize method, fire compartment wall and the network system of information back-up
Technical field
The present invention relates to network communication field, relate in particular to a kind of method, fire compartment wall and network system that realizes information back-up.
Background technology
Fire compartment wall is as the monitoring protection equipment in the network, and the safety of network is played an important role.The fire compartment wall of main flow generally adopts state-inspection firewall at present, writes down the session information of each session by such fire compartment wall, and dynamically judges whether to abandon the message of reception according to the session information of record.Session information described here comprises the relevant parameter that session is set up, and the state information of existing session, for example source address, destination address, message protocol type, session status of living in etc.
In the application of reality, in order to improve security reliability, fire compartment wall adopts the two-node cluster hot backup networking mode usually, wherein one in running order, another is in Status of Backups, when the operating state fire compartment wall broke down, the Status of Backups fire compartment wall was taken over its work.This method is only at message back and forth under the situation of path unanimity, just can guarantee the integrality of session information of each session of fire compartment wall record, so the networking configuration on concrete the application is comparatively complicated.
Prior art proposes a kind of support message inconsistent processing method in path back and forth.Fig. 1 is the prior art networking diagram, comprising: fire compartment wall 1, fire compartment wall 2; Router R1, R2, R3, R4.If adopt traditional message consistent mode in path back and forth, the path is: R3->fire compartment wall 1->R1->fire compartment wall 1->R3; But now adopt message back and forth during the inconsistent mode in path, then the path is: R3->fire compartment wall 1->R1->R2->fire compartment wall 2->R4.At the prior art message inconsistent situation in path back and forth, every fire compartment wall all can the periodic scanning record session information, then session information is backuped on another fire compartment wall by the heartbeat line between the fire compartment wall, after a fire compartment wall breaks down so therein, another fire compartment wall can be handled session service according to backing up the session information of coming before.
In research and practice process to prior art, the inventor finds that there is following problem in prior art:
Because what prior art adopted is to carry out the session information backup behind the periodic scanning again, must have time-delay, the session information that causes two fire compartment walls to write down can not be in full accord in real time, thereby some session service cannot normally carry out.For example wherein a fire compartment wall is when handling session, owing to fail to obtain timely the up-to-date session information of this session, the business relevant with this session also just can't be carried out normally.
Summary of the invention
The technical problem that the embodiment of the invention will solve provides a kind of method, fire compartment wall and network system that realizes information back-up, can guarantee the session information realtime uniform that writes down between the fire compartment wall.
The embodiment of the invention provides a kind of method that realizes information back-up, is used to realize the information back-up between at least two fire compartment walls, comprising: receive message; When the message that detects described reception changes the session information of record, session information after changing is backuped to another fire compartment wall, specifically comprise: the session of in the session information of record, searching described message correspondence, after the session that does not find described message correspondence, set up session according to described message, the session information of newly-increased described session backups to described another fire compartment wall with described newly-increased session information; After the session that finds described message correspondence, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence according to described message, the session information of described renewal is backuped to described another fire compartment wall.
A kind of fire compartment wall of the embodiment of the invention comprises: receiving element is used to receive message; Processing unit is used for when the message that detects described reception changes the session information of record, and the session information after changing is backuped to another fire compartment wall;
Wherein, described processing unit comprises:
Memory cell is used for recording conversation information;
Search the unit, be used for searching the session of described message correspondence at the session information of described unit records;
First processing unit, be used for when described search the unit and do not find the session of described message correspondence after, set up session according to described message, the session information in the newly-increased described session of described memory cell backups to described another fire compartment wall with described newly-increased session information;
Second processing unit, be used for when described search the unit and find the session of described message correspondence after, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence in described memory cell according to described message, the session information of described renewal is backuped to described another fire compartment wall.
A kind of network system of the embodiment of the invention comprises: first fire compartment wall be used to receive message, and whether the message that detects described reception makes the session information of record change, if the session information after changing is sent; Second fire compartment wall backs up after being used to receive the session information after the described variation that described first fire compartment wall sends;
Wherein, described first fire compartment wall further comprises:
Receiving element is used to receive message;
Processing unit, be used for searching the session of described message correspondence, after the session that does not find described message correspondence, set up session according to described message at the session information of record, the session information of newly-increased described session backups to described another fire compartment wall with described newly-increased session information;
Described processing unit is after the session that finds described message correspondence, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence according to described message, the session information of described renewal is backuped to described another fire compartment wall.
The technical scheme that the embodiment of the invention provides is owing to be when the message that detects reception changes the session information of record, session information after just will changing backups to another fire compartment wall, thereby, guaranteed the session information realtime uniform that writes down between the fire compartment wall by this instant back mechanism.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the prior art networking diagram;
Fig. 2 is the method flow diagram that the embodiment of the invention one realizes information back-up;
Fig. 3 is the method flow diagram that the embodiment of the invention two realizes information back-up;
Fig. 4 is the method flow diagram that the embodiment of the invention three realizes information back-up;
Fig. 5 is an embodiment of the invention fire rated wall structure schematic diagram;
Fig. 6 is an embodiment of the invention network architecture schematic diagram.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The embodiment of the invention provides a kind of method that realizes information back-up, can guarantee the session information realtime uniform that writes down between the fire compartment wall to make the business of session normally carry out.
In the embodiment of the invention, do not distinguish the activestandby state of fire compartment wall during backup session information, promptly when first fire compartment wall as master firewall, second fire compartment wall is during as backup firewall, session information can backup to backup firewall from master firewall, also can backup to master firewall from backup firewall.
Below in conjunction with accompanying drawing the embodiment of the invention is described in detail.
Embodiment one:
Referring to Fig. 2, be the method flow diagram that the embodiment of the invention one realizes information back-up, be that example describes with first fire compartment wall and second fire compartment wall, comprise step:
Step 201, first fire compartment wall receive message;
First fire compartment wall receives the message of various different agreement types, may be ICMP (Internet Control Message Protocol, the Internet Internet Control Message Protocol) message, or UDP (User Datagram Protocol, User Datagram Protoco (UDP)) message, it also may be TCP (Transmission Control Protocol, transmission control protocol) message.
When step 202, described first fire compartment wall change the session information of record at the message that detects described reception, the session information after changing is backuped to second fire compartment wall.
When first fire compartment wall changed the session information of record at the message that detects described reception, the session information after will changing immediately backuped to second fire compartment wall.
Here the said message that detects reception changes the session information of record, may be to set up the session information that new session and newly-increased session information cause writing down according to the message that receives to change, also may be that original session status changes after receiving message, need to upgrade session information and the session information that causes writing down changes.
Can find, embodiment one is when changing the session information of record at the message that detects described reception, session information after changing is backuped to second fire compartment wall immediately, thereby guarantee the session information realtime uniform between second fire compartment wall and first fire compartment wall.
In the concrete application of network system, according to the difference of message protocol, the embodiment of the invention realizes that the method for session information backup realizes in different ways, further specifically describes the embodiment of the invention below in conjunction with different message protocols.
Embodiment two:
Referring to Fig. 3, be the method flow diagram that the embodiment of the invention two realizes information back-up.Embodiment two is main, and what describe is the handling process of fire compartment wall when receiving ICMP or UDP message, is that example describes with first fire compartment wall and second fire compartment wall.Session based on UDP or ICMP generally all is connectionless session, does not have the variable condition of session, and processing procedure is simple relatively.Concrete steps are as follows among Fig. 3:
Step 301, first fire compartment wall receive ICMP or UDP message;
Step 302, first fire compartment wall are searched the session of received packet correspondence in the session information that self writes down;
First fire compartment wall records the session information relevant with session, and session information can be stored in the special internal memory.When receiving message, first fire compartment wall is searched the associated session of message correspondence according to the relevant information of carrying in the message in the session information that self writes down.
Step 303, draw whether there is session according to lookup result, if having session then enter step 306, if there is no session then enters step 304;
First fire compartment wall is by searching the associated session of message correspondence in the session information that self writes down, whether set up session before can finding, if set up session, then store the relevant information of this session, therefore draw and have session, and enter step 306, and there is not session otherwise draw, enter step 304.
Step 304, first fire compartment wall are set up ICMP or UDP session, enter step 305;
After first fire compartment wall draws the session that does not have the received packet correspondence according to lookup result, simultaneously judging this message according to the access rule that is provided with belongs to and allows the message that passes through, then set up ICMP or UDP session according to the message that receives, and the session information of newly-increased this new session, this moment, the session information of first fire compartment wall record changed.If first fire compartment wall judges that this message does not allow to pass through, then can abandon this message, process ends is not set up session.
Step 305, the session information of ICMP or UDP session is backed up to second fire compartment wall, enter step 306;
First fire compartment wall backups to second fire compartment wall by the heartbeat line between the fire compartment wall immediately with the session information of ICMP or UDP session, to guarantee the session information realtime uniform between second fire compartment wall and first fire compartment wall.
Step 306, forwarding ICMP or UDP message.
Need to prove, in the said process, be to E-Packet with first backup session information to illustrate again, and also can be that backup session information is carried out simultaneously with E-Packeting, or the backup session information again that E-Packets earlier.
Can find, embodiment two by detect receive ICMP or UDP message after because newly set up ICMP or UDP session when the session information of record is changed, session information after changing is backuped to second fire compartment wall immediately, thereby guarantee the session information realtime uniform between second fire compartment wall and first fire compartment wall.
Embodiment three,
Referring to Fig. 4, be the method flow diagram that the embodiment of the invention three realizes information back-up.Embodiment three is main, and what describe is the handling process of fire compartment wall when receiving the TCP message, is that example describes with first fire compartment wall and second fire compartment wall.Because there are various different conditions in the session based on TCP, so processing procedure is comparatively complicated, but mainly also is when the session information that detects record changes the session information back-up to be arrived another fire compartment wall.Here the said session information that detects record changes, and comprising: newly-increased session information when setting up new session, set up session originally but session status changes and causes session information to upgrade (for example modification of session information or deletion) etc.
Concrete steps are as follows among Fig. 4:
Step 401, first fire compartment wall receive the TCP message;
Step 402, first fire compartment wall are searched the session of received packet correspondence in the session information that self writes down;
First fire compartment wall records the session information relevant with session, and session information can be stored in the special internal memory.When receiving message, first fire compartment wall is searched the associated session of message correspondence according to the relevant information of carrying in the message in the session information that self writes down.
Step 403, draw whether there is session according to lookup result, if having session then enter step 404, if there is no session then enters step 406;
First fire compartment wall is by searching the associated session of message correspondence in the session information that self writes down, whether set up session before can finding, if set up session, then store the relevant information of this session, therefore draw and have session, and enter step 404, and there is not session otherwise draw, enter step 406.
Whether the message that step 404, judgement receive belongs to the message that there has been the session status of session in change, if then enter step 405, otherwise enters step 410;
In the TCP message, the message that changes session status can be SYN+ACK message, ACK message, RST message or FIN message etc.The SYN+ACK message is to connect the request of foundation to respond the sign message, connects the request of foundation in order to respond; The ACK message is to respond the sign message, and in a TCP connected, except first message was the SYN message, all messages all were provided with this field, as the response to a last message; The RST message is the reseting mark message; The FIN message is the end mark message.Need to prove, just illustrate here,, list no longer one by one as for other messages that also will change session status.
Step 405, the session information that upgrades is backed up to second fire compartment wall, enter step 410;
After the message that first fire compartment wall judge to receive belongs to the message of session status that there has been session in change, upgrade the session information of respective session, at this moment, the session information of record changes.First fire compartment wall backups to second fire compartment wall with the backup of the session information after the renewal of TCP, to guarantee the session information realtime uniform between second fire compartment wall and first fire compartment wall immediately by the heartbeat line between the fire compartment wall.
Step 406, judge that whether message is the SYN message, if then enter step 408, otherwise enters step 407;
Step 407, abandon this message, process ends;
Step 408, first fire compartment wall are set up the TCP session, enter step 409;
After receiving the SYN message, can set up the TCP session in the Transmission Control Protocol, after the message of therefore judging reception is the SYN message, set up the TCP session according to this message, and the session information of newly-increased this session, at this moment, the session information of first fire compartment wall record changes.
Step 409, the session information of new record is backed up to second fire compartment wall, enter step 410;
First fire compartment wall will backup to second fire compartment wall for the session information backup that newly-established session is write down immediately by the heartbeat line between the fire compartment wall, to guarantee the session information realtime uniform between second fire compartment wall and first fire compartment wall.
Step 410, E-Packet.
Need to prove, in the said process, be to E-Packet with first backup session information to illustrate again, and also can be that backup session information is carried out simultaneously with E-Packeting, or the backup session information again that E-Packets earlier.
Need to prove that the foregoing description is to illustrate to carry out the session information backup between two fire compartment walls mutually, for networking (N is greater than the 2) situation of N+1 backup in the network system, its principle is similar.
The foregoing description describes a kind of method that realizes information back-up in detail, and corresponding, the embodiment of the invention provides a kind of fire compartment wall and network system.
Seeing also Fig. 5, is embodiment of the invention fire rated wall structure schematic diagram.
As shown in Figure 5, fire compartment wall comprises: receiving element 51, processing unit 52.
Receiving element 51 is used to receive message.
Processing unit 52 is used for when the message that detects described reception changes the session information of record, and the session information after changing is backuped to another fire compartment wall.
Processing unit 52 further comprises: memory cell 521, search unit 522, first processing unit 523.
Memory cell 521 is used for recording conversation information.
Search unit 522, be used for searching the session of described message correspondence at the session information of described memory cell 521 records.
First processing unit 523, be used for when described search unit 522 and do not find the session of described message correspondence after, set up session according to described message, the session information in described memory cell 521 newly-increased described sessions backups to described another fire compartment wall with described newly-increased session information.At this moment, the message of first processing unit, 523 processing can be the SYN message in icmp packet, UDP message or the TCP message.
Described processing unit 52 also comprises: second processing unit 524.
Second processing unit 524, be used for when described search unit 522 and find the session of described message correspondence after, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence in described memory cell 521 according to described message, the session information of described renewal is backuped to described another fire compartment wall.The session information of the described session correspondence of renewal described here comprises: the session information of revising or delete described session correspondence.The described message that changes session status that belongs to comprises: the SYN+ACK message in the TCP message, ACK message, RST message or FIN message.
Seeing also Fig. 6, is embodiment of the invention network architecture schematic diagram.
As shown in Figure 6, network system comprises: first fire compartment wall 61, second fire compartment wall 62.
First fire compartment wall 61 is used to receive message, and whether the message that detects described reception is when making the session information of record change, if the session information after changing is sent.
Second fire compartment wall 62 backs up after being used to receive the session information after the described variation that described first fire compartment wall 61 sends.
Described first fire compartment wall 61 further comprises: receiving element and processing unit.
Receiving element is used to receive message.
Processing unit, be used for searching the session of described message correspondence, after the session that does not find described message correspondence, set up session according to described message at the session information of record, the session information of newly-increased described session backups to described another fire compartment wall with described newly-increased session information.Described processing unit is after the session that finds described message correspondence, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence according to described message, the session information of described renewal is backuped to described another fire compartment wall.
First fire compartment wall 61 structure is more specifically consulted above-mentioned structure shown in Figure 5, no longer is described in detail herein.Need to prove that first fire compartment wall 61 described here is relative with second fire compartment wall 62, second fire compartment wall 62 also can have above-mentioned structure shown in Figure 5.
In sum, the technical scheme that the embodiment of the invention provides is owing to be when at the message that detects reception the session information of record being changed, session information after just will changing backups to another fire compartment wall, thereby, guaranteed the session information realtime uniform that writes down between the fire compartment wall by this instant back mechanism.
Further, the technical scheme that the embodiment of the invention provides, the different agreement type at the message that receives proposes different handling processes, uses more flexible.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
More than a kind of method, fire compartment wall and network system of information back-up of realizing that the embodiment of the invention provided is described in detail, for one of ordinary skill in the art, thought according to the embodiment of the invention, part in specific embodiments and applications all can change, in sum, this description should not be construed as limitation of the present invention.

Claims (6)

1. a method that realizes information back-up is used to realize that the session information between at least two fire compartment walls backs up, and it is characterized in that, comprising:
Receive message;
When the message that detects described reception changes the session information of record, session information after changing is backuped to another fire compartment wall, specifically comprise: the session of in the session information of record, searching described message correspondence, after the session that does not find described message correspondence, set up session according to described message, the session information of newly-increased described session backups to described another fire compartment wall with described newly-increased session information; After the session that finds described message correspondence, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence according to described message, the session information of described renewal is backuped to described another fire compartment wall.
2. the method for realization information back-up according to claim 1 is characterized in that:
Described message is that request SYN message is set up in the connection in the Internet Internet Control Message Protocol icmp packet, User Datagram Protoco (UDP) UDP message or the transmission control protocol TCP message.
3. the method for realization information back-up according to claim 1 is characterized in that:
The session information of the described session correspondence of described renewal comprises: the session information of revising or delete described session correspondence.
4. according to the method for claim 1 or 3 described realization information back-ups, it is characterized in that:
The described message that changes session status that belongs to comprises: the request of setting up of the connection in the transmission control protocol TCP message is responded sign SYN+ACK message, is responded sign A CK message, reseting mark RST message or end mark FIN message.
5. a fire compartment wall is characterized in that, comprising:
Receiving element is used to receive message;
Processing unit is used for when the message that detects described reception changes the session information of record, and the session information after changing is backuped to another fire compartment wall;
Wherein, described processing unit comprises:
Memory cell is used for recording conversation information;
Search the unit, be used for searching the session of described message correspondence at the session information of described unit records;
First processing unit, be used for when described search the unit and do not find the session of described message correspondence after, set up session according to described message, the session information in the newly-increased described session of described memory cell backups to described another fire compartment wall with described newly-increased session information;
Second processing unit, be used for when described search the unit and find the session of described message correspondence after, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence in described memory cell according to described message, the session information of described renewal is backuped to described another fire compartment wall.
6. a network system is characterized in that, comprising:
First fire compartment wall is used to receive message, and whether the message that detects described reception make the session information of record change, if the session information after changing is sent;
Second fire compartment wall backs up after being used to receive the session information after the described variation that described first fire compartment wall sends;
Wherein, described first fire compartment wall further comprises:
Receiving element is used to receive message;
Processing unit, be used for searching the session of described message correspondence, after the session that does not find described message correspondence, set up session according to described message at the session information of record, the session information of newly-increased described session backups to described another fire compartment wall with described newly-increased session information;
Described processing unit is after the session that finds described message correspondence, further when judging described message and belong to the message that changes session status, upgrade the session information of described session correspondence according to described message, the session information of described renewal is backuped to described another fire compartment wall.
CN2008101330215A 2008-07-04 2008-07-04 Method for implementing information backup, fire wall and network system Active CN101316271B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN2008101330215A CN101316271B (en) 2008-07-04 2008-07-04 Method for implementing information backup, fire wall and network system
PCT/CN2009/070979 WO2010000146A1 (en) 2008-07-04 2009-03-24 Method, firewalls and network system for realizing information backup
US12/469,413 US20100005263A1 (en) 2008-07-04 2009-05-20 Information backup method, firewall and network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101330215A CN101316271B (en) 2008-07-04 2008-07-04 Method for implementing information backup, fire wall and network system

Publications (2)

Publication Number Publication Date
CN101316271A CN101316271A (en) 2008-12-03
CN101316271B true CN101316271B (en) 2011-11-02

Family

ID=40107110

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101330215A Active CN101316271B (en) 2008-07-04 2008-07-04 Method for implementing information backup, fire wall and network system

Country Status (2)

Country Link
CN (1) CN101316271B (en)
WO (1) WO2010000146A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316271B (en) * 2008-07-04 2011-11-02 成都市华为赛门铁克科技有限公司 Method for implementing information backup, fire wall and network system
CN101557317B (en) * 2009-05-26 2011-06-29 杭州华三通信技术有限公司 Active dialogue backup system, equipment and method in dual-server hot-backup network
CN102035687B (en) 2011-01-06 2012-10-17 华为技术有限公司 Backup method and equipment for TCP connection
CN102333080A (en) * 2011-08-02 2012-01-25 杭州迪普科技有限公司 Method and device for preventing message from attacking
US9106610B2 (en) 2013-06-07 2015-08-11 International Business Machines Corporation Regional firewall clustering in a networked computing environment
CN104243591B (en) * 2014-09-24 2018-02-09 新华三技术有限公司 The method and device of synchronous safety cluster session information
CN104519065B (en) * 2014-12-22 2018-05-01 北京卓越信通电子股份有限公司 A kind of industry control method of realizing fireproof wall for supporting filtering Modbus Transmission Control Protocol
CN105591810B (en) * 2015-10-22 2019-04-12 新华三技术有限公司 Backup messages sending method and equipment
CN107508833A (en) * 2017-09-22 2017-12-22 江苏海事职业技术学院 A kind of Network Safety on Campus protection system dispositions method
CN109922144B (en) * 2019-02-28 2022-09-16 北京百度网讯科技有限公司 Method and apparatus for processing data
CN110138656B (en) * 2019-05-28 2022-03-01 新华三技术有限公司 Service processing method and device
CN113965347B (en) * 2021-09-09 2024-03-15 山石网科通信技术股份有限公司 Firewall data processing method and device
CN114301766A (en) * 2021-12-30 2022-04-08 山石网科通信技术股份有限公司 Communication method, communication apparatus, storage medium, and processor
CN114979236A (en) * 2022-05-12 2022-08-30 山石网科通信技术股份有限公司 Data transmission method, data transmission device, storage medium and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1622483A (en) * 2003-11-27 2005-06-01 华为技术有限公司 A method for implementing software hot-backup of main and reserve machines
CN1794644A (en) * 2005-12-31 2006-06-28 西安交大捷普网络科技有限公司 Link backup method of fire wall

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905460A (en) * 2005-07-29 2007-01-31 上海恩梯梯通信工程有限公司 Higher quarantine network system
CN101316271B (en) * 2008-07-04 2011-11-02 成都市华为赛门铁克科技有限公司 Method for implementing information backup, fire wall and network system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1622483A (en) * 2003-11-27 2005-06-01 华为技术有限公司 A method for implementing software hot-backup of main and reserve machines
CN1794644A (en) * 2005-12-31 2006-06-28 西安交大捷普网络科技有限公司 Link backup method of fire wall

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
崔伟等.全状态防火墙双机热备份的设计与实现.《计算机应用研究》.2004,(第12期),第278-280页. *

Also Published As

Publication number Publication date
CN101316271A (en) 2008-12-03
WO2010000146A1 (en) 2010-01-07

Similar Documents

Publication Publication Date Title
CN101316271B (en) Method for implementing information backup, fire wall and network system
US7107481B2 (en) Server takeover system and method
EP1768331B1 (en) Routing system and method for synchronisation
US8284783B1 (en) System and method for avoiding neighbor cache pollution
CA2499343C (en) Ip redundancy with improved failover notification
CN109861867B (en) MEC service processing method and device
US7539150B2 (en) Node discovery and communications in a network
CN107547366A (en) A kind of message forwarding method and device
CN101431428B (en) Security monitoring service recovery method and system
US10447652B2 (en) High availability bridging between layer 2 networks
CN101316234B (en) Route condition detecting method, device and system
US20080205406A1 (en) Recording medium having reception program recorded therein, recording medium having transmission program recorded therein, transmission/reception system and transmission/reception method
CN102761534A (en) Method and device for realizing transparent proxy of media access control layer
WO2018214652A1 (en) Method and apparatus for message transmission
CN107959872A (en) A kind of video switching method, device and video patrol system
CN101909007B (en) Production method, device and network equipment of binding table
CN101808043A (en) Method and device for detecting service message forwarding state of TRUNK members
CN101489074A (en) Collaborative recording system and method
CN102291313B (en) Method, device and equipment for finding virtual router redundancy protocol (VRRP) network topology
CN109951388B (en) Routing uninterrupted method and main control board
CN107547449B (en) Mirror image message forwarding method, device and system
CN103973466A (en) Method and device for waking up sleep link
JP2000293272A (en) Unit and method for power supply control over common equipment
CN105959315A (en) IP (Internet Protocol) keep-alive method and client applied to user migration
CN107872391A (en) A kind of entry updating method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD.

Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD.

Effective date: 20090424

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20090424

Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731

Applicant after: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

Address before: Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Province, China: 518129

Applicant before: HUAWEI TECHNOLOGIES Co.,Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220824

Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd.

Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China

Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.