CN106686137B - Network isolating device load-balancing method based on L2 data forwarding - Google Patents
Network isolating device load-balancing method based on L2 data forwarding Download PDFInfo
- Publication number
- CN106686137B CN106686137B CN201710107379.XA CN201710107379A CN106686137B CN 106686137 B CN106686137 B CN 106686137B CN 201710107379 A CN201710107379 A CN 201710107379A CN 106686137 B CN106686137 B CN 106686137B
- Authority
- CN
- China
- Prior art keywords
- address
- mac
- message
- isolating device
- array gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000002955 isolation Methods 0.000 claims abstract description 58
- 230000008569 process Effects 0.000 claims abstract description 16
- 230000003862 health status Effects 0.000 claims abstract description 5
- 230000005540 biological transmission Effects 0.000 claims description 20
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 claims description 14
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 claims description 14
- 102100039558 Galectin-3 Human genes 0.000 claims description 14
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 claims description 14
- 101150115300 MAC1 gene Proteins 0.000 claims description 14
- 101150051246 MAC2 gene Proteins 0.000 claims description 14
- 230000036541 health Effects 0.000 claims description 13
- 230000004048 modification Effects 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims 1
- 230000006872 improvement Effects 0.000 abstract description 4
- 238000004519 manufacturing process Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006855 networking Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1036—Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
Abstract
The invention discloses the network isolating device load-balancing methods based on L2 data forwarding: step 1 configures network isolating device and array gateway;Step 2, the weighted value that link is set;Step 3 E-Packets according to weighted value and link health status, wherein: when receiving the request of intranet server, array gateway I chooses positive isolating device, and the Intranet MAC Address for the positive isolating device that the target MAC (Media Access Control) address for receiving message is revised as choosing is forwarded;When receiving the request of external network server, array gateway II chooses reverse isolation device, and the outer net MAC Address for the reverse isolation device that the target MAC (Media Access Control) address for receiving message is revised as choosing is forwarded.While saving IP resource, isolated array implementation process is reduced to the improvement cost of operation business.Further, link healthprobe is more reasonable.
Description
Technical field
The present invention relates to the network isolating device load-balancing methods based on L2 data forwarding.
Background technique
Network isolating device is a kind of safety device for network boundary, comprising positive isolating device and reversely every
From device two types, be deployed in power generation environment power information system production control zone and management information area it
Between.Array gateway is a kind of transparent gateway with load-balancing function, is deployed in the network that more isolating devices stack composition
The Web portal of array, exit.
Currently, the load-balancing method of network isolating device is realized using L3 data forwarding, such as application No. is
201210535074.6 patent, disclose it is a kind of based on isolating device and the traffic sharing method that gateway connected applications are isolated,
However, having following deficiency using the method that L3 data forwarding realizes network isolating device load balancing:
A. in order to avoid virtual ip address conflict, the all-network isolating device stacked in isolated array must configure difference
Strategy, virtual ip address.While causing the IP address wasting of resources, also it is unfavorable for addition, deletes, in management isolated array
The operation such as network isolating device node.
When b. using reversed network isolating device in isolated array, it is necessary between array gateway and reverse isolation device
Virtual file server is disposed, increases the complexity and cost of system, while also increasing a possible Single Point of Faliure.
When c. using reversed network isolating device in isolated array, array gateway is limited to the detecting function of link, only
Virtual server can be detected, the practical health condition of link can not be detected.
Summary of the invention
In view of the above-mentioned problems, the present invention provides the network isolating device load-balancing method based on L2 data forwarding, save
While IP resource, isolated array implementation process is reduced to the improvement cost of operation business.Further, link healthprobe is more
Rationally.
Explanation of nouns:
1, in L2:OSI (Open System Interconnection, open system interconnection) seven layer network models
The second layer.
2, in L3:OSI (Open System Interconnection, open system interconnection) seven layer network models
Third layer.
3, load balancing (Load Balance): establishing on existing network infrastructure, it provides a kind of cheap effective
The bandwidth of transparent method extended network equipment and server increases handling capacity, Strengthens network data-handling capacity, improves network
Flexibility and availability.
4, positive isolating device: the physics isolation technology being deployed on production control great Qu to the direction management information great Qu,
It is capable of the data access of No striding permission, and can identifies shielding invalid data request.It is responsible for production control great Qu to letter
The one-way data transfer of breath management great Qu, production control great Qu are high safety area, and management information great Qu is lower security area.
5, reverse isolation device: the physics isolation technology being deployed on the production control direction great Qu of management information great Qu,
Data access and identification shielding illegal request, load management information great Qu across permission can be effectively prevent to control to production
The one-way data transfer of great Qu.
6, array gateway: being deployed between application server and forward direction, reverse isolation device, with load-balancing function
The network equipment can will configure all identical isolating device forward or backwards to all in addition to MAC Address using data distribution,
Realize the data forwarding of data link layer.
To realize above-mentioned technical purpose and the technique effect, the invention is realized by the following technical scheme:
Network isolating device load-balancing method based on L2 data forwarding, if intranet server and network isolating device it
Between be provided with array gateway I, array gateway II is provided between external network server and network isolating device, is included the following steps:
Step 1 configures network isolating device and array gateway, in which:
The Intranet virtual ip address of all forward direction isolating devices is configured to identical, is denoted as VIPzn, all forward direction isolating devices
Outer net virtual ip address be configured to identical, be denoted as VIPzw, the Intranet of all positive isolating devices recorded in array gateway I
MAC Address records the outer net MAC Address of all positive isolating devices in array gateway II;
The Intranet virtual ip address of all reverse isolation devices is configured to identical, is denoted as VIPfn, all reverse isolation devices
Outer net virtual ip address be configured to identical, be denoted as VIPfw, the outer net of all reverse isolation devices recorded in array gateway II
MAC Address records the Intranet MAC Address of all reverse isolation devices in array gateway I;
Step 2, the weighted value that link is set;
Step 3 E-Packets according to weighted value and link health status, in which:
When receiving the request of intranet server, array gateway I chooses positive isolating device, and the purpose that will receive message
The Intranet MAC Address that MAC Address is revised as the positive isolating device chosen forwards;
When receiving the request of external network server, array gateway II chooses reverse isolation device, and the mesh that will receive message
The MAC Address outer net MAC Address of reverse isolation device that is revised as choosing forward.
It is preferred that array gateway I and II carry out load balancing using Weighted Round Robin;The initial value foundation of link weight weight values
The nominal performance of the data transmission of network isolating device is configured, and is adjusted according to the session number distributed in each of the links
It is whole.
It is preferred that if IP1, MAC1 are respectively the IP address and MAC Address of intranet server;IP2, MAC2 are respectively array net
Close the IP address and MAC Address of I and intranet server connected interface;IP3, MAC3, which are respectively array gateway I, is isolated dress with forward direction
Set the IP address and MAC Address of Intranet connected interface;IP4, MAC4 are respectively the IP of network interface in the positive isolating device chosen
Address and MAC Address;IP5, MAC5 are respectively the IP address and MAC Address for the positive isolating device outer network interface chosen;IP6,
MAC6 is respectively the IP address and MAC Address of array gateway II and positive isolating device outer net connected interface;IP7, MAC7 difference
For the IP address and MAC Address of array gateway II and external network server connected interface;IP8, MAC8 are respectively external network server
IP address and MAC Address, then the positive process for carrying out data-message transmission is as follows:
1) intranet server issues request to array gateway I, and the source IP of message is IP1, destination IP IP4, source MAC
For MAC1, target MAC (Media Access Control) address MAC2;
2) array gateway I selects a positive isolating device as forwarding target, and modification intranet server sends over
The target MAC (Media Access Control) address of original message, the source IP of message are IP1, destination IP IP4, source MAC MAC3, target MAC (Media Access Control) address
For MAC4;
3) positive isolating device is reported according to physically-isolated logic by the array gateway II of data message forwarding to outer net side
The source IP of text is IP5, destination IP IP8, source MAC MAC5, target MAC (Media Access Control) address MAC6;
4) array gateway II realizes transparent transmission, after the target MAC (Media Access Control) address for modifying original message, message is sent to outer
Network server, the source IP of message are IP5, destination IP IP8, source MAC MAC7, target MAC (Media Access Control) address MAC8.
It is preferred that if IP1, MAC1 are respectively the IP address and MAC Address of intranet server;IP2, MAC2 are respectively array net
Close the IP address and MAC Address of I and intranet server connected interface;IP9, MAC9 are respectively that array gateway I and reverse isolation fill
Set the IP address and MAC Address of Intranet connected interface;IP10, MAC10 are respectively network interface in the reverse isolation device chosen
IP address and MAC Address;IP11, MAC11 are respectively the IP address and MAC Address for the reverse isolation device outer network interface chosen;
IP12, MAC12 are respectively the IP address and MAC Address of array gateway II Yu reverse isolation device outer net connected interface;IP7,
MAC7 is respectively the IP address and MAC Address of array gateway II Yu external network server connected interface;IP8, MAC8 are respectively outer net
The IP address and MAC Address of server, the then process for being reversed data-message transmission are as follows:
1) external network server issues request to array gateway II, and the source IP of message is IP8, destination IP IP11, source MAC
Location is MAC8, target MAC (Media Access Control) address MAC7;
2) array gateway II selects a reverse isolation device as forwarding target, and modification external network server sends over
The target MAC (Media Access Control) address of original message, the source IP of message are IP8, destination IP IP11, source MAC MAC12, purpose MAC
Location is MAC11;
3) reverse isolation device is reported according to physically-isolated logic by the array gateway I of data message forwarding to interior net side
The source IP of text is IP10, destination IP IP1, source MAC MAC10, target MAC (Media Access Control) address MAC9;
4) array gateway I realizes transparent transmission, after the target MAC (Media Access Control) address for modifying original message, message is sent in
Network server, the source IP of message are IP10, destination IP IP1, source MAC MAC2, target MAC (Media Access Control) address MAC1.
The beneficial effects of the present invention are:
1, load balancing is realized based on the data forwarding of L2, the configuration of all-network isolating device is all identical, with MAC
Location is that mark distinguishes different network isolating devices.While saving IP resource, isolated array implementation process is reduced to operation industry
The improvement cost of business.
2, the health condition of physical link is checked, which refers to by two array column gateways and a Network Isolation dress
Set the conditional bi-directional path of composition.The limitation refers to that the returned data of health examination meets the use rule of network isolating device
Model, is only capable of as 0x00 or 0xff, and link healthprobe is more reasonable.
3, for using operation system of the isolating device as one-way transmission path forward or backwards, the data based on L2 turn
It sends and realizes that load-balancing method can be obviously improved its transmission performance and system stability.
Detailed description of the invention
Fig. 1 is the flow chart of the network isolating device load-balancing method the present invention is based on L2 data forwarding;
Fig. 2 is the positive isolating device load balancing networking schematic diagram the present invention is based on L2;
Fig. 3 is the reverse isolation device load equilibrium networking schematic diagram the present invention is based on L2;
Fig. 4 is positive transmission schematic diagram of the invention;
Fig. 5 is reverse transfer schematic diagram of the present invention.
Specific embodiment
Technical solution of the present invention is described in further detail with specific embodiment with reference to the accompanying drawing, so that ability
The technical staff in domain can better understand the present invention and can be practiced, but illustrated embodiment is not as to limit of the invention
It is fixed.
As shown in Figure 1-3, the load balancing networking of isolating device forward or backwards based on L2 includes intranet server, Intranet
Array gateway I, outer net array gateway II, forward or backwards isolating device and external network server, wherein intranet server and net
It is provided with array gateway I between network isolating device, array gateway II is provided between external network server and network isolating device.Figure
Assume that isolating device is four forward or backwards in 2 and Fig. 3.
Network isolating device load-balancing method based on L2 data forwarding, includes the following steps:
Step 1 configures network isolating device and array gateway, i.e. the strategy configuration of network isolating device and array
The configuration of gateway forwards rule, in which:
The Intranet virtual ip address of all forward direction isolating devices is configured to identical, is denoted as VIPzn, all forward direction isolating devices
Outer net virtual ip address be configured to identical, be denoted as VIPzw, the Intranet of all positive isolating devices recorded in array gateway I
MAC Address records the outer net MAC Address of all positive isolating devices, as shown in Figure 1 in array gateway II.It is with MAC Address
Mark distinguishes different devices.
The Intranet virtual ip address of all reverse isolation devices is configured to identical, is denoted as VIPfn, all reverse isolation devices
Outer net virtual ip address be configured to identical, be denoted as VIPfw, the outer net of all reverse isolation devices recorded in array gateway II
MAC Address records the Intranet MAC Address of all reverse isolation devices, as shown in Figure 2 in array gateway I.It is with MAC Address
Mark distinguishes different devices.
Step 2, the weighted value that link is set:
Array gateway I and II carry out load balancing using Weighted Round Robin;The initial value of link weight weight values is according to network
The nominal performance of the data transmission of isolating device is configured, can be with manual setting, in practical applications, can be according to every chain
The session number of road distribution is adjusted.
Step 3 E-Packets according to weighted value and link health status, in which:
When choosing positive isolating device or reverse isolation device, firstly, the maximum positive isolating device of weight selection value
Or reverse isolation device, before array gateway forwards message, it is necessary first to which the health status for determining selected link carries out link
Health examination then chooses the forward direction isolating device or reverse isolation device when link is normal.By taking positive isolating device as an example,
The health examination of positive isolating device is initiated by array gateway I, via positive isolating device, health-check request message most Zhongdao
Up to array gateway II.Array gateway II using 0x00 or 0xff as response (isolating device returned packet regulation only allow a 0x00,
0xff passes through), which eventually arrives at array gateway I through positive isolating device.
When link is normal, then the forward direction isolating device is chosen;If array gateway I does not receive response report in time-out time
Text then determines that the link is temporarily unreachable, service switchover flow to other links.Preferably choose remaining positive isolating device or
Weighted value is maximum in reverse isolation device, and carries out health examination to link.Health examination message, will as other messages
The MAC Address of every isolating device is as the unique identification distinguished.The health examination of reverse isolation device is similar to above-mentioned process,
It is contrary.
When receiving the request of intranet server, array gateway I chooses positive isolating device, and the purpose that will receive message
The Intranet MAC Address that MAC Address is revised as the positive isolating device chosen forwards;
When receiving the request of external network server, array gateway II chooses reverse isolation device, and the mesh that will receive message
The MAC Address outer net MAC Address of reverse isolation device that is revised as choosing forward.
In the use process of positive isolating device, all forward direction Intranet virtual addresses of isolating devices, outer net are virtually
Location is all identical, and array gateway I is using MAC Address as the unique identification of the different positive isolating devices of the middle difference that E-Packets.Anti-
Into the use process of isolating device, outer net virtual address, the Intranet virtual address of all reverse isolation devices are all identical, array
Gateway II is using MAC Address as the unique identification for the different reverse isolation devices of middle difference that E-Packet.
By taking the use of positive isolating device as an example, the weighted value of the positive isolating devices of A, B, C, D tetra- be respectively S1, S2,
S3, S4, wherein S1 < S2 < S3 < S4.The biggish forward direction isolating device D of array gateway I preoption weight values is used as forwarding target,
Then health examination is carried out to the link where positive isolating device D, it is assumed that link is normal.When there is data to need to forward, battle array
Column gateway I forwards the Intranet MAC Address that the target MAC (Media Access Control) address for receiving message is revised as positive isolating device D, realizes saturating
Bright data forwarding.The array gateway II of outer net side can receive the data from positive isolating device D, record the session letter of the message
Breath, and bound with the outer net MAC Address of positive isolating device D, in this, as the foundation of response message forwarding.
It introduces in detail below:
As shown in figure 4, setting the IP address and MAC Address that IP1, MAC1 are respectively intranet server;IP2, MAC2 are respectively
The IP address and MAC Address of array gateway I and intranet server connected interface;IP3, MAC3 are respectively array gateway I and forward direction
The IP address and MAC Address of isolating device Intranet connected interface;IP4, MAC4 are respectively that the positive isolating device Intranet chosen connects
The IP address and MAC Address of mouth;IP5, MAC5 are respectively the IP address of positive isolating device outer network interface chosen and MAC
Location;IP6, MAC6 are respectively the IP address and MAC Address of array gateway II and positive isolating device outer net connected interface;IP7,
MAC7 is respectively the IP address and MAC Address of array gateway II Yu external network server connected interface;IP8, MAC8 are respectively outer net
The IP address and MAC Address of server, then the positive process for carrying out data-message transmission is as follows:
1) intranet server issues request to array gateway I, and the source IP of message is IP1, destination IP IP4, source MAC
For MAC1, target MAC (Media Access Control) address MAC2;
2) array gateway I selects a positive isolating device as forwarding target, and modification intranet server sends over
The target MAC (Media Access Control) address of original message, the source IP of message are IP1, destination IP IP4, source MAC MAC3, target MAC (Media Access Control) address
For MAC4;
3) positive isolating device is reported according to physically-isolated logic by the array gateway II of data message forwarding to outer net side
The source IP of text is IP5, destination IP IP8, source MAC MAC5, target MAC (Media Access Control) address MAC6;
4) array gateway II realizes transparent transmission, after the target MAC (Media Access Control) address for modifying original message, message is sent to outer
Network server, the source IP of message are IP5, destination IP IP8, source MAC MAC7, target MAC (Media Access Control) address MAC8.
When there is reply data to be back to intranet server from external network server, process is similar to above-mentioned 1~4, direction phase
Instead, specific as follows:
5) when there is reply data to be back to intranet server from external network server, external network server is first by response message
It is sent to array gateway II, the source IP of message is IP8, destination IP IP5, source MAC MAC8, and target MAC (Media Access Control) address is
MAC7;
6) the positive isolating device where array gateway II selects current sessions forwards target as returned data, and modifies
The target MAC (Media Access Control) address of data message is forwarded, and the source IP of message is IP8, destination IP IP5, source MAC MAC6, mesh
MAC Address be MAC5;
7) the array gateway I of data message forwarding to interior net side, the source IP of message are IP4, purpose by positive isolating device
IP is IP1, source MAC MAC4, target MAC (Media Access Control) address MAC3;
8) after array gateway I receives returned data, intranet server is finally sent data to, the source IP of message is
IP4, destination IP IP1, source MAC MAC2, target MAC (Media Access Control) address MAC1.
As shown in figure 5, setting the IP address and MAC Address that IP1, MAC1 are respectively intranet server;IP2, MAC2 are respectively
The IP address and MAC Address of array gateway I and intranet server connected interface;IP9, MAC9 are respectively array gateway I and reversed
The IP address and MAC Address of isolating device Intranet connected interface;IP10, MAC10 are respectively the reverse isolation device Intranet chosen
The IP address and MAC Address of interface;IP11, MAC11 are respectively the IP address and MAC for the reverse isolation device outer network interface chosen
Address;IP12, MAC12 are respectively the IP address and MAC Address of array gateway II Yu reverse isolation device outer net connected interface;
IP7, MAC7 are respectively the IP address and MAC Address of array gateway II Yu external network server connected interface;IP8, MAC8 are respectively
The IP address and MAC Address of external network server, the then process for being reversed data-message transmission are as follows:
1) external network server issues request to array gateway II, and the source IP of message is IP8, destination IP IP11, source MAC
Location is MAC8, target MAC (Media Access Control) address MAC7;
2) array gateway II selects a reverse isolation device as forwarding target, and modification external network server sends over
The target MAC (Media Access Control) address of original message, the source IP of message are IP8, destination IP IP11, source MAC MAC12, purpose MAC
Location is MAC11;
3) reverse isolation device is reported according to physically-isolated logic by the array gateway I of data message forwarding to interior net side
The source IP of text is IP10, destination IP IP1, source MAC MAC10, target MAC (Media Access Control) address MAC9;
4) array gateway I realizes transparent transmission, after the target MAC (Media Access Control) address for modifying original message, message is sent in
Network server, the source IP of message are IP10, destination IP IP1, source MAC MAC2, target MAC (Media Access Control) address MAC1.
When there is reply data to be back to external network server from intranet server, process is similar to above-mentioned 1~4, direction phase
Instead, the specific steps are as follows:
5) when there is reply data to be back to external network server from intranet server, intranet server is first by response message
It is sent to array gateway I, the source IP of message is IP1, destination IP IP10, source MAC MAC1, and target MAC (Media Access Control) address is
MAC2;
6) the reverse isolation device where array gateway I selects current sessions forwards target as returned data, and modifies
The target MAC (Media Access Control) address of data message is forwarded, and the source IP of message is IP1, destination IP IP10, source MAC MAC9, mesh
MAC Address be MAC10;
7) the array gateway II of data message forwarding to outer net side, the source IP of message are IP11, mesh by reverse isolation device
IP be IP8, source MAC MAC11, target MAC (Media Access Control) address MAC12;
8) after array gateway II receives returned data, intranet server is finally sent data to, the source IP of message is
IP11, destination IP IP8, source MAC MAC7, target MAC (Media Access Control) address MAC8.
The present invention is based on the network isolating device load-balancing methods of L2 data forwarding, it is intended to improve more Network Isolation dresses
The overall performance of the isolated array of composition is set, and makes up the existing shortcoming based on L3 data forwarding method.
The beneficial effects of the present invention are:
1, load balancing is realized based on the data forwarding of L2, the configuration of all-network isolating device is all identical, with MAC
Location is that mark distinguishes different network isolating devices.While saving IP resource, isolated array implementation process is reduced to operation industry
The improvement cost of business.
2, the health condition of physical link is checked, which refers to by two array column gateways and a Network Isolation dress
Set the conditional bi-directional path of composition.The limitation refers to that the returned data of health examination meets the use rule of network isolating device
Model, is only capable of as 0x00 or 0xff, and link healthprobe is more reasonable.
3, for using operation system of the isolating device as one-way transmission path forward or backwards, the data based on L2 turn
It sends and realizes that load-balancing method can be obviously improved its transmission performance and system stability.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure made by bright specification and accompanying drawing content perhaps equivalent process transformation or be directly or indirectly used in other correlation
Technical field, be included within the scope of the present invention.
Claims (6)
1. the network isolating device load-balancing method based on L2 data forwarding, if between intranet server and network isolating device
It is provided with array gateway I, array gateway II is provided between external network server and network isolating device, which is characterized in that including
Following steps:
Step 1 configures network isolating device and array gateway, in which:
The Intranet virtual ip address of all forward direction isolating devices is configured to identical, is denoted as VIPzn, all forward direction isolating devices it is outer
Net virtual ip address is configured to identical, is denoted as VIPzw, the Intranet MAC of all positive isolating devices is recorded in array gateway I
Location records the outer net MAC Address of all positive isolating devices in array gateway II;
The Intranet virtual ip address of all reverse isolation devices is configured to identical, is denoted as VIPfn, all reverse isolation devices it is outer
Net virtual ip address is configured to identical, is denoted as VIPfw, the outer net MAC of all reverse isolation devices is recorded in array gateway II
Address records the Intranet MAC Address of all reverse isolation devices in array gateway I;
Step 2, the weighted value that link is set;
Step 3 E-Packets according to weighted value and link health status, in which:
When receiving the request of intranet server, array gateway I chooses positive isolating device, with will receiving the purpose MAC of message
Array gateway II is revised as in location and the MAC Address of positive isolating device outer net connected interface forwards, and array gateway II will connect
The MAC Address that the target MAC (Media Access Control) address of the message of receipts is revised as external network server forwards;
When receiving the request of external network server, array gateway II chooses reverse isolation device, with will receiving the purpose MAC of message
Array gateway I is revised as in location and the MAC Address of reverse isolation device Intranet connected interface forwards, and array gateway I will be received
The target MAC (Media Access Control) address of message be revised as the MAC Address of intranet server and forward.
2. the network isolating device load-balancing method according to claim 1 based on L2 data forwarding, which is characterized in that
When choosing positive isolating device or reverse isolation device, firstly, the maximum forward direction isolating device of weight selection value or reversely every
From device, health examination then is carried out to link, when link is normal, then chooses the forward direction isolating device or reverse isolation dress
It sets.
3. the network isolating device load-balancing method according to claim 2 based on L2 data forwarding, which is characterized in that
When link exception, it is maximum to choose weighted value in remaining positive isolating device or reverse isolation device, and be good for link
Health inspection.
4. the network isolating device load-balancing method according to claim 1 based on L2 data forwarding, which is characterized in that
Array gateway I and II carry out load balancing using Weighted Round Robin;The initial value of link weight weight values is according to network isolating device
The nominal performance of data transmission be configured, and be adjusted according to the session number distributed in each of the links.
5. the network isolating device load-balancing method according to claim 1 based on L2 data forwarding, which is characterized in that
If IP1, MAC1 are respectively the IP address and MAC Address of intranet server;IP2, MAC2 are respectively array gateway I and Intranet service
The IP address and MAC Address of device connected interface;IP3, MAC3 are respectively array gateway I and positive isolating device Intranet connected interface
IP address and MAC Address;IP4, MAC4 are respectively the IP address and MAC Address of network interface in the positive isolating device chosen;
IP5, MAC5 are respectively the IP address and MAC Address for the positive isolating device outer network interface chosen;IP6, MAC6 are respectively array
The IP address and MAC Address of gateway II and positive isolating device outer net connected interface;IP7, MAC7 be respectively array gateway II with
The IP address and MAC Address of external network server connected interface;IP8, MAC8 are respectively IP address and the MAC of external network server
Location, then the positive process for carrying out data-message transmission is as follows:
1) intranet server issues request to array gateway I, and the source IP of message is IP1, destination IP IP4, and source MAC is
MAC1, target MAC (Media Access Control) address MAC2;
2) array gateway I selects a positive isolating device as forwarding target, and modification intranet server sends over original
The source IP of the target MAC (Media Access Control) address of message, message is IP1, destination IP IP4, source MAC MAC3, and target MAC (Media Access Control) address is
MAC4;
3) positive isolating device according to physically-isolated logic by the array gateway II of data message forwarding to outer net side, message
Source IP is IP5, destination IP IP8, source MAC MAC5, target MAC (Media Access Control) address MAC6;
4) array gateway II realizes transparent transmission, and after the target MAC (Media Access Control) address for modifying original message, message is sent to outer net clothes
Business device, the source IP of message are IP5, destination IP IP8, source MAC MAC7, target MAC (Media Access Control) address MAC8.
6. the network isolating device load-balancing method according to claim 1 based on L2 data forwarding, which is characterized in that
If IP1, MAC1 are respectively the IP address and MAC Address of intranet server;IP2, MAC2 are respectively array gateway I and Intranet service
The IP address and MAC Address of device connected interface;IP9, MAC9 are respectively array gateway I and reverse isolation device Intranet connected interface
IP address and MAC Address;IP10, MAC10 are respectively the IP address of network interface and MAC in the reverse isolation device chosen
Location;IP11, MAC11 are respectively the IP address and MAC Address for the reverse isolation device outer network interface chosen;IP12, MAC12 difference
For the IP address and MAC Address of array gateway II and reverse isolation device outer net connected interface;IP7, MAC7 are respectively array net
Close the IP address and MAC Address of II and external network server connected interface;IP8, MAC8 be respectively external network server IP address with
MAC Address, the then process for being reversed data-message transmission are as follows:
1) external network server issues request to array gateway II, and the source IP of message is IP8, destination IP IP11, and source MAC is
MAC8, target MAC (Media Access Control) address MAC7;
2) array gateway II selects a reverse isolation device as forwarding target, and modification external network server sends over original
The source IP of the target MAC (Media Access Control) address of message, message is IP8, destination IP IP11, source MAC MAC12, and target MAC (Media Access Control) address is
MAC11;
3) reverse isolation device according to physically-isolated logic by the array gateway I of data message forwarding to interior net side, message
Source IP is IP10, destination IP IP1, source MAC MAC10, target MAC (Media Access Control) address MAC9;
4) array gateway I realizes transparent transmission, and after the target MAC (Media Access Control) address for modifying original message, message is sent to Intranet clothes
Business device, the source IP of message are IP10, destination IP IP1, source MAC MAC2, target MAC (Media Access Control) address MAC1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710107379.XA CN106686137B (en) | 2017-02-27 | 2017-02-27 | Network isolating device load-balancing method based on L2 data forwarding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710107379.XA CN106686137B (en) | 2017-02-27 | 2017-02-27 | Network isolating device load-balancing method based on L2 data forwarding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106686137A CN106686137A (en) | 2017-05-17 |
| CN106686137B true CN106686137B (en) | 2019-12-03 |
Family
ID=58862419
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710107379.XA Active CN106686137B (en) | 2017-02-27 | 2017-02-27 | Network isolating device load-balancing method based on L2 data forwarding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106686137B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070955A (en) * | 2017-06-16 | 2017-08-18 | 易讯科技股份有限公司 | The transmission method and device of a kind of electric power system data |
| CN107786467A (en) * | 2017-08-28 | 2018-03-09 | 深信服科技股份有限公司 | Drainage method, drainage system and the system of network data based on transparent deployment |
| CN107809392A (en) * | 2017-10-18 | 2018-03-16 | 珠海许继芝电网自动化有限公司 | A kind of data transmission method across forward and reverse isolation load balancing and high reliability |
| CN110855684A (en) * | 2019-11-18 | 2020-02-28 | 深圳前海环融联易信息科技服务有限公司 | Network isolation management method and device, computer equipment and storage medium |
| CN113301155B (en) * | 2021-05-24 | 2022-08-16 | 挂号网(杭州)科技有限公司 | Data routing method, device, equipment and storage medium |
| CN113612697A (en) * | 2021-08-19 | 2021-11-05 | 迈普通信技术股份有限公司 | Message forwarding control method and device, network equipment and wireless network system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103117946A (en) * | 2012-12-11 | 2013-05-22 | 广东电网公司电力调度控制中心 | Flow sharing method based on combined application of isolating device and isolation gateway |
| CN103124290A (en) * | 2012-12-11 | 2013-05-29 | 广东电网公司电力调度控制中心 | Load balancing method based on combined application of reverse isolation devices and isolation gateway |
| CN103765851A (en) * | 2011-06-30 | 2014-04-30 | 思杰系统有限公司 | Systems and methods for transparent layer 2 redirection to any service |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5090408B2 (en) * | 2009-07-22 | 2012-12-05 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Method and apparatus for dynamically controlling destination of transmission data in network communication |
-
2017
- 2017-02-27 CN CN201710107379.XA patent/CN106686137B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103765851A (en) * | 2011-06-30 | 2014-04-30 | 思杰系统有限公司 | Systems and methods for transparent layer 2 redirection to any service |
| CN103117946A (en) * | 2012-12-11 | 2013-05-22 | 广东电网公司电力调度控制中心 | Flow sharing method based on combined application of isolating device and isolation gateway |
| CN103124290A (en) * | 2012-12-11 | 2013-05-29 | 广东电网公司电力调度控制中心 | Load balancing method based on combined application of reverse isolation devices and isolation gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106686137A (en) | 2017-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106686137B (en) | Network isolating device load-balancing method based on L2 data forwarding | |
| US10027603B1 (en) | Methods and apparatus to reduce forwarding state on an FCoE-to-FC gateway using port-specific MAC addresses | |
| CN104660508B (en) | A kind of message forwarding method and device | |
| CN105706398B (en) | The method and system that virtual port channel in overlapping network rebounds | |
| EP2495927B1 (en) | Concept for providing information on a data packet association and for forwarding a data packet | |
| CN104780088B (en) | A kind of transmission method and equipment of service message | |
| CN103200069B (en) | A kind of method and apparatus of Message processing | |
| CN103259727B (en) | A kind of message forwarding method and equipment | |
| CN102075445B (en) | Load balancing method and device | |
| KR101863024B1 (en) | Distributed load balancer | |
| CN107026890A (en) | A kind of message forming method and load equalizer based on server cluster | |
| CN107086966A (en) | A kind of load balancing of network, control and network interaction method and device | |
| CN105591974B (en) | Message processing method, apparatus and system | |
| CN110392108A (en) | A kind of public cloud Network Load Balance system architecture and implementation method | |
| CN108092934A (en) | Safety service system and method | |
| CN104618243B (en) | Method for routing, apparatus and system, Scheduling of Gateway method and device | |
| CN105681198B (en) | A kind of business chain processing method, equipment and system | |
| CN104038447B (en) | A kind of message transmitting method and equipment | |
| CN208656813U (en) | A kind of enterprise branch office's access request processing system | |
| CN108886697A (en) | Service delivering is carried out to user equipment (UE) has been switched using software definition networking (SDN) controller | |
| CN103259809A (en) | Load balancer, load balancing method and stratified data center system | |
| CN105610710A (en) | Methods and apparatus for standard protocol validation mechanisms deployed over switch fabric system | |
| CN103401781B (en) | It is applied to cut-in method and the equipment of multilink transparent interconnection network | |
| CN103139075B (en) | A kind of message transmitting method and equipment | |
| CN107094110A (en) | A kind of DHCP message retransmission method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |