CN106161331A - A kind of fire wall double hot standby method, Apparatus and system - Google Patents

A kind of fire wall double hot standby method, Apparatus and system Download PDF

Info

Publication number
CN106161331A
CN106161331A CN201510127590.9A CN201510127590A CN106161331A CN 106161331 A CN106161331 A CN 106161331A CN 201510127590 A CN201510127590 A CN 201510127590A CN 106161331 A CN106161331 A CN 106161331A
Authority
CN
China
Prior art keywords
backup
data
priority
fire wall
backed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510127590.9A
Other languages
Chinese (zh)
Inventor
李江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510127590.9A priority Critical patent/CN106161331A/en
Priority to PCT/CN2016/076158 priority patent/WO2016150307A1/en
Publication of CN106161331A publication Critical patent/CN106161331A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Abstract

The invention discloses a kind of fire wall double hot standby method, Apparatus and system.The method, including master firewall obtains the first priority connects data, the backup that described first priority connection packet includes presently described master firewall connects data group medium priority connection data the highest;First priority is connected data and is arranged in backed up in synchronization packet by described master firewall;Described master firewall sends described backed up in synchronization packet to backup fire wall, so that described first priority is connected data backup at described backup fire wall self by described backup fire wall.Achieve and connection data high for master firewall medium priority are backuped in backup fire wall, thus decrease the data volume of backup, and decrease BACKUP TIME, and then improve the efficiency of backup.

Description

A kind of fire wall double hot standby method, Apparatus and system
Technical field
Computer technology of the present invention, espespecially a kind of fire wall double hot standby method, Apparatus and system.
Background technology
Fire wall is arranged on network node usually used as protective barrier, as between in-house network and extranets, or Between private network and public network.
In prior art, in order to evade the fire wall being arranged on network node, Single Point of Faliure occurs, generally exist Two fire walls are disposed at this network node.By by the fully synchronized backup of connection data in master firewall In slave firewall, so that when master firewall breaks down, enabling slave firewall, it is achieved the whole network Communication.
But, prior art be typically by fully synchronized for the connection data in master firewall backup to standby anti- During wall with flues, reduce backup and connect the efficiency of data.
Content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of fire wall double hot standby method, device And system, connect the relatively low problem of data efficiency in order to solve backup.
In order to reach the object of the invention, the invention provides a kind of fire wall double hot standby method, comprising:
Master firewall obtains the first priority and connects data, and described first priority connection packet includes currently The backup of described master firewall connects data group medium priority connection data the highest;
Described first priority is connected data and is arranged in backed up in synchronization packet by described master firewall;
Described master firewall sends described backed up in synchronization packet to backup fire wall, so that described backup is anti- Described first priority is connected data backup at described backup fire wall self by wall with flues.
Further, before described master firewall obtains the first priority connection data, also include:
Described master firewall, according to connecting data message, determines that the described backup needing backup connects data group.
Further, described master firewall is according to connecting data message, determines the described backup needing backup Connect data group, comprising:
Data that connect each in described Backup Data group are carried out priority processing, it is thus achieved that priority is from high to low Connection data sorting.
Further, before described master firewall obtains the first priority connection data, also include:
Determining that at least a portion of described master firewall connects data is that described backup connects data group;
Determine that described backup connects each connection corresponding protocol type of data in data group;
According to described protocol type, priority processing is carried out to described each connection data, it is thus achieved that priority is from height To low connection data sorting.
Further, the first priority connection data are arranged on backed up in synchronization packet by described master firewall Before in, also include:
Determine whether described backed up in synchronization packet has remaining space;
If having, then perform described master firewall and the first priority connection data are arranged on backed up in synchronization data Bao Zhong;
If it is not, then apply for memory headroom, in order to deposit described backed up in synchronization packet.
Further, the first priority connection data are arranged on backed up in synchronization packet by described master firewall After in, also include:
Determine that whether described backed up in synchronization packet is full;
If so, then perform described master firewall and send described backed up in synchronization packet to backup fire wall, with Described backup fire wall is made described first priority to connect data backup at described backup fire wall self;
If it is not, then perform master firewall to determine that the first priority connects data.
Present invention also offers a kind of fire wall double hot standby method, comprising:
Backup fire wall obtains the backed up in synchronization packet that master firewall sends, described backed up in synchronization packet Including the first priority connects data, described first priority connection packet includes that current backup connects number According to group medium priority connection data the highest;
Described first priority, according to described backed up in synchronization packet, is connected data by described backup fire wall Backup is at described backup fire wall self.
Further, described backup fire wall is according to described backed up in synchronization packet, by described first preferential Level connects data backup at described backup fire wall self, comprising:
Described backup fire wall is according to mark connecting data each in described backed up in synchronization packet, by described Each connection data backup is at described backup fire wall self.
Present invention also offers a kind of fire wall two-node cluster hot backup device, comprising:
Acquisition module, connects data, described first priority connection packet for obtaining the first priority The backup including presently described master firewall connects data group medium priority connection data the highest;
Module is set, is arranged in backed up in synchronization packet for the first priority is connected data;
Sending module, is used for sending described backed up in synchronization packet to backup fire wall, so that described backup Described first priority is connected data backup at described backup fire wall self by fire wall.
Further, module is also comprised determining that,
Described determining module, for master firewall according to connecting data message, determines and needs the described of backup Backup connects data group.
Further, described determining module, specifically for entering data that connect each in described Backup Data group Row major level process, it is thus achieved that priority connection data sorting from high to low.
Further, described determining module, is additionally operable to determine that at least a portion of described master firewall connects Data are that described backup connects data group;Determine that described backup connects each connection data in data group corresponding Protocol type;According to described protocol type, priority processing is carried out to described each connection data, it is thus achieved that preferential Level connection data sorting from high to low.
Further, described determining module, is additionally operable to determine whether described backed up in synchronization packet has residue Space;If having, then perform described master firewall and the first priority connection data are arranged on backed up in synchronization number According in bag;If it is not, then apply for memory headroom, in order to deposit described backed up in synchronization packet.
Further, described determining module, is additionally operable to determine that whether described backed up in synchronization packet is full; If so, then perform described master firewall and send described backed up in synchronization packet to backup fire wall, so that institute State backup fire wall and described first priority is connected data backup at described backup fire wall self;If it is not, Then perform master firewall and determine that the first priority connects data.
Present invention also offers a kind of fire wall two-node cluster hot backup device, comprising:
Acquisition module, for obtaining the backed up in synchronization packet that master firewall sends, described backed up in synchronization number Including that the first priority connects data according to bag, described first priority connection packet includes current backup even Connect data group medium priority connection data the highest;
Backup module, for according to described backed up in synchronization packet, connecting data by described first priority Backup is at described backup fire wall self.
Further, described backup module, specifically for respectively connecting according in described backed up in synchronization packet The mark of data, by described each connection data backup at described backup fire wall self.
Present invention also offers a kind of fire wall Dual-Computer Hot-Standby System, comprising: fire wall as described above Two-node cluster hot backup device and fire wall two-node cluster hot backup device as described above.Compared with prior art, this Bright including, master firewall obtains the first priority and connects data, and described first priority connection packet includes The backup of presently described master firewall connects data group medium priority connection data the highest;Described main fire prevention First priority is connected data and is arranged in backed up in synchronization packet by wall;Described master firewall is anti-to backup Wall with flues sends described backed up in synchronization packet, so that described first priority is connected by described backup fire wall Data backup is at described backup fire wall self.Achieve connection data high for master firewall medium priority Backup in backup fire wall, thus decrease the data volume of backup, and decrease BACKUP TIME, and then Improve the efficiency of backup.Other features and advantages of the present invention will illustrate in the following description, and And, partly become apparent from specification, or understood by implementing the present invention.The present invention Purpose and other advantages can be by knot specifically noted in specification, claims and accompanying drawing Structure realizes and obtains.
Brief description
Accompanying drawing is used for providing being further appreciated by technical solution of the present invention, and constitutes one of specification Point, it is used for explaining technical scheme together with embodiments herein, be not intended that to the present invention The restriction of technical scheme.
Fig. 1 is the schematic flow sheet of asynchronous data transmission method one embodiment of the present invention;
Fig. 2 is the structural representation of backed up in synchronization packet of the present invention;
Fig. 3 is the schematic flow sheet of fire wall double hot standby method another embodiment of method of the present invention;
Fig. 4 is the schematic flow sheet of fire wall double hot standby method another embodiment of the present invention;
Fig. 5 is the structural representation of fire wall two-node cluster hot backup device one embodiment of the present invention;
Fig. 6 is the structural representation of fire wall two-node cluster hot backup another embodiment of device of the present invention
Fig. 7 is the structural representation of fire wall two-node cluster hot backup device another embodiment of the present invention.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing Embodiments of the invention are described in detail.It should be noted that in the case of not conflicting, this Shen Embodiment in please and the feature in embodiment can mutually be combined.
Can be at the computer of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing System performs.And, although show logical order in flow charts, but in some cases, Shown or described step can be performed with the order being different from herein.
The fire wall double hot standby method that the embodiment of the present invention provides specifically can apply to consolidated network node When two fire walls of middle setting, i.e. master firewall and the data syn-chronization backing up between fire wall, namely Say, working properly at master firewall, Backup Data is carried out data syn-chronization with backup fire wall, i.e. standby When part connects data.The fire wall double hot standby method that the present embodiment provides specifically can be double by fire wall The hot standby device of machine performs, and this fire wall two-node cluster hot backup device can be integrated in fire wall, this fire wall Two-node cluster hot backup device can use the mode of software and/or hardware to realize.Hereinafter the present embodiment is provided Fire wall double hot standby method is described in detail.
Fig. 1 is the schematic flow sheet of fire wall double hot standby method method one embodiment of the present invention, and Fig. 2 is The structural representation of backed up in synchronization packet of the present invention, as it is shown in figure 1, the method comprises the steps:
Step 101, master firewall obtain the first priority and connect data.
Described first priority connection packet in the present embodiment includes the backup of presently described master firewall even Connect data group medium priority connection data the highest.
In the present embodiment, determine that backup connects data group and at least includes following three kinds of implementations:
The first implementation, master firewall, according to connecting data message, determines and needs the described standby of backup Part connects data group.
For example, need the connection data configuration of backup to VLAN 1 some when configuration (Virtual Local Area Network is called for short VLAN) is inner;The connection not needing backup is configured to vlan2 In.Virtual Router Redundacy Protocol (Virtual Router Redundancy is bound in vlan1 Protocol, is called for short VRRP) group mark id, and be associated with in connection data.So in synchrodata When can only synchronize the data of vlan1, decrease the data total amount needing synchronization, thus improve synchronization Efficiency.So can ensure that important being connected to accomplishes to take over seamlessly during active-standby switch as far as possible.
The second implementation, can be on the basis of the first implementation, by described Backup Data group In each data that connect carry out priority processing, it is thus achieved that priority connection data sorting from high to low.For example, When there being multiple example needing backup, different priority can be configured between each ha example.? Some very important connections are configured in vlan1;Important connection is configured in vlan2;No The generic connectivity needing backup is such as configured in vlan3.Bind different in vlan1 with vlan2 respectively Vrrp group id, be associated with in different ha examples.And the ha exemplary configuration of vlan1 association is relatively High priority, and the ha example of vlan2 association configure relatively low priority.So in same step number According to when can only synchronize the data of vlan1 and vlan2, when the link information of vlan1 and vlan2 When sending change simultaneously, the change of priority synchronization vlan1, so can ensure important company as far as possible Accomplish to take over seamlessly when being connected on active-standby switch.
The third implementation, determining that at least a portion of described master firewall connects data is described backup Connect data group;Determine that described backup connects each connection corresponding protocol type of data in data group, according to Described protocol type carries out priority processing to described each connection data, it is thus achieved that priority company from high to low Connect data sorting.For example, first group of priority connecting data group is low, and second group connects data In priority, the 3rd group of priority connecting data group is high.Configuration http in data can be connected at first group Protocol type, second group connects the instant communication protocols such as configuration qq in data group, and the 3rd group connects in data Configuration video conference protocol.So when the connection status of these agreements changes, can be to the association connecting View type identifies automatically, according to configuration, different agreements is put into the connection data of different priorities In group, then back up according to priority order from high to low.So can ensure as far as possible to regard What meeting etc. frequently were important is connected to accomplish to take over seamlessly during active-standby switch.
It should be noted that this connection packet includes the connection data of master firewall and in-house network or extranets, Also can be configuration information.
First priority is connected data and is arranged on backed up in synchronization packet by step 102, described master firewall In.
It should be noted that it can be connection data that the first priority connects data, it is also possible to be one Group connects data, does not limits at this.As in figure 2 it is shown, this backed up in synchronization packet includes data Ha number According to bag packet header, behind its packet header, include that multiple storage connects the memory space of data.Each memory space is permissible Storage one connection data.For example, the first priority can be connected multiple connection data in data to divide It is not sequentially stored in memory space as shown in Figure 2.
Step 103, described master firewall send described backed up in synchronization packet to backup fire wall, so that institute State backup fire wall and described first priority is connected data backup at described backup fire wall self.
In the present embodiment, master firewall obtains the first priority connection data, described first preferential cascade Connect data and include that the backup of presently described master firewall connects data group medium priority connection data the highest; First priority is connected data and is arranged in backed up in synchronization packet by described master firewall;Described main fire prevention Wall sends described backed up in synchronization packet to backup fire wall, so that described backup fire wall is by described first Priority connects data backup at described backup fire wall self.Achieve master firewall medium priority high Connection data backup to, in backup fire wall, thus decrease the data volume of backup, and decrease backup Time, and then improve the efficiency of backup.
Fig. 3 is the schematic flow sheet of fire wall double hot standby method another embodiment of method of the present invention, such as Fig. 3 Shown in, the executive agent of the method for the present embodiment can be master firewall.The method comprises the steps:
Step 301, determine whether backed up in synchronization packet has remaining space.
In the present embodiment, if having, i.e. determine that the connection data of the other priority of upper level leave this synchronization in After backup data package, also remaining memory space, then step 303, if it is not, i.e. need again Application memory headroom, then step 302.
Step 302, application memory headroom, in order to deposit described backed up in synchronization packet.
Step 303, master firewall obtain the first priority and connect data.
Described first priority connection packet in the present embodiment includes the backup of presently described master firewall even Connect data group medium priority connection data the highest.
The implementation of the present embodiment is similar with the implementation principle of step 101 and effect, at this no longer Repeat.
First priority is connected data and is arranged on backed up in synchronization packet by step 304, described master firewall In.
Step 305, determine that whether described backed up in synchronization packet is full.
In this fact Example, if so, then perform 306, if it is not, then step 301.
Step 306, described master firewall send described backed up in synchronization packet to backup fire wall, so that institute State backup fire wall and described first priority is connected data backup at described backup fire wall self.
Fig. 4 is the schematic flow sheet of fire wall double hot standby method another embodiment of the present invention, such as Fig. 4 institute Showing, the method comprises the steps:
Step 401, backup fire wall obtain the backed up in synchronization packet that master firewall sends.
In the present embodiment, described backed up in synchronization packet includes that the first priority connects data, described the One priority connection packet includes that current backup connects data group medium priority connection data the highest;
Step 402, described backup fire wall are according to described backed up in synchronization packet, by described first priority Connect data backup at described backup fire wall self.
Concrete, described backup fire wall according to mark connecting data each in described backed up in synchronization packet, By described each connection data backup at described backup fire wall self.
In the present embodiment, obtain, by backup fire wall, the backed up in synchronization packet that master firewall sends, Described backed up in synchronization packet includes that the first priority connects data, described first priority connection packet Including current backup connects data group medium priority connection data the highest;Described backup fire wall is according to institute State backed up in synchronization packet, described first priority is connected data backup at described backup fire wall self. Achieve and connection data high for master firewall medium priority are backuped in backup fire wall, thus decrease The data volume of backup, and decrease BACKUP TIME, and then improve the efficiency of backup.
Fig. 5 is the structural representation of fire wall two-node cluster hot backup device one embodiment of the present invention, such as Fig. 5 institute Show, this fire wall two-node cluster hot backup device, comprising: the 51st, acquisition module arranges module 52 and sending module 53.Wherein,
Acquisition module 51, connects data for obtaining the first priority, and described first priority connects data Including the backup of presently described master firewall connects data group medium priority connection data the highest;
Module 52 is set, is arranged in backed up in synchronization packet for the first priority is connected data;
Sending module 53, is used for sending described backed up in synchronization packet to backup fire wall, so that described standby Described first priority is connected data backup at described backup fire wall self by part fire wall.
In the present embodiment, it is achieved that connection data high for master firewall medium priority are backuped to backup anti- In wall with flues, thus decrease the data volume of backup, and decrease BACKUP TIME, and then improve backup Efficiency.
Fig. 6 is the structural representation of fire wall two-node cluster hot backup another embodiment of device of the present invention, such as Fig. 6 institute Show, on the basis of above-described embodiment, this fire wall two-node cluster hot backup device, mould can also be comprised determining that Block 54.Wherein it is determined that module 54, for master firewall according to connecting data message, determine and need backup Described backup connect data group.
Further, on the basis of above-described embodiment, determining module 54, specifically for by described backup In data group, each data that connect carry out priority processing, it is thus achieved that priority connection data sorting from high to low.
Optionally, determining module 54, are additionally operable to determine that at least a portion of described master firewall connects data Connect data group for described backup;Determine that described backup connects each connection corresponding agreement of data in data group Type;According to described protocol type to described each connection data carry out priority processing, it is thus achieved that priority from High to low connection data sorting.
Further, on the basis of above-described embodiment, described determining module 54, it is additionally operable to determination described Whether backed up in synchronization packet has remaining space;If having, then perform described master firewall by the first priority Connect data to be arranged in backed up in synchronization packet;If it is not, then apply for memory headroom, described in order to deposit Backed up in synchronization packet.
Further, on the basis of above-described embodiment, described determining module 54, it is additionally operable to determination described Whether backed up in synchronization packet is full;If so, then perform described master firewall and send institute to backup fire wall State backed up in synchronization packet, so that described first priority is connected data backup and exists by described backup fire wall Described backup fire wall self;If it is not, then perform master firewall to determine that the first priority connects data.
Fig. 7 is the structural representation of fire wall two-node cluster hot backup device another embodiment of the present invention, such as Fig. 7 institute Show, this fire wall two-node cluster hot backup device, comprising: acquisition module 71 and backup module 72.Wherein,
Acquisition module 71, for obtaining the backed up in synchronization packet that master firewall sends, described backed up in synchronization Packet includes that the first priority connects data, and described first priority connection packet includes current backup Connect data group medium priority connection data the highest;
Backup module 72, for according to described backed up in synchronization packet, connecting number by described first priority According to backup at described backup fire wall self.
In the present embodiment, it is achieved that connection data high for master firewall medium priority are backuped to backup anti- In wall with flues, thus decrease the data volume of backup, and decrease BACKUP TIME, and then improve backup Efficiency.
Further, on the basis of above-described embodiment, backup module 62, specifically for according to described with Each mark connecting data in step backup data package, by described each connection data backup in described backup fire prevention Wall self.
The present invention also provides a kind of fire wall Dual-Computer Hot-Standby System, comprising: preventing as described in Fig. 4 and Fig. 5 Wall with flues two-node cluster hot backup device and fire wall two-node cluster hot backup device as described in Figure 6.
Although the embodiment that disclosed herein is as above, but described content only readily appreciates the present invention And the embodiment using, it is not limited to the present invention.Technology people in any art of the present invention Member, on the premise of without departing from the spirit and scope that disclosed herein, can be in the form implemented and thin Carry out any modification and change on joint, but the scope of patent protection of the present invention, still must be with appended right Claim is defined in the range of standard.

Claims (17)

1. a fire wall double hot standby method, it is characterised in that include:
Master firewall obtains the first priority and connects data, and described first priority connection packet includes currently The backup of described master firewall connects data group medium priority connection data the highest;
Described first priority is connected data and is arranged in backed up in synchronization packet by described master firewall;
Described master firewall sends described backed up in synchronization packet to backup fire wall, so that described backup is anti- Described first priority is connected data backup at described backup fire wall self by wall with flues.
2. method according to claim 1, it is characterised in that it is excellent that described master firewall obtains first Before first level connects data, also include:
Described master firewall, according to connecting data message, determines that the described backup needing backup connects data group.
3. method according to claim 2, it is characterised in that described master firewall is according to connection number It is believed that breath, determine that the described backup needing backup connects data group, comprising:
Data that connect each in described Backup Data group are carried out priority processing, it is thus achieved that priority is from high to low Connection data sorting.
4. method according to claim 1, it is characterised in that it is excellent that described master firewall obtains first Before first level connects data, also include:
Determining that at least a portion of described master firewall connects data is that described backup connects data group;
Determine that described backup connects each connection corresponding protocol type of data in data group;
According to described protocol type, priority processing is carried out to described each connection data, it is thus achieved that priority is from height To low connection data sorting.
5. the method according to any one of claim 1-4, it is characterised in that described master firewall Before being arranged on the first priority connection data in backed up in synchronization packet, also include:
Determine whether described backed up in synchronization packet has remaining space;
If having, then perform described master firewall and the first priority connection data are arranged on backed up in synchronization data Bao Zhong;
If it is not, then apply for memory headroom, in order to deposit described backed up in synchronization packet.
6. method according to claim 5, it is characterised in that described master firewall is excellent by first After first level connection data are arranged in backed up in synchronization packet, also include:
Determine that whether described backed up in synchronization packet is full;
If so, then perform described master firewall and send described backed up in synchronization packet to backup fire wall, with Described backup fire wall is made described first priority to connect data backup at described backup fire wall self;
If it is not, then perform master firewall to determine that the first priority connects data.
7. a fire wall double hot standby method, it is characterised in that include:
Backup fire wall obtains the backed up in synchronization packet that master firewall sends, described backed up in synchronization packet Including the first priority connects data, described first priority connection packet includes that current backup connects number According to group medium priority connection data the highest;
Described first priority, according to described backed up in synchronization packet, is connected data by described backup fire wall Backup is at described backup fire wall self.
8. method according to claim 7, it is characterised in that described backup fire wall is according to institute State backed up in synchronization packet, described first priority connected data backup and backs up fire wall self described, Including:
Described backup fire wall is according to mark connecting data each in described backed up in synchronization packet, by described Each connection data backup is at described backup fire wall self.
9. a fire wall two-node cluster hot backup device, it is characterised in that include:
Acquisition module, connects data, described first priority connection packet for obtaining the first priority The backup including presently described master firewall connects data group medium priority connection data the highest;
Module is set, is arranged in backed up in synchronization packet for the first priority is connected data;
Sending module, is used for sending described backed up in synchronization packet to backup fire wall, so that described backup Described first priority is connected data backup at described backup fire wall self by fire wall.
10. device according to claim 9, it is characterised in that also comprise determining that module,
Described determining module, for master firewall according to connecting data message, determines and needs the described of backup Backup connects data group.
11. devices according to claim 10, it is characterised in that described determining module, specifically use In data that connect each in described Backup Data group are carried out priority processing, it is thus achieved that priority is from high to low Connect data sorting.
12. devices according to claim 9, it is characterised in that described determining module, are additionally operable to Determining that at least a portion of described master firewall connects data is that described backup connects data group;Determine described Backup connects each connection corresponding protocol type of data in data group;According to described protocol type to described respectively Connect data and carry out priority processing, it is thus achieved that priority connection data sorting from high to low.
13. devices according to any one of claim 9-12, it is characterised in that described determining module, It is additionally operable to determine whether described backed up in synchronization packet has remaining space;If having, then perform described main fire prevention First priority is connected data and is arranged in backed up in synchronization packet by wall;If it is not, then apply for memory headroom, In order to deposit described backed up in synchronization packet.
14. devices according to claim 13, it is characterised in that described determining module, are additionally operable to Determine that whether described backed up in synchronization packet is full;If so, described master firewall is then performed to backup fire prevention Wall sends described backed up in synchronization packet, so that described first priority is connected number by described backup fire wall According to backup at described backup fire wall self;If it is not, then perform master firewall to determine that the first priority connects Data.
15. 1 kinds of fire wall two-node cluster hot backup devices, it is characterised in that include:
Acquisition module, for obtaining the backed up in synchronization packet that master firewall sends, described backed up in synchronization number Including that the first priority connects data according to bag, described first priority connection packet includes current backup even Connect data group medium priority connection data the highest;
Backup module, for according to described backed up in synchronization packet, connecting data by described first priority Backup is at described backup fire wall self.
16. devices according to claim 15, it is characterised in that described backup module, specifically use According to mark connecting data each in described backed up in synchronization packet, described each connection data backup is existed Described backup fire wall self.
17. 1 kinds of fire wall Dual-Computer Hot-Standby System, it is characterised in that include: such as claim 9-14 Described fire wall two-node cluster hot backup device and the dress of the fire wall two-node cluster hot backup as described in claim 15 or 16 Put.
CN201510127590.9A 2015-03-23 2015-03-23 A kind of fire wall double hot standby method, Apparatus and system Withdrawn CN106161331A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510127590.9A CN106161331A (en) 2015-03-23 2015-03-23 A kind of fire wall double hot standby method, Apparatus and system
PCT/CN2016/076158 WO2016150307A1 (en) 2015-03-23 2016-03-11 Firewall dual-machine hot spare method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510127590.9A CN106161331A (en) 2015-03-23 2015-03-23 A kind of fire wall double hot standby method, Apparatus and system

Publications (1)

Publication Number Publication Date
CN106161331A true CN106161331A (en) 2016-11-23

Family

ID=56977958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510127590.9A Withdrawn CN106161331A (en) 2015-03-23 2015-03-23 A kind of fire wall double hot standby method, Apparatus and system

Country Status (2)

Country Link
CN (1) CN106161331A (en)
WO (1) WO2016150307A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616587A (en) * 2018-04-24 2018-10-02 新华三技术有限公司 A kind of list item synchronous method, device and the network equipment
CN110912916A (en) * 2019-11-29 2020-03-24 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for synchronizing configuration of WEB application firewall

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051342B (en) * 2019-12-28 2023-06-20 浙江宇视科技有限公司 Lightweight double-machine switching method and system
CN114301842B (en) * 2021-12-30 2024-03-15 山石网科通信技术股份有限公司 Route searching method and device, storage medium, processor and network system
CN114640574B (en) * 2022-02-28 2023-11-28 天翼安全科技有限公司 Main and standby equipment switching method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040133690A1 (en) * 2002-10-25 2004-07-08 International Business Machines Corporaton Technique for addressing a cluster of network servers
CN101651680A (en) * 2009-09-14 2010-02-17 杭州华三通信技术有限公司 Network safety allocating method and network safety device
CN101848100A (en) * 2009-03-23 2010-09-29 北京鼎信高科信息技术有限公司 Fire wall dual-computer hot-standby system based on CONNTRACK synchronism
CN102904818A (en) * 2012-09-27 2013-01-30 北京星网锐捷网络技术有限公司 Method and device for updating ARP (Address Resolution Protocol) information table
CN103441987A (en) * 2013-07-30 2013-12-11 曙光信息产业(北京)有限公司 Method and device for managing dual-computer firewall system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040133690A1 (en) * 2002-10-25 2004-07-08 International Business Machines Corporaton Technique for addressing a cluster of network servers
CN101848100A (en) * 2009-03-23 2010-09-29 北京鼎信高科信息技术有限公司 Fire wall dual-computer hot-standby system based on CONNTRACK synchronism
CN101651680A (en) * 2009-09-14 2010-02-17 杭州华三通信技术有限公司 Network safety allocating method and network safety device
CN102904818A (en) * 2012-09-27 2013-01-30 北京星网锐捷网络技术有限公司 Method and device for updating ARP (Address Resolution Protocol) information table
CN103441987A (en) * 2013-07-30 2013-12-11 曙光信息产业(北京)有限公司 Method and device for managing dual-computer firewall system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616587A (en) * 2018-04-24 2018-10-02 新华三技术有限公司 A kind of list item synchronous method, device and the network equipment
CN110912916A (en) * 2019-11-29 2020-03-24 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for synchronizing configuration of WEB application firewall

Also Published As

Publication number Publication date
WO2016150307A1 (en) 2016-09-29

Similar Documents

Publication Publication Date Title
CN111740899B (en) ARP request message forwarding method, cross-device link aggregation group and network device
CN105827623B (en) Data center systems
US11323307B2 (en) Method and system of a dynamic high-availability mode based on current wide area network connectivity
CN111865779B (en) Route synchronization method and cross-device link aggregation group
US9838215B2 (en) Ethernet ring protection node with node-level redundancy
CN106161331A (en) A kind of fire wall double hot standby method, Apparatus and system
CN105745883B (en) Forwarding table synchronous method, the network equipment and system
US9998366B2 (en) System, method and device for forwarding packet
EP2458782A1 (en) Method for multiplexing hot backup ports and network system thereof
CN102711234B (en) The method and VRRP equipment of active and standby VRRP equipment rooms synchronization ARP table
CN103873336B (en) The service bearer method and device of distributed elastic network interconnection
CN105656645A (en) Decision making method and device for fault processing of stacking system
EP2911355A1 (en) Method and device for flow path negotiation in link aggregation group
CN104125088A (en) Method of interaction information between systems in same terminal of DRNI and system thereof
EP2424186A1 (en) Dual-computer hot-standby method, device and system
WO2017008641A1 (en) Method of switching redundancy port and device utilizing same
US20130246635A1 (en) Technique for Bundling in Link Aggregation
CN103631652A (en) Method and system for achieving virtual machine migration
US11398875B2 (en) Simplified synchronized ethernet implementation
US9553760B2 (en) Method, device, and system for dual-uplink tangent ring convergence
WO2016124117A1 (en) Method, switching device and network controller for protecting links in software-defined network (sdn)
CN103731303A (en) Method and device of vertical converged framework for achieving multi-active detection
WO2016192402A1 (en) Method and apparatus for adjusting maximum transmission unit of ipv6 tunnel
CN101340339A (en) Wideband access server cluster system and apparatus
CN103746943B (en) Method for establishing VLAN subinterface and exchange chip using the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20161123

WW01 Invention patent application withdrawn after publication