CN107483341A - A kind of across fire wall packet fast forwarding method and device - Google Patents
A kind of across fire wall packet fast forwarding method and device Download PDFInfo
- Publication number
- CN107483341A CN107483341A CN201710755205.4A CN201710755205A CN107483341A CN 107483341 A CN107483341 A CN 107483341A CN 201710755205 A CN201710755205 A CN 201710755205A CN 107483341 A CN107483341 A CN 107483341A
- Authority
- CN
- China
- Prior art keywords
- message
- virtual firewall
- hexa
- mark
- atomic group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a kind of across fire wall packet fast forwarding method, and methods described includes:Five-tuple parsing is carried out to the message of reception;The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;According to the hexa-atomic group of carry out forwarding-table item lookup;Message is forwarded according to the lookup result.Compared with prior art, across virtual firewall forwarding is supported in original fast-forwarding flow, virtual firewall can simplify networking, be easy to manage.
Description
Technical field
The application is related to computer communication field, more particularly to across the fire wall packet fast forwarding method of one kind and dress
Put.
Background technology
With the continuous development of network technology, the on the one hand process performance requirement to network equipments such as fire wall, interchangers
The various new opplications such as more and more higher, another aspect audio, video, cloud computing, new business emerge in an endless stream, and force the network equipment to integrate
Security protection business become increasingly complex, cause the forwarding performance of complete machine drastically to decline.In view of this, it is proposed that fast-forwarding
Concept, that is, data flow characteristics recorded in fast-forwarding table, the purpose is to simplify and optimize the handling process of message, come
Improve the forwarding performance of the network equipment.The mode that fast-forwarding technology matches router forwarding-table item using five-tuple is reported to realize
Text forwarding.So-called five-tuple generally includes source IP address, purpose IP address, source port number, destination slogan and protocol type.
Existing technical scheme is to realize networking by using more physics fire walls, message is carried out in the networking fast
Speed forwarding, existing fast-forwarding flow include:When receiving message, router is matched by the five-tuple in analytic message
Forwarding-table item;Message is handled using the information in router forwarding-table item;Go out to connect according in router forwarding-table item
Mouth forwards to message.
The shortcomings that prior art is that the networking realized using physics fire wall is cumbersome to be set, it is necessary to configure more networks
It is standby, expend more manpower, material resources and financial resources.Also need to subsequently regularly carry out routine inspection to the network equipment, to ensure that physics is prevented
The safety of wall with flues, daily management mission are more complicated.
The content of the invention
In view of this, the application provides a kind of across fire wall packet fast forwarding method and device.
Specifically, the application is achieved by the following technical solution:
A kind of across fire wall packet fast forwarding method, methods described include:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
A kind of across fire wall message fast-forwarding device, described device include:
Five-tuple resolution unit, for carrying out five-tuple parsing to the message of reception;
Mark acquiring unit, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain
Virtual firewall identifies;
Hexa-atomic group of component units, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group;
Forwarding-table item searching unit, for according to the hexa-atomic group of carry out forwarding-table item lookup;
Message retransmission unit, for being forwarded according to the lookup result to message.
This programme is to match forwarding-table item using hexa-atomic group, i.e., increases unitary on the basis of original five-tuple and virtually prevent fires
Wall identifies, and the virtual firewall mark is to correspond with message incoming interface.Compared with prior art, original quick
Across virtual firewall forwarding is supported in forwarding process, virtual firewall can simplify networking, be easy to manage.
Brief description of the drawings
It is in order to illustrate the technical solution of the embodiments of the present invention more clearly, attached required in being described below to embodiment
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments described in the present invention, for
For those of ordinary skill in the art, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of implementing procedure across fire wall packet fast forwarding method shown in the exemplary embodiment of the application one
Figure;
Fig. 2 is a kind of structural representation of across fire wall message fast-forwarding device shown in the exemplary embodiment of the application one
Figure.
Embodiment
Across the fire wall packet fast forwarding method of one kind provided first the embodiment of the present invention illustrates, this method
It may comprise steps of:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
Wherein, five-tuple generally includes source IP address, purpose IP address, source port number, destination slogan and protocol class
Type, this programme increases unitary virtual firewall mark on the basis of original five-tuple, i.e., using hexa-atomic group of matching forwarding-table item,
Message fast-forwarding is carried out in virtual firewall.One fire wall can be exactly logically divided into more by virtual firewall
Virtual fire wall, each virtual firewall system can be regarded as a completely self-contained firewall box, can possess
Independent system resource, keeper, security strategy, user authentication data storehouse etc..
During message fast-forwarding, five-tuple parsing is carried out to the message of reception;According to message incoming interface and virtually
The one-to-one relationship of fire wall mark, virtual firewall mark is obtained, message incoming interface here can be that message physics enters
Interface or the virtual incoming interface of message;According to hexa-atomic group, five yuan of five-tuple analysis result and virtual firewall mark composition
Group analysis result can identify with virtual firewall and correspond hexa-atomic group of composition, and five-tuple analysis result can correspond to multiple void
Intend hexa-atomic group of fire wall mark composition, certainly hexa-atomic group can also be both the above situation combination, i.e., while include five-tuple
Analysis result and the one-to-one corresponding of virtual firewall mark form hexa-atomic group, and five-tuple analysis result can correspond to multiple virtual anti-
Wall with flues mark hexa-atomic group of both of these case of composition;Forwarded according to hexa-atomic group of lookup forwarding-table item;According to the forwarding found
List item information forwards to message.
In order that those skilled in the art are better understood from the technical scheme in the present invention, here will be in detail to exemplary
Embodiment illustrates, and its example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings, unless otherwise indicated, different accompanying drawings
In same numbers represent same or analogous key element.Embodiment described in following exemplary embodiment do not represent with
The consistent all embodiments of the application.On the contrary, they be only with as being described in detail in appended claims, the application
The example of the consistent apparatus and method of some aspects.Based on the embodiment in the present invention, those of ordinary skill in the art are obtained
The every other embodiment obtained, should all belong to the scope of protection of the invention.
As shown in figure 1, for a kind of implementing procedure figure across fire wall packet fast forwarding method of the invention, it is specifically included
Following steps:
S101, five-tuple parsing is carried out to the message of reception;
Five-tuple mentioned above generally includes source IP address, purpose IP address, source port number, destination slogan and agreement
Type, such as:192.168.1.1 10000TCP 121.14.88.76 80 just constitute a five-tuple.Its meaning is one
Individual IP address be 192.168.1.1 terminal by port 10000, using Transmission Control Protocol, and IP address is 121.14.88.76,
The terminal that port is 80 is attached.Five-tuple can distinguish different messages, and corresponding message is unique.Usually,
Message can carry the information such as source IP address, purpose IP address, source port number, destination slogan and protocol type, pass through docking
The messages of receipts carries out five-tuple parsing, gets five-tuple analysis result, it is known that the terminal of source IP address by source port number, with
Certain agreement and purpose IP address, the terminal of destination slogan are attached.The message information received is as shown in table 1 below, this
In the form enumerated be merely exemplary.
Source IP address | Source port number | Purpose IP address | Destination slogan | Protocol type |
192.168.1.10 | 10000 | 121.17.88.76 | 80 | TCP |
192.168.1.10 | 53 | 121.17.88.80 | 69 | UDP |
Table 1
To above-mentioned message information carry out five-tuple parsing, it is known that source IP address be respectively 192.168.1.10,
192.168.1.10, source port number is 10000,53 respectively, purpose IP address be respectively 121.17.88.76,
121.17.88.80, destination slogan is 80,69 respectively, and protocol type is TCP, UDP (UserDatagram respectively
Protocol, UDP).A then wherein message, IP address are that 192.168.1.10 terminal passes through port
10000, using Transmission Control Protocol, and IP address is 121.17.88.76, and the terminal that port is 80 is attached;Another message, IP
Address be 192.168.1.10 terminal by port 53, using udp protocol, and IP address is 121.17.88.80, and port is
69 terminal is attached.
S102, the corresponding relation identified according to default message incoming interface and virtual firewall, obtains virtual firewall mark
Know;
Virtual firewall mentioned above be exactly in fact a fire wall can be logically divided into more it is virtual anti-
Wall with flues, each virtual firewall system can be regarded as a completely self-contained firewall box, can possess and independent are
System resource, keeper, security strategy, user authentication data storehouse etc..Here each virtual firewall is marked, it is meant that every
Individual virtual firewall, which has, oneself uniquely to be identified.Pre-set virtual firewall mark to correspond with message incoming interface, i.e., one
The corresponding virtual firewall mark of individual message incoming interface.Assuming that virtualif1_0 is the message incoming interface of virtual firewall 1,
Message incoming interface corresponds with virtual firewall mark, then can be found according to message incoming interface virtualif1_0 virtual anti-
The virtual firewall mark of wall with flues 1, such as virtual firewall mark 1_0.
Special instruction is needed exist for, fire wall is divided into physics fire wall and virtual firewall, and corresponding message enters to connect
Mouth can be message physics incoming interface or the virtual incoming interface of message.Message incoming interface is the feelings of message physics incoming interface
Under condition, it can be used for realizing across physics fire wall message fast-forwarding, i.e., only carry out a fast-forwarding flow, certain message thing
Reason incoming interface may also be used for realizing across virtual firewall message fast-forwarding, in across virtual firewall fast-forwarding flow,
The message incoming interface for being only merely first time fast-forwarding flow is message physics incoming interface, it is assumed that message needs within one device
To be forwarded across multiple virtual firewalls, be sent to virtual firewall 2 from virtual firewall 1, then virtual firewall 1
Message incoming interface is message physics incoming interface, and message, the message incoming interface of virtual firewall 2 are received by message physics incoming interface
For the virtual incoming interface of message, message is received by the virtual incoming interface of message.As known from the above, message incoming interface is that message is empty simultaneously
In the case of intending incoming interface, in across virtual firewall fast-forwarding flow, remaining fast-forwarding flow in addition to first time
Message incoming interface be the virtual incoming interface of message,
S103, by the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the one-to-one relationship of message incoming interface and virtual firewall, multiple virtual firewall marks are got, this
In assume virtual firewall mark can be 1_0,2_0,3_0,4_0 ...., can according to the five-tuple analysis result being previously mentioned
To form hexa-atomic group with the virtual firewall got mark.Wherein every group of five-tuple analysis result and each virtual firewall mark
Know hexa-atomic group of composition, i.e. five-tuple analysis result corresponds with virtual firewall mark;Every group of five-tuple analysis result can be with
Multigroup hexa-atomic group is formed with multiple virtual firewalls mark, it is meant that though the five-tuple analysis result in hexa-atomic group is identical, but
It is that virtual firewall mark is different, every group hexa-atomic group possesses unique virtual firewall mark, i.e. five-tuple analysis result is corresponding
Multiple virtual firewall marks;Which part five-tuple analysis result corresponds hexa-atomic group of composition with virtual firewall mark,
Another part five-tuple analysis result, every group of five-tuple analysis result can identify composition multigroup six with multiple virtual firewalls
Tuple.Above is five-tuple analysis result forms hexa-atomic group of three kinds of different situations with virtual firewall mark, it is right separately below
Three kinds of situations illustrate:
Every group of five-tuple analysis result corresponds with each virtual firewall mark, using what is be above resolved to by table 1
Five-tuple analysis result, five-tuple analysis result correspond hexa-atomic group of composition, message five-tuple solution with virtual firewall mark
Analyse the 121.17.88.76 80TCP of result 192.168.1.10 10000 and virtual firewall mark 1_0 and form hexa-atomic group, message
The 121.17.88.80 69UDP of five-tuple analysis result 192.168.1.10 53 and virtual firewall mark 2_0 compositions are hexa-atomic
Group, it is as shown in table 2 below, what the form enumerated here was merely exemplary.
Table 2
Every group of five-tuple analysis result corresponds to multiple virtual firewall marks, using the five-tuple being above resolved to by table 1
Analysis result, five-tuple analysis result with multiple virtual firewalls to forming hexa-atomic group, message five-tuple analysis result
192.168.1.10 10000 121.17.88.76 80TCP and virtual firewall mark 1_0 forms hexa-atomic group, while message five
The 121.17.88.76 80TCP of tuple analysis result 192.168.1.10 10000 also form six with virtual firewall mark 3_0
Tuple, it is as shown in table 3 below, what the form enumerated here was merely exemplary.
Table 3
Which part five-tuple analysis result corresponds hexa-atomic group of composition with virtual firewall mark;Another part five
Tuple analysis result, every group of five-tuple analysis result can identify multigroup hexa-atomic group of composition with multiple virtual firewalls.Message five
The 121.17.88.76 80TCP of tuple analysis result 192.168.1.10 10000 and virtual firewall mark 1_0 compositions are hexa-atomic
Group, at the same the 121.17.88.76 80TCP of message five-tuple analysis result 192.168.1.10 10000 also with virtual firewall
Identify 3_0 and form hexa-atomic group, the 121.17.88.10 80TCP of message five-tuple analysis result 192.168.1.15 23 with it is virtual
Hexa-atomic group of fire wall mark 2_0 compositions, it is as shown in table 4 below, what the form enumerated here was merely exemplary.
Table 4
S104, according to the hexa-atomic group of carry out forwarding-table item lookup;
Based on above-mentioned five-tuple analysis result and hexa-atomic group of virtual firewall mark composition, according to hexa-atomic group of lookup forward table
, when the information included in the forwarding-table item found is consistent with hexa-atomic group information, then it represents that current forwarding-table item is message
Forward the forwarding-table item needed.Default to establish message fast-forwarding table, the forward table is present in firewall box.Assuming that in advance
It is stored in fast-forwarding table in firewall box as shown in Table 5 above, clipped is other information in form, here no longer
Show one by one.
Table 5
Such as five-tuple analysis result is the 121.17.88.10 80 of 192.168.1.15 23, virtual firewall is identified as
2_0, hexa-atomic group of 192.168.1.15 23 of composition is identified according to five-tuple analysis result and virtual firewall
121.17.88.10 80 2_0, forwarding-table item is searched in fast-forwarding table, first can be sieved according to virtual firewall mark
Choosing, is then screened according to purpose IP, naturally it is also possible to according in advance to the source IP address in hexa-atomic group, source port number, mesh
IP address, destination slogan, protocol type, virtual firewall mark assign weights, i.e., searched according to priority, certainly
Lookup method is not limited only to this, no longer repeats one by one here, final to obtain Section 3 forwarding-table item in fast-forwarding table.
S105, message is forwarded according to the lookup result.
According to the hexa-atomic group of forwarding-table item found, message outgoing interface information is included in the forwarding-table item information.Pass through
Message outgoing interface carries out message fast-forwarding.
Message incoming interface mentioned above can be message physics incoming interface, or the virtual incoming interface of message, accordingly
Message outgoing interface can be message physics outgoing interface, or the virtual outgoing interface of message.Message physics outgoing interface can be direct
E-Packet, the virtual outgoing interface of message obtains the virtual incoming interface of next message and reentry report by searching virtual interface relation table
Literary quick quasi- hair flow.Assuming that there are a pair of virtual interfaces, virtuallif1_1 between virtual firewall 1 and virtual firewall 1
For the virtual outgoing interface of message of virtual firewall 1, virtuallif2_0 is the virtual incoming interface of message of virtual firewall 2.If
Outlet is the virtual outgoing interface of message when message forwards, then looks up virtual interface connection relational table, obtains virtual firewall 1
The virtual outgoing interface virtuallif1_1 of message corresponds to the message incoming interface virtuallif2_0 of virtual firewall mark 2, uses
Virtuallif2_0 reentries fast-forwarding flow as new message incoming interface, is obtained with this new message incoming interface virtual
The virtual firewall mark of fire wall 2, is forwarded according to new hexa-atomic group to search forwarding-table item.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in computer read/write memory medium, and the program exists
During execution, execution the step of including above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
It is corresponding with across the fire wall packet fast forwarding method embodiment of foregoing one kind, present invention also provides one kind across anti-
Wall with flues message fast-forwarding device embodiment, shown in reference picture 2, including five-tuple resolution unit 210, mark acquiring unit 220,
Hexa-atomic group of component units 230, forwarding-table item searching unit 240, message retransmission unit 250.
The five-tuple resolution unit 210, for carrying out five-tuple parsing to the message of reception, and five-tuple is parsed and tied
Fruit is sent to hexa-atomic group of component units 230;
Mark acquiring unit 220, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain
Take virtual firewall to identify, and the virtual firewall got mark is sent to hexa-atomic group of component units 230;
Hexa-atomic group of component units 230, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group,
And it is sent to forwarding-table item searching unit 240 by hexa-atomic group of composition;
Forwarding-table item searching unit 240, for turning according to the hexa-atomic group of carry out forwarding-table item lookup, and by what is found
Forwarding list item is sent to message retransmission unit 250;
Message retransmission unit 250, for being forwarded according to the lookup result to message.
The effect implementation process of unit specifically refers to the implementation process that step is corresponded in the above method in said system,
It will not be repeated here.
For system embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method
Apply the part explanation of example.System embodiment described above is only schematical, wherein described be used as separating component
The unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can also
It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality
Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying
In the case of going out creative work, you can to understand and implement.
The present invention can be described in the general context of the calculated value executable instruction performed by computer, such as program
Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type
Part, data structure etc..The present invention can also be put into practice in a distributed computing environment, in these DCEs, by
Task is performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with
In the local and remote computer-readable storage medium including storage device.
Described above is only the embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (8)
1. a kind of across fire wall packet fast forwarding method, it is characterised in that methods described includes:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
2. according to the method for claim 1, it is characterised in that described according to default message incoming interface and virtual firewall
The corresponding relation of mark, fire wall mark is obtained, including:
The one-to-one relationship identified according to message incoming interface and virtual firewall, obtain virtual firewall mark.
3. according to the method for claim 1, it is characterised in that the message incoming interface, including:
Message physics incoming interface or the virtual incoming interface of message.
4. according to the method for claim 1, it is characterised in that described by the five-tuple analysis result and virtual firewall
Hexa-atomic group of mark composition, including:
The five-tuple analysis result corresponds with virtual firewall mark, forms hexa-atomic group;
And/or
The five-tuple analysis result corresponds to multiple virtual firewall marks, forms hexa-atomic group.
5. a kind of across fire wall message fast-forwarding device, it is characterised in that described device includes:
Five-tuple resolution unit, for carrying out five-tuple parsing to the message of reception;
Mark acquiring unit, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain virtual
Fire wall identifies;
Hexa-atomic group of component units, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group;
Forwarding-table item searching unit, for according to the hexa-atomic group of carry out forwarding-table item lookup;
Message retransmission unit, for being forwarded according to the lookup result to message.
6. device according to claim 5, it is characterised in that the mark acquiring unit, be specifically used for:
The one-to-one relationship identified according to message incoming interface and virtual firewall, obtain virtual firewall mark.
7. device according to claim 5, it is characterised in that the message incoming interface, including:
Message physics incoming interface or the virtual incoming interface of message.
8. device according to claim 5, it is characterised in that the hexa-atomic group of component units, be specifically used for:
Five-tuple analysis result and virtual firewall mark are corresponded, form hexa-atomic group;
And/or
Five-tuple analysis result is corresponded into multiple virtual firewall marks, forms hexa-atomic group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710755205.4A CN107483341B (en) | 2017-08-29 | 2017-08-29 | Method and device for rapidly forwarding firewall-crossing messages |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710755205.4A CN107483341B (en) | 2017-08-29 | 2017-08-29 | Method and device for rapidly forwarding firewall-crossing messages |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107483341A true CN107483341A (en) | 2017-12-15 |
CN107483341B CN107483341B (en) | 2020-10-02 |
Family
ID=60602785
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710755205.4A Active CN107483341B (en) | 2017-08-29 | 2017-08-29 | Method and device for rapidly forwarding firewall-crossing messages |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483341B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311866A (en) * | 2019-06-28 | 2019-10-08 | 杭州迪普科技股份有限公司 | A kind of method and device of fast-forwarding message |
CN111132170A (en) * | 2019-12-31 | 2020-05-08 | 奇安信科技集团股份有限公司 | Communication method and device of virtual firewall, virtual firewall and topological structure |
CN112511439A (en) * | 2020-11-25 | 2021-03-16 | 杭州迪普科技股份有限公司 | Data forwarding method, device, equipment and computer readable storage medium |
CN112866245A (en) * | 2021-01-18 | 2021-05-28 | 中国工商银行股份有限公司 | Message routing method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1949741A (en) * | 2005-10-11 | 2007-04-18 | 华为技术有限公司 | Method for processing data stream between different fire-proof walls |
US20080163357A1 (en) * | 2006-12-29 | 2008-07-03 | Hisky Xiao | Virtual firewall |
CN101478533A (en) * | 2008-11-29 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Method and system for transmitting and receiving data across virtual firewall |
CN101834783A (en) * | 2010-03-29 | 2010-09-15 | 北京星网锐捷网络技术有限公司 | Method and device for forwarding messages and network equipment |
US8904511B1 (en) * | 2010-08-23 | 2014-12-02 | Amazon Technologies, Inc. | Virtual firewalls for multi-tenant distributed services |
CN105577628A (en) * | 2014-11-11 | 2016-05-11 | 中兴通讯股份有限公司 | Method and device for realizing virtual firewall |
CN105939274A (en) * | 2016-05-17 | 2016-09-14 | 杭州迪普科技有限公司 | Message forwarding method and apparatus |
CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
-
2017
- 2017-08-29 CN CN201710755205.4A patent/CN107483341B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1949741A (en) * | 2005-10-11 | 2007-04-18 | 华为技术有限公司 | Method for processing data stream between different fire-proof walls |
US20080163357A1 (en) * | 2006-12-29 | 2008-07-03 | Hisky Xiao | Virtual firewall |
CN101478533A (en) * | 2008-11-29 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Method and system for transmitting and receiving data across virtual firewall |
CN101834783A (en) * | 2010-03-29 | 2010-09-15 | 北京星网锐捷网络技术有限公司 | Method and device for forwarding messages and network equipment |
US8904511B1 (en) * | 2010-08-23 | 2014-12-02 | Amazon Technologies, Inc. | Virtual firewalls for multi-tenant distributed services |
CN105577628A (en) * | 2014-11-11 | 2016-05-11 | 中兴通讯股份有限公司 | Method and device for realizing virtual firewall |
CN105939274A (en) * | 2016-05-17 | 2016-09-14 | 杭州迪普科技有限公司 | Message forwarding method and apparatus |
CN105939356A (en) * | 2016-06-13 | 2016-09-14 | 北京网康科技有限公司 | Virtual firewall dividing method and device |
Non-Patent Citations (1)
Title |
---|
强叔侃墙: "【化蝶】华为UTM -> NGFW特性变更对比——虚拟系统", 《百度网页,HTTPS://FORUM.HUAWEI.COM/ENTERPRISE/ZH/THREAD-313371.HTML》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110311866A (en) * | 2019-06-28 | 2019-10-08 | 杭州迪普科技股份有限公司 | A kind of method and device of fast-forwarding message |
CN110311866B (en) * | 2019-06-28 | 2021-11-02 | 杭州迪普科技股份有限公司 | Method and device for rapidly forwarding message |
CN111132170A (en) * | 2019-12-31 | 2020-05-08 | 奇安信科技集团股份有限公司 | Communication method and device of virtual firewall, virtual firewall and topological structure |
CN112511439A (en) * | 2020-11-25 | 2021-03-16 | 杭州迪普科技股份有限公司 | Data forwarding method, device, equipment and computer readable storage medium |
CN112511439B (en) * | 2020-11-25 | 2023-03-14 | 杭州迪普科技股份有限公司 | Data forwarding method, device, equipment and computer readable storage medium |
CN112866245A (en) * | 2021-01-18 | 2021-05-28 | 中国工商银行股份有限公司 | Message routing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107483341B (en) | 2020-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10728176B2 (en) | Ruled-based network traffic interception and distribution scheme | |
US10063671B2 (en) | Systems and methods for processing packets | |
CN103428094B (en) | Message forwarding method in open flows OpenFlow system and device | |
CN107483341A (en) | A kind of across fire wall packet fast forwarding method and device | |
CN106254235B (en) | Load sharing method and equipment | |
CN101288272A (en) | Tunneled security groups | |
CN103477588A (en) | Method and system for classification and management of inter-blade network traffic in a blade server | |
CN105227463A (en) | Communication means in a kind of distributed apparatus between business board | |
US9942054B2 (en) | Systems and methods for an extranet multicast virtual private network in a virtual routing and forwarding based customer edge device | |
CN103944828A (en) | Method and equipment for transmitting protocol messages | |
WO2018149338A1 (en) | Sdn-based remote stream mirroring control method, implementation method, and related device | |
US11032199B2 (en) | Methods and apparatus for providing traffic forwarder via dynamic overlay network | |
US9584413B2 (en) | Systems and methods for determining input and out interfaces of a network device and copies of a same packet going through the network device | |
US9571393B2 (en) | Systems and methods for processing packets tapped from a network | |
CN105429881B (en) | A kind of method for forwarding multicast message and device | |
US9680710B2 (en) | Systems and methods for processing packets tapped from a network using discovery protocol | |
US9692723B2 (en) | Network management of devices residing behind a network device | |
CN102355358B (en) | Method and device for realizing multicast | |
CN101160807A (en) | Method for realizing the network security by segmenting the TTL | |
US10505834B2 (en) | Session aware adaptive packet filtering | |
CN108173767B (en) | Message forwarding method and device based on VLAN-IF interface multiplexing | |
CN102664790A (en) | Multicast data message forwarding method, system and bridge equipment | |
CN111478940A (en) | Data processing method and device | |
TW202021319A (en) | Packet forwarding method and device utilizing the same | |
US11258720B2 (en) | Flow-based isolation in a service network implemented over a software-defined network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |