CN103124239A - Load balancing method used by combining with isolation gateway and based on forward isolation device - Google Patents
Load balancing method used by combining with isolation gateway and based on forward isolation device Download PDFInfo
- Publication number
- CN103124239A CN103124239A CN2012105360019A CN201210536001A CN103124239A CN 103124239 A CN103124239 A CN 103124239A CN 2012105360019 A CN2012105360019 A CN 2012105360019A CN 201210536001 A CN201210536001 A CN 201210536001A CN 103124239 A CN103124239 A CN 103124239A
- Authority
- CN
- China
- Prior art keywords
- isolation gateway
- spacer assembly
- link
- isolation
- load
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a load balancing method used by combining with an isolation gateway and based on a forward isolation device. The method includes that business processing rules of the forward isolation device are configured, transmission control protocol (TCP) business messages are allowed to pass in forward direction, and only response messages of set formats are allowed to pass in the reverse direction; a private health detecting mechanism based on the TCP detects health conditions of each chain; and forward business data is distributed according to the health conditions of each chain. By deploying detecting messages based on the TCP on the upper portion of the isolation gateway on two sides of the isolation device, the health conditions of each chain are detected, load balancing is conducted according to the health conditions, load balancing efficiency is high, deploying of situations with bandwidth expandability and network safety is achieved, and requirements for high safety, high bandwidth and high reliability of combining of the forward isolation device and the isolation gateway are met.
Description
Technical field
The present invention relates to load-balancing technique, particularly relate to a kind of load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly.
Background technology
Forward spacer assembly: the i.e. private network of electric power system network Special safety spacer assembly of forward type, a kind of by with various control function specialized hardware, a safety device between dispatching data network and public information network is used for place of safety I/II to the one-way data transmission of place of safety III.
Isolation gateway: based on including but not limited to the unidirectional forwarding of realization such as router, switch or server and to its two connected gateways that network is isolated.
Load balancing: be the load-balancing algorithm according to configured in advance, the customer flow of access same IP address is assigned on different servers.It is shared user's flow on the server of many equivalences by Virtual Service technology, server Health Check technology with by the flow forwarding technology.As if what these technology were seen access for the calling party angle is a station server, and be actually and can share on different servers by certain load-balancing algorithm, indirectly improve the disposal ability of server, also indirectly improved stability and the extensibility of server.
Now great majority isolation gateways are all integrated load-balancing technique, but this piece of its security protection generally can only be accomplished safety inspection and the control of IP layer and common application layer protocol, can not accomplish internetwork " physical isolation ", therefore in the industry that some specific safety is had relatively high expectations, for example, electric power system dedicated network spacer assembly is all generally to increase to have disposed safety insulating device to carry out the physical layer isolation.
Be subject to the particularity of its hardware environment and Business Processing due to spacer assembly, relate to the functions such as the switching of data, isolation, its transfer capability to service message is generally on the low side, so usually need many spacer assembly equipment stackings are got up to improve the disposed of in its entirety performance, after stacking by spacer assembly, carry out technical combination to reach complementary effect with the load-balancing function of isolating gateway.
As shown in Figure 1, Fig. 1 is the application networking schematic diagram of being combined with the isolation gateway based on the forward spacer assembly, in forward spacer assembly situation:
In network A, network B networking, two spacer assemblys of isolating between gateway A, isolation gateway B have carried out the stacking processing of cluster, to make up the general deficiency on the low side of its transfer capability to service message, simultaneously in order to allow each stacking spacer assembly share service traffics, two isolation gateways before and after spacer assembly possess load-balancing function, thereby reach the advantage that integral body is utilized network collection spacer assembly and isolation gateway, satisfy high security and high bandwidth business demand.
At present, the most network equipment is all supported the ICMP agreement, the load-balancing function of isolation gateway is by using the periodic health probe messages based on the ICMP agreement, and receive the message that corresponding ICMP request is responded, judge the health status of real server, flow is assigned on healthy server by the strategy that configures.
Yet, robustness due to fail safe and the realization of spacer assembly self, when the communication link appearance of spacer assembly is congested, the spacer assembly opposite side of surveying can't be made response because not receiving ICMP health probe messages, and the load balancing icmp probe function of isolating like this gateway just can't open effect.And general spacer assembly has interception function to the health probe messages of ICMP agreement, for example, the forward spacer assembly can not allow the icmp echo message pass through, so can't carry out by direct detection spacer assembly opposite side equipment interface the Health Check of load-balancing device yet.
In sum, survey the load-balancing technique of mechanism based on above-mentioned health, based on spacer assembly with isolate the application networking that gateway is combined, be difficult to reach load balancing and fail safe and deposit, cause the forward business datum can't rationally carry out load balancing and distribute, business data processing efficient is low.
Summary of the invention
Based on this, be necessary for based on above-mentioned existing load-balancing technique, cause the forward business datum can't rationally carry out load balancing and distribute, the inefficient problem of business data processing provides a kind of load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly.
A kind of load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly comprises the steps:
S100, the business process rule of configuration forward spacer assembly wherein, allows the TCP service message to pass through at forward, and the response message that oppositely only allows to set form passes through;
S200 surveys based on the privately owned health of Transmission Control Protocol the health status that mechanism detects each link;
Described testing process comprises:
Chain road direction responder isolation gateway at end of probe isolation gateway by each forward spacer assembly place sends the probe messages based on Transmission Control Protocol, and receives the response message of described responder isolation gateway at described end of probe isolation gateway;
If described end of probe isolation gateway receives the first response message of default form, judge that this link is health status;
If described end of probe isolation gateway receives the second response message of default form, judge that this link is congestion state;
S300 distributes the forward business datum according to the health status of described each link.
the above-mentioned load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly, be directed to the forward spacer assembly and be combined application scenarios with the isolation gateway, the business process rule of configuration forward spacer assembly, close deploy based on the probe messages of Transmission Control Protocol by the separation net in spacer assembly both sides, to detect the health status of each link, carry out load balancing according to this health status, load-balancing efficiency is high, realize the bandwidth extendible capacity, the deployment of internet security scene, satisfied the high security that the forward spacer assembly is combined with the isolation gateway, the demand of high bandwidth and high reliability.
Description of drawings
Fig. 1 is the application networking schematic diagram of being combined with the isolation gateway based on the forward spacer assembly;
Fig. 2 the present invention is based on the forward spacer assembly to be combined the flow chart of the load-balancing method used with the isolation gateway;
Fig. 3 is the data segment format structure schematic diagram of probe messages in an embodiment.
Embodiment
The load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly of the present invention, be directed to the defective that existing load balancing ICMP health explorer exists in health is surveyed, adopted based on the privately owned health of Transmission Control Protocol and surveyed mechanism, the icmp probe of having eliminated load-balancing function itself is in the restriction of forward spacer assembly in isolating the application scenarios that gateway is combined.
Below in conjunction with accompanying drawing, embodiment of being combined the load-balancing method used based on the forward spacer assembly with the isolation gateway of the present invention is described in detail.
Fig. 2 shows and the present invention is based on the forward spacer assembly and be combined the flow chart of the load-balancing method used with the isolation gateway, comprises the steps:
S100, the business process rule of configuration forward spacer assembly wherein, allows the TCP service message to pass through at forward, and the response message that oppositely only allows to set form passes through;
S200 surveys based on the privately owned health of Transmission Control Protocol the health status that mechanism detects each link;
Concrete testing process comprises as follows:
Chain road direction responder isolation gateway at end of probe isolation gateway by each forward spacer assembly place sends the probe messages based on Transmission Control Protocol, and receives the response message of described responder isolation gateway at described end of probe isolation gateway;
If described end of probe isolation gateway receives the first response message of default form, judge that this link is health status;
If described end of probe isolation gateway receives the second response message of default form, judge that this link is congestion state;
S300 distributes the forward business datum according to the health status of described each link.
For more clear technology of the present invention, set forth preferred embodiment below in conjunction with accompanying drawing.
In the process of the health status that detects link, if described end of probe isolation gateway is not received the corresponding response message of described probe messages in setting-up time, judge that this link is interrupt status.
During due to the link down that is detected, link is in the packet loss state, probe messages can be abandoned by randomness and cause responder isolation gateway to can not receive probe messages and can't make response, when in setting-up time, be that a N continuous probe messages does not meet with a response, represent that the connection of this link is interrupted.
For response message, its data content is full 0 (0x00) or complete 1 (0xFF).
For probe messages, its data segment form as shown in Figure 3, whole message comprises IP Header, TCPHeader, DATA three parts, wherein DATA (data) part comprises:
Magic number (being defined as " MagicNum ") is used for the fail safe verification, and length can for 2 bytes, can be fixed as 0xDCBA;
Version number's (being defined as " Ver ") is used for the expansion of agreement subsequent upgrade, and length can be 1 byte, and version can be 0x1;
Length value (being defined as " Len ") is used for representing the follow-up private data length information that carries that length can be 1 byte, can be 0x5;
Data content (being defined as " Data ") is used for carrying probe messages content, and length is decided according to concrete message content, can be 0x53/0x43/0x4f/0x55/0x54, corresponding character string " SCOUT ";
Verification and (being defined as " CheckSum "), for the CRC check value that records all data, length can be 2 bytes, i.e. CRC (MagicNum+Ver+Len+Data);
For step S300, particularly, according to the health status of surveying each link that obtains, new forward business datum is dispensed to the link of health status, suspend the link that new forward business datum is dispensed to congestion state, stop new forward business datum is dispensed to the link of interrupt status.
Further, the health information of above-mentioned judgement is sent to log server, is used for to inquire about at log server.
In one embodiment, can increase of the present inventionly based on TCP link healthprobe method in isolation gateway original load-balancing algorithm module, be combined with scene thereby can satisfy with the forward spacer assembly.
Congestion situation occurs for Link State, need conversational list aging algorithm module accelerated ageing relevant link service conversation.Load-balancing algorithm calculates newly-built session and selects link to come the distribution service data according to actual situation address mapping relation and the equalization algorithm of current active link.
The load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly of the present invention, solved at the forward spacer assembly under the isolation gateway is combined scene, the inefficient problem of existing load-balancing function, effectively solve bandwidth extendible capacity, internet security scene and disposed a difficult problem, satisfied forward spacer assembly and the demand of isolating high security, high bandwidth and high reliability that gateway is combined.
The above embodiment has only expressed several execution mode of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.Should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection range of patent of the present invention should be as the criterion with claims.
Claims (7)
1. be combined the load-balancing method of using with the isolation gateway based on the forward spacer assembly for one kind, it is characterized in that, comprise the steps:
S100, the business process rule of configuration forward spacer assembly wherein, allows the TCP service message to pass through at forward, and the response message that oppositely only allows to set form passes through;
S200 surveys based on the privately owned health of Transmission Control Protocol the health status that mechanism detects each link;
Concrete testing process comprises as follows:
Chain road direction responder isolation gateway at end of probe isolation gateway by each forward spacer assembly place sends the probe messages based on Transmission Control Protocol, and receives the response message of described responder isolation gateway at described end of probe isolation gateway;
If described end of probe isolation gateway receives the first response message of default form, judge that this link is health status;
If described end of probe isolation gateway receives the second response message of default form, judge that this link is congestion state;
S300 distributes the forward business datum according to the health status of described each link.
2. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 1, is characterized in that, the process of described step S200 also comprises:
If described end of probe isolation gateway is not received the corresponding response message of described probe messages in setting-up time, judge that this link is interrupt status.
3. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 1, is characterized in that, the data content of described the first response message is complete 1; The data content of described the second response message is full 0.
4. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 1, is characterized in that, the data segment of described probe messages comprises:
Magic number is used for the fail safe verification;
Version number is used for the expansion of agreement subsequent upgrade;
Length value is used for representing the follow-up private data length information that carries;
Data content is used for carrying probe messages content;
Verification and, be used for recording the CRC check value of all data.
5. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 4, it is characterized in that, the length of described Magic number is 2 bytes, described version number length is 1 byte, the length of described length value is 1 byte, described verification and length be 2 bytes.
6. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 2, is characterized in that described S300 distributes the forward business datum according to the health status of described each link.Specifically comprise:
Described forward business datum is dispensed to the link of health status, suspends the link that described forward business datum is dispensed to congestion state, stop described forward business datum is dispensed to the link of interrupt status.
7. the load-balancing method of using of being combined with the isolation gateway based on the forward spacer assembly according to claim 1, is characterized in that, also comprises:
The health information of described judgement is sent to log server, is used for inquiry.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210536001.9A CN103124239B (en) | 2012-12-11 | 2012-12-11 | Based on the load-balancing method of forward spacer assembly with isolation gateway connected applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210536001.9A CN103124239B (en) | 2012-12-11 | 2012-12-11 | Based on the load-balancing method of forward spacer assembly with isolation gateway connected applications |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103124239A true CN103124239A (en) | 2013-05-29 |
| CN103124239B CN103124239B (en) | 2016-02-24 |
Family
ID=48455099
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210536001.9A Active CN103124239B (en) | 2012-12-11 | 2012-12-11 | Based on the load-balancing method of forward spacer assembly with isolation gateway connected applications |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103124239B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660626A (en) * | 2018-12-29 | 2019-04-19 | 天翼电子商务有限公司 | A kind of load-balancing method, system and load balancing monitoring client |
| CN109714648A (en) * | 2018-12-03 | 2019-05-03 | 南方电网科学研究院有限责任公司 | Video stream load balancing method and device |
| CN113411266A (en) * | 2021-06-17 | 2021-09-17 | 浙江齐安信息科技有限公司 | Cloud data transmission method and system based on isolation device, terminal and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640620A (en) * | 2009-09-01 | 2010-02-03 | 杭州华三通信技术有限公司 | Method and device for health detection for equalized equipment |
-
2012
- 2012-12-11 CN CN201210536001.9A patent/CN103124239B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640620A (en) * | 2009-09-01 | 2010-02-03 | 杭州华三通信技术有限公司 | Method and device for health detection for equalized equipment |
Non-Patent Citations (1)
| Title |
|---|
| 黄河清等: "一种面向多安全区的新型调度服务总线互联技术", 《电网技术》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714648A (en) * | 2018-12-03 | 2019-05-03 | 南方电网科学研究院有限责任公司 | Video stream load balancing method and device |
| CN109714648B (en) * | 2018-12-03 | 2021-09-03 | 南方电网科学研究院有限责任公司 | Video stream load balancing method and device |
| CN109660626A (en) * | 2018-12-29 | 2019-04-19 | 天翼电子商务有限公司 | A kind of load-balancing method, system and load balancing monitoring client |
| CN113411266A (en) * | 2021-06-17 | 2021-09-17 | 浙江齐安信息科技有限公司 | Cloud data transmission method and system based on isolation device, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103124239B (en) | 2016-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103117946B (en) | Traffic sharing method based on isolating device with isolation gateway connected applications | |
| EP3542557B1 (en) | Application based intelligent edge computing in a low power wide area network environment | |
| CN103124290B (en) | Based on the load-balancing method of reverse isolation device with isolation gateway connected applications | |
| CN107852365B (en) | Method and apparatus for dynamic VPN policy model | |
| CN111343093B (en) | Service data transmission method and device | |
| CN112583744B (en) | System and method for network tapestry multiprotocol integration | |
| AU2007240284B2 (en) | Virtual inline configuration for a network device | |
| CN101047618B (en) | Method and system for acquiring network route information | |
| EP2671352B1 (en) | System and method for aggregating and estimating the bandwidth of multiple network interfaces | |
| CA2500993C (en) | Process for exchanging information between two networks operating under different routing protocols | |
| CN105122748A (en) | A method and system of implementing conversation-sensitive collection for a link aggregation group | |
| CN102195865A (en) | Communicating network path and status information in multi-homed networks | |
| CN104184675B (en) | The IPSec VPN devices group system and its method of work of a kind of load balancing | |
| CN106302371A (en) | A kind of firewall control method based on subscriber service system and system | |
| CN101616131A (en) | A kind of method of defensing attack of Arp virus | |
| CN112822037B (en) | Flow arrangement method and system for security resource pool | |
| CN107257300B (en) | A kind of 4G access devices of wireless backup, system and method | |
| CN111262715B (en) | Virtual intranet acceleration method and system and computer equipment | |
| CN105637819A (en) | Methods and systems for transmitting broadcast data | |
| CN103124239B (en) | Based on the load-balancing method of forward spacer assembly with isolation gateway connected applications | |
| CN103124227B (en) | Forward spacer assembly and the Link State detection method of isolating gateway connected applications | |
| CN114337939A (en) | Network system based on cloud network fusion technology and network optimization method | |
| CN113676399A (en) | Dynamic intelligent selection method for service access gateway and network system based on cloud network fusion | |
| CN110086720B (en) | Method and system for realizing L3VPN based on two-dimensional routing protocol | |
| CN113839824A (en) | Flow auditing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |