CN106789862B - Data synchronization method and device - Google Patents

Data synchronization method and device Download PDF

Info

Publication number
CN106789862B
CN106789862B CN201610263872.6A CN201610263872A CN106789862B CN 106789862 B CN106789862 B CN 106789862B CN 201610263872 A CN201610263872 A CN 201610263872A CN 106789862 B CN106789862 B CN 106789862B
Authority
CN
China
Prior art keywords
data
identifier
service
messages
board
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610263872.6A
Other languages
Chinese (zh)
Other versions
CN106789862A (en
Inventor
邹文宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610263872.6A priority Critical patent/CN106789862B/en
Publication of CN106789862A publication Critical patent/CN106789862A/en
Application granted granted Critical
Publication of CN106789862B publication Critical patent/CN106789862B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Alarm Systems (AREA)
  • Hardware Redundancy (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a data synchronization method and a device, which are applied to a main master control board after main/standby switching in a distributed firewall, and the method comprises the following steps: receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request comprises a first identifier of first data corresponding to a service module currently stored by the service board; and when a second identifier of second data corresponding to the locally stored service module is different from the first identifier, sending the second data and the second identifier to the service board. In the embodiment of the invention, the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of the distributed firewall is reduced.

Description

Data synchronization method and device
Technical Field
The invention relates to the technical field of computer defense, in particular to a data synchronization method and device.
Background
The firewall is generally deployed at the network outlet of large and medium-sized enterprises, between internal networks of the enterprises or at the outlet of a data center, detects the flow of the intranet accessed by the intranet to achieve the purpose of protecting the safety of the intranet, and detects the flow of the intranet accessed by the intranet to achieve the control of sensitive information of the enterprises. For example, the firewall may perform traffic detection according to the user configuration and matching rules carried in a predefined feature library, so as to implement the functions of identifying and controlling traffic.
In practical applications, a distributed firewall is generally deployed for high availability. The distributed firewall generally includes a plurality of main control boards and a plurality of service boards, where the plurality of main control boards may include an active main control board and a plurality of standby main control boards. The main master control board is the control center of the whole firewall, and realizes the control function and the data synchronization function, such as the synchronization of matching rules, configuration information, table entries and the like, for each master control board and the service board. And, the main control board and each service board of the distributed firewall need to store the same data, so as to perform flow detection according to the data.
In practical application, the main control board of the distributed firewall may be restarted due to a fault or user input, and in this case, one standby main control board will be quickly upgraded to a new main control board to control the whole firewall to continue to operate normally. The process of upgrading the standby main control board to a new main control board may be referred to as a main/standby switching process.
In the process of main/standby switching, in order to implement data synchronization between the new main control board and each service board, when each service board detects that main/standby switching occurs, each service board may send a data synchronization request to the new main control board. For example, when each service board detects that reconnection with the active main control board occurs, each service board may send a data synchronization request to the reconnected active main control board. After receiving the data synchronization request sent by each service board, the new main master control board can send all the data stored by itself to each service board in sequence, and each service board updates the locally stored data by using the received data, thereby realizing the data synchronization between the new main master control board and each service board.
However, for the distributed firewall, a large number of service boards are usually included, each service board includes a plurality of service modules, and each service module stores corresponding data therein, so that data to be sent by a new main master control board is usually large, which results in a long data synchronization time, and thus results in a long busy main master control board and a non-timely response to a user. During the data synchronization period, each service board needs to send a data synchronization request, receive data sent by a new main master control board, and update locally stored data with the received data, and during this period, each service board cannot perform normal traffic detection, which will affect the normal operation of the traffic detection service of the distributed firewall.
Disclosure of Invention
An object of the embodiments of the present invention is to provide a data synchronization method and apparatus, so as to reduce data synchronization time in a main/standby switching process, and reduce the influence of the main/standby switching on a traffic detection service of a distributed firewall. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a data synchronization method, which is applied to an active main control board after active-standby switching in a distributed firewall, where the method includes:
receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request comprises a first identifier of first data corresponding to a service module currently stored by the service board;
and when a second identifier of second data corresponding to the locally stored service module is different from the first identifier, sending the second data and the second identifier to the service board.
In a second aspect, an embodiment of the present invention provides a data synchronization method, which is applied to any service board in a distributed firewall, and the method includes:
detecting whether the main control board is reconnected with the main control board;
if so, sending a data synchronization request to the master control board, wherein the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that the master control board sends the second data and a second identifier to the service board when determining that a second identifier of second data corresponding to the locally stored service module is different from the first identifier;
and receiving second data and a second identifier sent by the main master control board, and updating the first data and the first identifier into the second data and the second identifier respectively.
In a third aspect, an embodiment of the present invention provides a data synchronization apparatus, which is applied to an active main control board after active-standby switching in a distributed firewall, where the apparatus includes:
the receiving module is used for receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request comprises a first identifier of first data corresponding to the service module currently stored by the service board;
and the sending module is used for sending the second data and the second identification to the service board when the second identification of the second data corresponding to the service module stored locally is different from the first identification.
In a fourth aspect, an embodiment of the present invention provides a data synchronization apparatus, which is applied to any service board in a distributed firewall, and the apparatus includes:
the detection module is used for detecting whether the main control board is reconnected with the main control board;
a sending module, configured to send a data synchronization request to the master control board, where the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that when determining that a second identifier of second data corresponding to the service module locally stored by the master control board is different from the first identifier, the master control board sends the second data and the second identifier to the service board;
and the receiving module is used for receiving the second data and the second identifier sent by the main master control board and updating the first data and the first identifier into the second data and the second identifier respectively.
The embodiment of the invention provides a data synchronization method and a device, after main/standby switching occurs, a new main control board can aim at each service board, and when the identifier of the data currently stored by a service module on the service board is different from the identifier of the data currently stored by the main control board and corresponding to the service module, the data of the service module and the identifier thereof are sent to the service board, and the data corresponding to each service module is not required to be sent to the service board, so that the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of a distributed firewall is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a data synchronization method according to an embodiment of the present invention;
FIG. 2 is a flow chart of another data synchronization method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data synchronization apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another data synchronization apparatus according to an embodiment of the present invention;
fig. 5(a) and 5(b) illustrate a data synchronization process according to an embodiment of the present invention.
Detailed Description
In order to reduce data synchronization time in the active/standby switching process and reduce the influence of the active/standby switching on the traffic detection service of the distributed firewall, embodiments of the present invention provide a data synchronization method and apparatus.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In practical application, when the main-standby switching occurs in the distributed firewall, in order to implement data synchronization between the new main control board and each service board, when each service board detects that the main-standby switching occurs, each service board may send a data synchronization request to the new main control board to receive data sent by the new main control board, thereby implementing data synchronization between each service board and the new main control board.
However, in practical applications, the data stored in the main control board and the standby main control boards are obtained according to user input information and/or feature library files, and the data stored in the main control board and the standby main control boards are usually the same. Therefore, after the active-standby switching occurs, the new active main control board can first determine whether the data stored in each service board is the same as the data stored in itself, if so, no data synchronization is needed, and if not, the data stored in itself is sent to each service board, so as to implement the data synchronization between each service board and itself.
Specifically, in the embodiment of the present invention, the main master control board may store, for data corresponding to each service module that is locally stored, an identifier of the data, where the identifier may be a version number, for example. When the data change caused by user input or feature library upgrading is detected, the corresponding identification of the data is updated.
Further, when the main control board synchronizes the data corresponding to each service module stored in the main control board to each service board, the data synchronization message may include the identifier of the data in addition to the data corresponding to each service module. After each service board receives the data synchronization message sent by the main master control board, the data and the identifier included in the message can be stored locally.
In order to reduce the data synchronization time in the active/standby switching process and reduce the influence of the active/standby switching on the traffic detection service of the distributed firewall, an embodiment of the present invention provides a data synchronization method process, which is applied to an active main control board after the active/standby switching in the distributed firewall, and the process includes the following steps:
s101, receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board.
In the embodiment of the present invention, when the active-standby switching occurs, the active main control board after the active-standby switching may receive a data synchronization request sent by a service board, where the data synchronization request may include a first identifier of first data corresponding to a service module currently stored by the service board.
In practical application, when the main/standby switch occurs, the service board will be disconnected from the main control board before the main/standby switch and connected to the main control board after the main/standby switch. Therefore, in the embodiment of the present invention, the service board may detect whether to reconnect with the active main control board, and if so, it indicates that the active-standby switching is performed. At this time, the service board may send a data synchronization request to the main master control board connected to the service board, that is, the main master control board after the main-standby switching, so as to implement data synchronization between itself and the main master control board.
And S102, when a second identifier of second data corresponding to the locally stored service module is different from the first identifier, sending the second data and the second identifier to the service board.
In practical application, the data and the identifiers thereof corresponding to the service modules are stored in the main control board and the standby main control boards in the distributed firewall.
After the main control board receives the data synchronization request sent by the service board, the main control board may determine, for a service module of the service board, whether a second identifier of second data corresponding to the locally stored service module is the same as the first identifier.
When the second identifier of the second data corresponding to the locally stored service module is different from the first identifier, it may be indicated that the data of the service module stored in the service board is different from the locally stored data. In this case, the active main control board may send the second data and the second identifier to the service board, so as to implement synchronization between the data corresponding to the service module in the service board and the local.
It should be noted that, in the embodiment of the present invention, only any service board in the distributed firewall is used, and any service module in the service board is taken as an example to describe the data synchronization method provided in the embodiment. In practical application, each service board and each service module in each service board can use the data synchronization method provided by the embodiment of the invention to realize data synchronization between the service board and the main master control board.
The embodiment of the invention provides a data synchronization method, after main/standby switching occurs, a new main control board can send the data of a service module and the identification thereof to each service board when the identification of the data currently stored by the service module on the service board is different from the identification of the data currently stored by the main control board and corresponding to the service module, and the data corresponding to each service module does not need to be sent to the service board, so that the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of a distributed firewall is reduced.
It can be understood that, in practical applications, the active main control board may store more second data for the service module of the service board. In this case, in order to avoid the problem of an excessive network resource load caused by sending all the second data through one message, the active main control board may send the second data to the service board through at least two messages.
Further, in practical applications, when the second data corresponding to the service module is not synchronized, the main/standby switching may occur again. For example, when the active main control board sends the second data to the service board through 5 messages, and when the service board receives 3 messages, the active-standby switching occurs again.
In this case, in order to ensure the integrity of the second data stored in the service board, when the active main control board sends the second data to the service board through at least two messages, the last message of the at least two messages carries a part of the data of the second data and the second identifier, and the other messages of the at least two messages carry the other part of the data of the second data and the identifier different from the second identifier.
It can be understood that, if each message includes the second identifier, when the corresponding second data is not synchronized for the service module and the active-standby switching occurs again, the identifier of the data of the service module included in the data synchronization request sent by the service board to the new active main control board is the second identifier. In this case, the new main control board does not send the data corresponding to the service module to the service board when judging that the identifier of the data of the service module obtained by the new main control board is the same as the identifier of the data corresponding to the service module stored locally. The service board does not store complete data for the service module, so that the data stored for the service module in the service board is incomplete.
Therefore, in the embodiment of the present invention, when the second data is sent through at least two messages, the last message includes the second identifier, and the other messages include identifiers different from the second identifier, which can ensure that when the second data is not completed synchronously and the active-standby switching occurs again, the new active main control board can send the locally stored data for the service module to the service board, thereby ensuring the integrity of the data stored for the service module in the service board.
For example, when the active main control board sends the second data of the service module to the service board through 5 messages, and the second identifier of the second data corresponding to the locally stored service module is 100, the identifier included in the first 4 messages is not 100, and if the second identifier is 0, ffff, or the like, only the identifier included in the last message is 100.
When the service board does not completely receive the second data, the identifier of the data corresponding to the service module stored by the service board is the identifier included in the first 4 messages, i.e. 0, ffff, etc. When the active-standby switching occurs again, if the identifier (100) of the data for the service module stored in the new active main control board is different from that in the service board, the new active main control board will send the locally stored data for the service module to the service board.
When the service board receives all the second data, the identifier of the data corresponding to the service module stored in the service board is the identifier included in the 5 th message, that is, 100. When the active-standby switching occurs again, the identifier (100) of the data for the service module stored in the new active main control board is the same as that in the service board, and the new active main control board does not send the data corresponding to the service module to the service board.
It can be understood that, in practical application, when the active-standby switching does not occur, the active main control board may also need to synchronize the data of each service module stored by the active main control board to each service board. For example, when data is updated due to user input or feature library upgrade, the active main control board may synchronize the updated data to each service board.
Specifically, when the active main control board detects update data related to second data corresponding to the service module, the second data may be updated to third data according to the update data, and the second identifier may be updated to a third identifier corresponding to the third data. In this case, the active main control board may send the third data and the third identifier to the service board, so as to implement data synchronization between itself and the service board.
It should be noted that, in the embodiment of the present invention, when the active-standby switching does not occur and the active main control board synchronizes the third data and the third identifier to the service board, the method may also be adopted to send the third message to the service board through at least two messages. In addition, in order to ensure the integrity of the data stored in the service board, the last message of the at least two messages carries part of the data of the third data and the third identifier, and the other messages of the at least two messages carry other part of the data of the third data and identifiers different from the third identifier.
Further, another data synchronization method process is provided in an embodiment of the present invention, and is applied to any service board in a distributed firewall, where the process includes the following steps:
s201, detecting whether to reconnect with the main control board.
In the embodiment of the present invention, any service board in the distributed firewall may detect whether to reconnect with the active main control board, so as to determine whether active-standby switching occurs.
S202, when detecting a reconnection with an active main control board, sending a data synchronization request to the active main control board, where the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that when determining that a second identifier of second data corresponding to the locally stored service module is different from the first identifier, the active main control board sends the second data and the second identifier to the service board.
When detecting reconnection with the main master control board, it can indicate that main/standby switching is performed, and at this time, the service board can send a data synchronization request to the main master control board connected to it, that is, the main master control board after main/standby switching, so as to implement data synchronization between itself and the main master control board.
The data synchronization request may include a first identifier of first data corresponding to a service module currently stored by the service board.
After the main control board receives the data synchronization request sent by the service board, the main control board may determine, for a service module of the service board, whether a second identifier of second data corresponding to the locally stored service module is the same as the first identifier.
When the second identifier of the second data corresponding to the locally stored service module is different from the first identifier, it may be indicated that the data of the service module stored in the service board is different from the locally stored data. In this case, the active main control board may send the second data and the second identifier to the service board, so as to implement synchronization between the data corresponding to the service module in the service board and the local.
S203, receiving the second data and the second identifier sent by the active main control board, and updating the first data and the first identifier into the second data and the second identifier, respectively.
In the embodiment of the present invention, the service board may receive the second data and the second identifier sent by the main control board to itself, and update the locally stored first data and the locally stored first identifier to the second data and the second identifier, respectively, so as to implement that the locally stored data and the locally stored identifier of the service module are synchronized with the data and the identifier of the corresponding service module in the main control board.
The embodiment of the invention provides a data synchronization method, after main/standby switching occurs, a new main control board can send the data of a service module and the identification thereof to each service board when the identification of the data currently stored by the service module on the service board is different from the identification of the data currently stored by the main control board and corresponding to the service module, and the data corresponding to each service module does not need to be sent to the service board, so that the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of a distributed firewall is reduced.
Further, in the embodiment of the present invention, when performing data synchronization, the active main control board may send the second data to the service board through at least two messages.
Further, in practical applications, when the second data corresponding to the service module is not synchronized, the main/standby switching may occur again. For example, when the active main control board sends the second data to the service board through 5 messages, and when the service board receives 3 messages, the active-standby switching occurs again.
In this case, in order to ensure the integrity of the second data stored in the service board, when the active main control board sends the second data to the service board through at least two messages, the last message of the at least two messages carries a part of the data of the second data and the second identifier, and the other messages of the at least two messages carry the other part of the data of the second data and the identifier different from the second identifier.
The service board may receive at least two messages sent by the active main control board, delete the locally stored first data, store a part of data of the second data included in the at least two messages, and update the identifiers included in other stored at least two messages by using the second identifier in the latter message. Therefore, when the service board receives all messages, the identifier corresponding to the locally stored second data is the second identifier, and under other conditions, the identifiers corresponding to the locally stored second data are different from the second identifier.
It can be understood that, if each message includes the second identifier, when the corresponding second data is not synchronized for the service module and the active-standby switching occurs again, the identifier of the data of the service module included in the data synchronization request sent by the service board to the new active main control board is the second identifier. In this case, the new main control board does not send the data corresponding to the service module to the service board when judging that the identifier of the data of the service module obtained by the new main control board is the same as the identifier of the data corresponding to the service module stored locally. The service board does not store complete data for the service module, so that the data stored for the service module in the service board is incomplete.
Therefore, in the embodiment of the present invention, when the second data is sent through at least two messages, the last message includes the second identifier, and the other messages include identifiers different from the second identifier, which can ensure that when the second data is not completed synchronously and the active-standby switching occurs again, the new active main control board can send the locally stored data for the service module to the service board, thereby ensuring the integrity of the data stored for the service module in the service board.
Corresponding to the above method embodiment, the embodiment of the present invention also provides a corresponding device embodiment.
Fig. 3 is a data synchronization device provided in an embodiment of the present invention, which is applied to a main master control board after main/standby switching in a distributed firewall, and the device includes:
a receiving module 310, configured to receive a data synchronization request sent by a service board in the distributed firewall, where the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board;
a sending module 320, configured to send, to the service board, the second data and the second identifier when a second identifier of the second data corresponding to the service module stored locally is different from the first identifier.
The embodiment of the invention provides a data synchronization device, after main/standby switching occurs, a new main control board can send the data of a service module and the identifier thereof to each service board when the identifier of the data currently stored by the service module on the service board is different from the identifier of the data currently stored by the main control board and corresponding to the service module, and the data corresponding to each service module does not need to be sent to the service board, so that the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of a distributed firewall is reduced.
Further, the sending module 320 is specifically configured to send the second data to the service board through at least two messages, where a last message of the at least two messages carries partial data of the second data and a second identifier, and other messages of the at least two messages carry other partial data of the second data and an identifier different from the second identifier.
Further, the apparatus further comprises:
an updating module (not shown in the figure), configured to, when update data related to second data corresponding to the service module is detected, update the second data to third data according to the update data, and update the second identifier to a third identifier corresponding to the third data.
Further, fig. 4 is another data synchronization apparatus provided in an embodiment of the present invention, which is applied to any service board in a distributed firewall, and the apparatus includes:
the detection module 410 is used for detecting whether to reconnect with the main control board;
a sending module 420, configured to send a data synchronization request to the active main control board, where the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that when determining that a second identifier of second data corresponding to the service module locally stored by the active main control board is different from the first identifier, the active main control board sends the second data and the second identifier to the service board;
a receiving module 430, configured to receive the second data and the second identifier sent by the active main control board, and update the first data and the first identifier into the second data and the second identifier, respectively.
The embodiment of the invention provides a data synchronization device, after main/standby switching occurs, a new main control board can send the data of a service module and the identifier thereof to each service board when the identifier of the data currently stored by the service module on the service board is different from the identifier of the data currently stored by the main control board and corresponding to the service module, and the data corresponding to each service module does not need to be sent to the service board, so that the data synchronization time in the main/standby switching process can be reduced, and the influence of the main/standby switching on the flow detection service of a distributed firewall is reduced.
Further, the receiving module 430 includes:
a receiving submodule (not shown in the figure) configured to receive at least two messages sent by the active main control board, where each message includes partial data of the second data, a last message of the at least two messages includes the second identifier, and other messages of the at least two messages include identifiers different from the second identifier;
and an execution sub-module (not shown in the figure) configured to delete the locally stored first data, store partial data of the second data included in the at least two messages, and update the identifiers included in the other stored messages of the at least two messages by using the second identifier in the subsequent message.
The data synchronization method provided by the present invention is described in detail with reference to a specific embodiment.
As shown in fig. 5(a), the distributed firewall of this embodiment may include an active main control board for performing a reboot, a new active main control board, and a plurality of service boards (service board 1, service board 2 …, service board n). In this embodiment, a data synchronization process of the embodiment of the present invention is described by taking data synchronization performed by the service board 1 as an example.
In this embodiment, the service board 1 may include a service module 1 and a service module 2, and data and an identifier thereof corresponding to the service module 1 and the service module 2 are stored in the service board 1, for example, the identifier of the data corresponding to the service module 1 is 100, and the identifier of the data corresponding to the service module 2 is 0.
As shown in fig. 5(b), when detecting that the main control board is reconnected with the main control board, the service module 1 and the service module 2 of the service board 1 may respectively send data synchronization requests to a new main control board. The first data synchronization request sent by the service module 1 includes an identifier 100 of data currently stored by the service module 1, and the second data synchronization request sent by the service module 2 includes an identifier 0 of data currently stored by the service module 2.
After receiving the first data synchronization request sent by the service module 1, the main control board determines that the identifier of the data stored in the service module 1 in the service board is the same as that stored locally according to the locally stored identifier information 100 corresponding to the service module 1.
After receiving the second data synchronization request sent by the service module 2, the main control board determines that the identification of the data stored in the service module 2 in the service board is different from that stored locally according to the identification information 200 of the corresponding service module 2 stored locally.
The main control board can send the locally stored data and the identification of the corresponding service module 2 to the service module 2, and the service module 2 updates the locally stored data and the identification by using the data and the identification sent by the main control board, so that the data synchronization between the local main control board and the main control board can be realized.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (6)

1. A data synchronization method is characterized in that the method is applied to a main master control board after main/standby switching in a distributed firewall, and the method comprises the following steps:
receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request comprises a first identifier of first data corresponding to a service module currently stored by the service board;
when a second identifier of second data corresponding to the locally stored service module is different from the first identifier, the second data is sent to the service board through at least two messages, wherein the last message of the at least two messages carries a part of data of the second data and the second identifier, and other messages of the at least two messages carry other parts of data of the second data and identifiers different from the second identifier.
2. The method of claim 1, further comprising:
and when detecting update data related to second data corresponding to the service module, updating the second data into third data according to the update data, and updating the second identifier into a third identifier corresponding to the third data.
3. A data synchronization method is applied to any service board in a distributed firewall, and comprises the following steps:
detecting whether the main control board is reconnected with the main control board;
if so, sending a data synchronization request to the master control board, wherein the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that the master control board sends second data to the service board through at least two messages when determining that a second identifier of second data corresponding to the locally stored service module is different from the first identifier;
receiving at least two messages sent by the master control board, wherein each message contains partial data of the second data, the last message of the at least two messages includes the second identifier, and other messages of the at least two messages include identifiers different from the second identifier;
and deleting the locally stored first data, storing partial data of the second data included in the at least two messages, and updating the identifiers included in other stored messages in the at least two messages by using the second identifier in the latter message.
4. A data synchronizer is characterized in that the data synchronizer is applied to a main control board after main/standby switching in a distributed firewall, and the data synchronizer comprises:
the receiving module is used for receiving a data synchronization request sent by a service board in the distributed firewall, wherein the data synchronization request comprises a first identifier of first data corresponding to the service module currently stored by the service board;
and the sending module is used for sending the second data to the service board through at least two messages when a second identifier of the second data corresponding to the service module stored locally is different from the first identifier, wherein the last message of the at least two messages carries partial data and a second identifier of the second data, and other messages of the at least two messages carry other partial data of the second data and identifiers different from the second identifier.
5. The apparatus of claim 4, further comprising:
and the updating module is used for updating the second data into third data according to the updating data and updating the second identifier into a third identifier corresponding to the third data when the updating data related to the second data corresponding to the service module is detected.
6. A data synchronization apparatus, applied to any service board in a distributed firewall, the apparatus comprising:
the detection module is used for detecting whether the main control board is reconnected with the main control board;
a sending module, configured to send a data synchronization request to the master control board, where the data synchronization request includes a first identifier of first data corresponding to a service module currently stored by the service board, so that when determining that a second identifier of second data corresponding to the service module locally stored by the master control board is different from the first identifier, the sending module sends the second data to the service board through at least two messages;
a receiving submodule, configured to receive at least two messages sent by the active main control board, where each message includes partial data of the second data, a last message of the at least two messages includes the second identifier, and other messages of the at least two messages include identifiers different from the second identifier;
and the execution submodule is used for deleting the locally stored first data, storing partial data of the second data included in the at least two messages, and updating the stored identifiers included in other messages in the at least two messages by using the second identifier in the latter message.
CN201610263872.6A 2016-04-25 2016-04-25 Data synchronization method and device Active CN106789862B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610263872.6A CN106789862B (en) 2016-04-25 2016-04-25 Data synchronization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610263872.6A CN106789862B (en) 2016-04-25 2016-04-25 Data synchronization method and device

Publications (2)

Publication Number Publication Date
CN106789862A CN106789862A (en) 2017-05-31
CN106789862B true CN106789862B (en) 2021-05-07

Family

ID=58972086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610263872.6A Active CN106789862B (en) 2016-04-25 2016-04-25 Data synchronization method and device

Country Status (1)

Country Link
CN (1) CN106789862B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1479452A (en) * 2002-08-28 2004-03-03 华为技术有限公司 Method of data on line exchange between main control plate and business plate in main control plate thermal redundancy
CN101526958A (en) * 2009-04-09 2009-09-09 中兴通讯股份有限公司 Method and system for synchronizing data between IPTV system modules
CN101557568A (en) * 2008-04-08 2009-10-14 中国移动通信集团公司 Transmission method of multimedia message as well as device and system thereof
CN103329467A (en) * 2010-10-18 2013-09-25 意法爱立信有限公司 System and method to detect and communicate loss and retention of synchronization in a real-time data transfer scheme

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7730154B2 (en) * 2001-12-19 2010-06-01 International Business Machines Corporation Method and system for fragment linking and fragment caching
CN102404326B (en) * 2011-11-23 2014-04-23 北京星网锐捷网络技术有限公司 Method, system and device for validating safety of messages
CN102404339B (en) * 2011-12-16 2014-06-18 山石网科通信技术(北京)有限公司 Fire wall system and data processing method based on fire wall system
US9451056B2 (en) * 2012-06-29 2016-09-20 Avaya Inc. Method for mapping packets to network virtualization instances
CN103441987A (en) * 2013-07-30 2013-12-11 曙光信息产业(北京)有限公司 Method and device for managing dual-computer firewall system
CN103973674A (en) * 2014-04-09 2014-08-06 汉柏科技有限公司 Method and device for synchronizing host and backup information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1479452A (en) * 2002-08-28 2004-03-03 华为技术有限公司 Method of data on line exchange between main control plate and business plate in main control plate thermal redundancy
CN101557568A (en) * 2008-04-08 2009-10-14 中国移动通信集团公司 Transmission method of multimedia message as well as device and system thereof
CN101526958A (en) * 2009-04-09 2009-09-09 中兴通讯股份有限公司 Method and system for synchronizing data between IPTV system modules
CN103329467A (en) * 2010-10-18 2013-09-25 意法爱立信有限公司 System and method to detect and communicate loss and retention of synchronization in a real-time data transfer scheme

Also Published As

Publication number Publication date
CN106789862A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
US11586673B2 (en) Data writing and reading method and apparatus, and cloud storage system
CN109842694B (en) Method for synchronizing MAC addresses, network equipment and computer readable storage medium
CN106911524B (en) HA implementation method and device
CN107315825B (en) Index updating system, method and device
CN104301142A (en) Backup method and device for configuration files
CN108696581B (en) Distributed information caching method and device, computer equipment and storage medium
CN105721200A (en) Master-slave server system application method and system thereof
CN111045708B (en) Software upgrading method, electronic device and computer readable storage medium
CN105049502A (en) Method of upgrading equipment software in cloud network management system and device
CN107819556B (en) Service state switching method and device
CN113347037B (en) Data center access method and device
CN106657433B (en) Naming method and device for physical network card in multi-network snap ring environment
CN111143023A (en) Resource changing method and device, equipment and storage medium
CN103312489A (en) Method and device for synchronizing terminal and server
CN110958287B (en) Operation object data synchronization method, device and system
CN107623705B (en) Storage mode upgrading method, device and system based on video cloud storage system
CN106789862B (en) Data synchronization method and device
CN106789863B (en) Matching rule upgrading method and device
CN110798358A (en) Distributed service identification method and device, computer readable medium and electronic equipment
CN106792843B (en) Equipment management method and device
CN112532532B (en) Service returning method, device, equipment and readable storage medium
CN104468671A (en) Configuration information processing method, device and relevant device
EP3648423B1 (en) Resource allocation method and system
CN110247992B (en) Address updating method and device, terminal and server
CN101808023A (en) Network monitoring system and network monitoring method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant