CN107483341A - A kind of across fire wall packet fast forwarding method and device - Google Patents

A kind of across fire wall packet fast forwarding method and device Download PDF

Info

Publication number
CN107483341A
CN107483341A CN201710755205.4A CN201710755205A CN107483341A CN 107483341 A CN107483341 A CN 107483341A CN 201710755205 A CN201710755205 A CN 201710755205A CN 107483341 A CN107483341 A CN 107483341A
Authority
CN
China
Prior art keywords
message
virtual firewall
hexa
mark
atomic group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710755205.4A
Other languages
Chinese (zh)
Other versions
CN107483341B (en
Inventor
杜剑锋
胡军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201710755205.4A priority Critical patent/CN107483341B/en
Publication of CN107483341A publication Critical patent/CN107483341A/en
Application granted granted Critical
Publication of CN107483341B publication Critical patent/CN107483341B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a kind of across fire wall packet fast forwarding method, and methods described includes:Five-tuple parsing is carried out to the message of reception;The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;According to the hexa-atomic group of carry out forwarding-table item lookup;Message is forwarded according to the lookup result.Compared with prior art, across virtual firewall forwarding is supported in original fast-forwarding flow, virtual firewall can simplify networking, be easy to manage.

Description

A kind of across fire wall packet fast forwarding method and device
Technical field
The application is related to computer communication field, more particularly to across the fire wall packet fast forwarding method of one kind and dress Put.
Background technology
With the continuous development of network technology, the on the one hand process performance requirement to network equipments such as fire wall, interchangers The various new opplications such as more and more higher, another aspect audio, video, cloud computing, new business emerge in an endless stream, and force the network equipment to integrate Security protection business become increasingly complex, cause the forwarding performance of complete machine drastically to decline.In view of this, it is proposed that fast-forwarding Concept, that is, data flow characteristics recorded in fast-forwarding table, the purpose is to simplify and optimize the handling process of message, come Improve the forwarding performance of the network equipment.The mode that fast-forwarding technology matches router forwarding-table item using five-tuple is reported to realize Text forwarding.So-called five-tuple generally includes source IP address, purpose IP address, source port number, destination slogan and protocol type.
Existing technical scheme is to realize networking by using more physics fire walls, message is carried out in the networking fast Speed forwarding, existing fast-forwarding flow include:When receiving message, router is matched by the five-tuple in analytic message Forwarding-table item;Message is handled using the information in router forwarding-table item;Go out to connect according in router forwarding-table item Mouth forwards to message.
The shortcomings that prior art is that the networking realized using physics fire wall is cumbersome to be set, it is necessary to configure more networks It is standby, expend more manpower, material resources and financial resources.Also need to subsequently regularly carry out routine inspection to the network equipment, to ensure that physics is prevented The safety of wall with flues, daily management mission are more complicated.
The content of the invention
In view of this, the application provides a kind of across fire wall packet fast forwarding method and device.
Specifically, the application is achieved by the following technical solution:
A kind of across fire wall packet fast forwarding method, methods described include:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
A kind of across fire wall message fast-forwarding device, described device include:
Five-tuple resolution unit, for carrying out five-tuple parsing to the message of reception;
Mark acquiring unit, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain Virtual firewall identifies;
Hexa-atomic group of component units, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group;
Forwarding-table item searching unit, for according to the hexa-atomic group of carry out forwarding-table item lookup;
Message retransmission unit, for being forwarded according to the lookup result to message.
This programme is to match forwarding-table item using hexa-atomic group, i.e., increases unitary on the basis of original five-tuple and virtually prevent fires Wall identifies, and the virtual firewall mark is to correspond with message incoming interface.Compared with prior art, original quick Across virtual firewall forwarding is supported in forwarding process, virtual firewall can simplify networking, be easy to manage.
Brief description of the drawings
It is in order to illustrate the technical solution of the embodiments of the present invention more clearly, attached required in being described below to embodiment Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments described in the present invention, for For those of ordinary skill in the art, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of implementing procedure across fire wall packet fast forwarding method shown in the exemplary embodiment of the application one Figure;
Fig. 2 is a kind of structural representation of across fire wall message fast-forwarding device shown in the exemplary embodiment of the application one Figure.
Embodiment
Across the fire wall packet fast forwarding method of one kind provided first the embodiment of the present invention illustrates, this method It may comprise steps of:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
Wherein, five-tuple generally includes source IP address, purpose IP address, source port number, destination slogan and protocol class Type, this programme increases unitary virtual firewall mark on the basis of original five-tuple, i.e., using hexa-atomic group of matching forwarding-table item, Message fast-forwarding is carried out in virtual firewall.One fire wall can be exactly logically divided into more by virtual firewall Virtual fire wall, each virtual firewall system can be regarded as a completely self-contained firewall box, can possess Independent system resource, keeper, security strategy, user authentication data storehouse etc..
During message fast-forwarding, five-tuple parsing is carried out to the message of reception;According to message incoming interface and virtually The one-to-one relationship of fire wall mark, virtual firewall mark is obtained, message incoming interface here can be that message physics enters Interface or the virtual incoming interface of message;According to hexa-atomic group, five yuan of five-tuple analysis result and virtual firewall mark composition Group analysis result can identify with virtual firewall and correspond hexa-atomic group of composition, and five-tuple analysis result can correspond to multiple void Intend hexa-atomic group of fire wall mark composition, certainly hexa-atomic group can also be both the above situation combination, i.e., while include five-tuple Analysis result and the one-to-one corresponding of virtual firewall mark form hexa-atomic group, and five-tuple analysis result can correspond to multiple virtual anti- Wall with flues mark hexa-atomic group of both of these case of composition;Forwarded according to hexa-atomic group of lookup forwarding-table item;According to the forwarding found List item information forwards to message.
In order that those skilled in the art are better understood from the technical scheme in the present invention, here will be in detail to exemplary Embodiment illustrates, and its example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings, unless otherwise indicated, different accompanying drawings In same numbers represent same or analogous key element.Embodiment described in following exemplary embodiment do not represent with The consistent all embodiments of the application.On the contrary, they be only with as being described in detail in appended claims, the application The example of the consistent apparatus and method of some aspects.Based on the embodiment in the present invention, those of ordinary skill in the art are obtained The every other embodiment obtained, should all belong to the scope of protection of the invention.
As shown in figure 1, for a kind of implementing procedure figure across fire wall packet fast forwarding method of the invention, it is specifically included Following steps:
S101, five-tuple parsing is carried out to the message of reception;
Five-tuple mentioned above generally includes source IP address, purpose IP address, source port number, destination slogan and agreement Type, such as:192.168.1.1 10000TCP 121.14.88.76 80 just constitute a five-tuple.Its meaning is one Individual IP address be 192.168.1.1 terminal by port 10000, using Transmission Control Protocol, and IP address is 121.14.88.76, The terminal that port is 80 is attached.Five-tuple can distinguish different messages, and corresponding message is unique.Usually, Message can carry the information such as source IP address, purpose IP address, source port number, destination slogan and protocol type, pass through docking The messages of receipts carries out five-tuple parsing, gets five-tuple analysis result, it is known that the terminal of source IP address by source port number, with Certain agreement and purpose IP address, the terminal of destination slogan are attached.The message information received is as shown in table 1 below, this In the form enumerated be merely exemplary.
Source IP address Source port number Purpose IP address Destination slogan Protocol type
192.168.1.10 10000 121.17.88.76 80 TCP
192.168.1.10 53 121.17.88.80 69 UDP
Table 1
To above-mentioned message information carry out five-tuple parsing, it is known that source IP address be respectively 192.168.1.10, 192.168.1.10, source port number is 10000,53 respectively, purpose IP address be respectively 121.17.88.76, 121.17.88.80, destination slogan is 80,69 respectively, and protocol type is TCP, UDP (UserDatagram respectively Protocol, UDP).A then wherein message, IP address are that 192.168.1.10 terminal passes through port 10000, using Transmission Control Protocol, and IP address is 121.17.88.76, and the terminal that port is 80 is attached;Another message, IP Address be 192.168.1.10 terminal by port 53, using udp protocol, and IP address is 121.17.88.80, and port is 69 terminal is attached.
S102, the corresponding relation identified according to default message incoming interface and virtual firewall, obtains virtual firewall mark Know;
Virtual firewall mentioned above be exactly in fact a fire wall can be logically divided into more it is virtual anti- Wall with flues, each virtual firewall system can be regarded as a completely self-contained firewall box, can possess and independent are System resource, keeper, security strategy, user authentication data storehouse etc..Here each virtual firewall is marked, it is meant that every Individual virtual firewall, which has, oneself uniquely to be identified.Pre-set virtual firewall mark to correspond with message incoming interface, i.e., one The corresponding virtual firewall mark of individual message incoming interface.Assuming that virtualif1_0 is the message incoming interface of virtual firewall 1, Message incoming interface corresponds with virtual firewall mark, then can be found according to message incoming interface virtualif1_0 virtual anti- The virtual firewall mark of wall with flues 1, such as virtual firewall mark 1_0.
Special instruction is needed exist for, fire wall is divided into physics fire wall and virtual firewall, and corresponding message enters to connect Mouth can be message physics incoming interface or the virtual incoming interface of message.Message incoming interface is the feelings of message physics incoming interface Under condition, it can be used for realizing across physics fire wall message fast-forwarding, i.e., only carry out a fast-forwarding flow, certain message thing Reason incoming interface may also be used for realizing across virtual firewall message fast-forwarding, in across virtual firewall fast-forwarding flow, The message incoming interface for being only merely first time fast-forwarding flow is message physics incoming interface, it is assumed that message needs within one device To be forwarded across multiple virtual firewalls, be sent to virtual firewall 2 from virtual firewall 1, then virtual firewall 1 Message incoming interface is message physics incoming interface, and message, the message incoming interface of virtual firewall 2 are received by message physics incoming interface For the virtual incoming interface of message, message is received by the virtual incoming interface of message.As known from the above, message incoming interface is that message is empty simultaneously In the case of intending incoming interface, in across virtual firewall fast-forwarding flow, remaining fast-forwarding flow in addition to first time Message incoming interface be the virtual incoming interface of message,
S103, by the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the one-to-one relationship of message incoming interface and virtual firewall, multiple virtual firewall marks are got, this In assume virtual firewall mark can be 1_0,2_0,3_0,4_0 ...., can according to the five-tuple analysis result being previously mentioned To form hexa-atomic group with the virtual firewall got mark.Wherein every group of five-tuple analysis result and each virtual firewall mark Know hexa-atomic group of composition, i.e. five-tuple analysis result corresponds with virtual firewall mark;Every group of five-tuple analysis result can be with Multigroup hexa-atomic group is formed with multiple virtual firewalls mark, it is meant that though the five-tuple analysis result in hexa-atomic group is identical, but It is that virtual firewall mark is different, every group hexa-atomic group possesses unique virtual firewall mark, i.e. five-tuple analysis result is corresponding Multiple virtual firewall marks;Which part five-tuple analysis result corresponds hexa-atomic group of composition with virtual firewall mark, Another part five-tuple analysis result, every group of five-tuple analysis result can identify composition multigroup six with multiple virtual firewalls Tuple.Above is five-tuple analysis result forms hexa-atomic group of three kinds of different situations with virtual firewall mark, it is right separately below Three kinds of situations illustrate:
Every group of five-tuple analysis result corresponds with each virtual firewall mark, using what is be above resolved to by table 1 Five-tuple analysis result, five-tuple analysis result correspond hexa-atomic group of composition, message five-tuple solution with virtual firewall mark Analyse the 121.17.88.76 80TCP of result 192.168.1.10 10000 and virtual firewall mark 1_0 and form hexa-atomic group, message The 121.17.88.80 69UDP of five-tuple analysis result 192.168.1.10 53 and virtual firewall mark 2_0 compositions are hexa-atomic Group, it is as shown in table 2 below, what the form enumerated here was merely exemplary.
Table 2
Every group of five-tuple analysis result corresponds to multiple virtual firewall marks, using the five-tuple being above resolved to by table 1 Analysis result, five-tuple analysis result with multiple virtual firewalls to forming hexa-atomic group, message five-tuple analysis result 192.168.1.10 10000 121.17.88.76 80TCP and virtual firewall mark 1_0 forms hexa-atomic group, while message five The 121.17.88.76 80TCP of tuple analysis result 192.168.1.10 10000 also form six with virtual firewall mark 3_0 Tuple, it is as shown in table 3 below, what the form enumerated here was merely exemplary.
Table 3
Which part five-tuple analysis result corresponds hexa-atomic group of composition with virtual firewall mark;Another part five Tuple analysis result, every group of five-tuple analysis result can identify multigroup hexa-atomic group of composition with multiple virtual firewalls.Message five The 121.17.88.76 80TCP of tuple analysis result 192.168.1.10 10000 and virtual firewall mark 1_0 compositions are hexa-atomic Group, at the same the 121.17.88.76 80TCP of message five-tuple analysis result 192.168.1.10 10000 also with virtual firewall Identify 3_0 and form hexa-atomic group, the 121.17.88.10 80TCP of message five-tuple analysis result 192.168.1.15 23 with it is virtual Hexa-atomic group of fire wall mark 2_0 compositions, it is as shown in table 4 below, what the form enumerated here was merely exemplary.
Table 4
S104, according to the hexa-atomic group of carry out forwarding-table item lookup;
Based on above-mentioned five-tuple analysis result and hexa-atomic group of virtual firewall mark composition, according to hexa-atomic group of lookup forward table , when the information included in the forwarding-table item found is consistent with hexa-atomic group information, then it represents that current forwarding-table item is message Forward the forwarding-table item needed.Default to establish message fast-forwarding table, the forward table is present in firewall box.Assuming that in advance It is stored in fast-forwarding table in firewall box as shown in Table 5 above, clipped is other information in form, here no longer Show one by one.
Table 5
Such as five-tuple analysis result is the 121.17.88.10 80 of 192.168.1.15 23, virtual firewall is identified as 2_0, hexa-atomic group of 192.168.1.15 23 of composition is identified according to five-tuple analysis result and virtual firewall 121.17.88.10 80 2_0, forwarding-table item is searched in fast-forwarding table, first can be sieved according to virtual firewall mark Choosing, is then screened according to purpose IP, naturally it is also possible to according in advance to the source IP address in hexa-atomic group, source port number, mesh IP address, destination slogan, protocol type, virtual firewall mark assign weights, i.e., searched according to priority, certainly Lookup method is not limited only to this, no longer repeats one by one here, final to obtain Section 3 forwarding-table item in fast-forwarding table.
S105, message is forwarded according to the lookup result.
According to the hexa-atomic group of forwarding-table item found, message outgoing interface information is included in the forwarding-table item information.Pass through Message outgoing interface carries out message fast-forwarding.
Message incoming interface mentioned above can be message physics incoming interface, or the virtual incoming interface of message, accordingly Message outgoing interface can be message physics outgoing interface, or the virtual outgoing interface of message.Message physics outgoing interface can be direct E-Packet, the virtual outgoing interface of message obtains the virtual incoming interface of next message and reentry report by searching virtual interface relation table Literary quick quasi- hair flow.Assuming that there are a pair of virtual interfaces, virtuallif1_1 between virtual firewall 1 and virtual firewall 1 For the virtual outgoing interface of message of virtual firewall 1, virtuallif2_0 is the virtual incoming interface of message of virtual firewall 2.If Outlet is the virtual outgoing interface of message when message forwards, then looks up virtual interface connection relational table, obtains virtual firewall 1 The virtual outgoing interface virtuallif1_1 of message corresponds to the message incoming interface virtuallif2_0 of virtual firewall mark 2, uses Virtuallif2_0 reentries fast-forwarding flow as new message incoming interface, is obtained with this new message incoming interface virtual The virtual firewall mark of fire wall 2, is forwarded according to new hexa-atomic group to search forwarding-table item.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in computer read/write memory medium, and the program exists During execution, execution the step of including above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or CD Etc. it is various can be with the medium of store program codes.
It is corresponding with across the fire wall packet fast forwarding method embodiment of foregoing one kind, present invention also provides one kind across anti- Wall with flues message fast-forwarding device embodiment, shown in reference picture 2, including five-tuple resolution unit 210, mark acquiring unit 220, Hexa-atomic group of component units 230, forwarding-table item searching unit 240, message retransmission unit 250.
The five-tuple resolution unit 210, for carrying out five-tuple parsing to the message of reception, and five-tuple is parsed and tied Fruit is sent to hexa-atomic group of component units 230;
Mark acquiring unit 220, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain Take virtual firewall to identify, and the virtual firewall got mark is sent to hexa-atomic group of component units 230;
Hexa-atomic group of component units 230, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group, And it is sent to forwarding-table item searching unit 240 by hexa-atomic group of composition;
Forwarding-table item searching unit 240, for turning according to the hexa-atomic group of carry out forwarding-table item lookup, and by what is found Forwarding list item is sent to message retransmission unit 250;
Message retransmission unit 250, for being forwarded according to the lookup result to message.
The effect implementation process of unit specifically refers to the implementation process that step is corresponded in the above method in said system, It will not be repeated here.
For system embodiment, because it corresponds essentially to embodiment of the method, so related part is real referring to method Apply the part explanation of example.System embodiment described above is only schematical, wherein described be used as separating component The unit of explanation can be or may not be physically separate, can be as the part that unit is shown or can also It is not physical location, you can with positioned at a place, or can also be distributed on multiple NEs.Can be according to reality Need to select some or all of module therein to realize the purpose of application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, you can to understand and implement.
The present invention can be described in the general context of the calculated value executable instruction performed by computer, such as program Module.Usually, program module includes performing particular task or realizes routine, program, object, the group of particular abstract data type Part, data structure etc..The present invention can also be put into practice in a distributed computing environment, in these DCEs, by Task is performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with In the local and remote computer-readable storage medium including storage device.
Described above is only the embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (8)

1. a kind of across fire wall packet fast forwarding method, it is characterised in that methods described includes:
Five-tuple parsing is carried out to the message of reception;
The corresponding relation identified according to default message incoming interface and virtual firewall, obtain virtual firewall mark;
By the five-tuple analysis result and hexa-atomic group of virtual firewall mark composition;
According to the hexa-atomic group of carry out forwarding-table item lookup;
Message is forwarded according to the lookup result.
2. according to the method for claim 1, it is characterised in that described according to default message incoming interface and virtual firewall The corresponding relation of mark, fire wall mark is obtained, including:
The one-to-one relationship identified according to message incoming interface and virtual firewall, obtain virtual firewall mark.
3. according to the method for claim 1, it is characterised in that the message incoming interface, including:
Message physics incoming interface or the virtual incoming interface of message.
4. according to the method for claim 1, it is characterised in that described by the five-tuple analysis result and virtual firewall Hexa-atomic group of mark composition, including:
The five-tuple analysis result corresponds with virtual firewall mark, forms hexa-atomic group;
And/or
The five-tuple analysis result corresponds to multiple virtual firewall marks, forms hexa-atomic group.
5. a kind of across fire wall message fast-forwarding device, it is characterised in that described device includes:
Five-tuple resolution unit, for carrying out five-tuple parsing to the message of reception;
Mark acquiring unit, for the corresponding relation according to default message incoming interface and virtual firewall mark, obtain virtual Fire wall identifies;
Hexa-atomic group of component units, for the five-tuple analysis result and virtual firewall mark to be formed into hexa-atomic group;
Forwarding-table item searching unit, for according to the hexa-atomic group of carry out forwarding-table item lookup;
Message retransmission unit, for being forwarded according to the lookup result to message.
6. device according to claim 5, it is characterised in that the mark acquiring unit, be specifically used for:
The one-to-one relationship identified according to message incoming interface and virtual firewall, obtain virtual firewall mark.
7. device according to claim 5, it is characterised in that the message incoming interface, including:
Message physics incoming interface or the virtual incoming interface of message.
8. device according to claim 5, it is characterised in that the hexa-atomic group of component units, be specifically used for:
Five-tuple analysis result and virtual firewall mark are corresponded, form hexa-atomic group;
And/or
Five-tuple analysis result is corresponded into multiple virtual firewall marks, forms hexa-atomic group.
CN201710755205.4A 2017-08-29 2017-08-29 Method and device for rapidly forwarding firewall-crossing messages Active CN107483341B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710755205.4A CN107483341B (en) 2017-08-29 2017-08-29 Method and device for rapidly forwarding firewall-crossing messages

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710755205.4A CN107483341B (en) 2017-08-29 2017-08-29 Method and device for rapidly forwarding firewall-crossing messages

Publications (2)

Publication Number Publication Date
CN107483341A true CN107483341A (en) 2017-12-15
CN107483341B CN107483341B (en) 2020-10-02

Family

ID=60602785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710755205.4A Active CN107483341B (en) 2017-08-29 2017-08-29 Method and device for rapidly forwarding firewall-crossing messages

Country Status (1)

Country Link
CN (1) CN107483341B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311866A (en) * 2019-06-28 2019-10-08 杭州迪普科技股份有限公司 A kind of method and device of fast-forwarding message
CN111132170A (en) * 2019-12-31 2020-05-08 奇安信科技集团股份有限公司 Communication method and device of virtual firewall, virtual firewall and topological structure
CN112511439A (en) * 2020-11-25 2021-03-16 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium
CN112866245A (en) * 2021-01-18 2021-05-28 中国工商银行股份有限公司 Message routing method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949741A (en) * 2005-10-11 2007-04-18 华为技术有限公司 Method for processing data stream between different fire-proof walls
US20080163357A1 (en) * 2006-12-29 2008-07-03 Hisky Xiao Virtual firewall
CN101478533A (en) * 2008-11-29 2009-07-08 成都市华为赛门铁克科技有限公司 Method and system for transmitting and receiving data across virtual firewall
CN101834783A (en) * 2010-03-29 2010-09-15 北京星网锐捷网络技术有限公司 Method and device for forwarding messages and network equipment
US8904511B1 (en) * 2010-08-23 2014-12-02 Amazon Technologies, Inc. Virtual firewalls for multi-tenant distributed services
CN105577628A (en) * 2014-11-11 2016-05-11 中兴通讯股份有限公司 Method and device for realizing virtual firewall
CN105939274A (en) * 2016-05-17 2016-09-14 杭州迪普科技有限公司 Message forwarding method and apparatus
CN105939356A (en) * 2016-06-13 2016-09-14 北京网康科技有限公司 Virtual firewall dividing method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1949741A (en) * 2005-10-11 2007-04-18 华为技术有限公司 Method for processing data stream between different fire-proof walls
US20080163357A1 (en) * 2006-12-29 2008-07-03 Hisky Xiao Virtual firewall
CN101478533A (en) * 2008-11-29 2009-07-08 成都市华为赛门铁克科技有限公司 Method and system for transmitting and receiving data across virtual firewall
CN101834783A (en) * 2010-03-29 2010-09-15 北京星网锐捷网络技术有限公司 Method and device for forwarding messages and network equipment
US8904511B1 (en) * 2010-08-23 2014-12-02 Amazon Technologies, Inc. Virtual firewalls for multi-tenant distributed services
CN105577628A (en) * 2014-11-11 2016-05-11 中兴通讯股份有限公司 Method and device for realizing virtual firewall
CN105939274A (en) * 2016-05-17 2016-09-14 杭州迪普科技有限公司 Message forwarding method and apparatus
CN105939356A (en) * 2016-06-13 2016-09-14 北京网康科技有限公司 Virtual firewall dividing method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
强叔侃墙: "【化蝶】华为UTM -> NGFW特性变更对比——虚拟系统", 《百度网页,HTTPS://FORUM.HUAWEI.COM/ENTERPRISE/ZH/THREAD-313371.HTML》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110311866A (en) * 2019-06-28 2019-10-08 杭州迪普科技股份有限公司 A kind of method and device of fast-forwarding message
CN110311866B (en) * 2019-06-28 2021-11-02 杭州迪普科技股份有限公司 Method and device for rapidly forwarding message
CN111132170A (en) * 2019-12-31 2020-05-08 奇安信科技集团股份有限公司 Communication method and device of virtual firewall, virtual firewall and topological structure
CN112511439A (en) * 2020-11-25 2021-03-16 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium
CN112511439B (en) * 2020-11-25 2023-03-14 杭州迪普科技股份有限公司 Data forwarding method, device, equipment and computer readable storage medium
CN112866245A (en) * 2021-01-18 2021-05-28 中国工商银行股份有限公司 Message routing method and device

Also Published As

Publication number Publication date
CN107483341B (en) 2020-10-02

Similar Documents

Publication Publication Date Title
US10728176B2 (en) Ruled-based network traffic interception and distribution scheme
US10063671B2 (en) Systems and methods for processing packets
CN103428094B (en) Message forwarding method in open flows OpenFlow system and device
CN107483341A (en) A kind of across fire wall packet fast forwarding method and device
CN106254235B (en) Load sharing method and equipment
CN101288272A (en) Tunneled security groups
CN103477588A (en) Method and system for classification and management of inter-blade network traffic in a blade server
CN105227463A (en) Communication means in a kind of distributed apparatus between business board
US9942054B2 (en) Systems and methods for an extranet multicast virtual private network in a virtual routing and forwarding based customer edge device
CN103944828A (en) Method and equipment for transmitting protocol messages
WO2018149338A1 (en) Sdn-based remote stream mirroring control method, implementation method, and related device
US11032199B2 (en) Methods and apparatus for providing traffic forwarder via dynamic overlay network
US9584413B2 (en) Systems and methods for determining input and out interfaces of a network device and copies of a same packet going through the network device
US9571393B2 (en) Systems and methods for processing packets tapped from a network
CN105429881B (en) A kind of method for forwarding multicast message and device
US9680710B2 (en) Systems and methods for processing packets tapped from a network using discovery protocol
US9692723B2 (en) Network management of devices residing behind a network device
CN102355358B (en) Method and device for realizing multicast
CN101160807A (en) Method for realizing the network security by segmenting the TTL
US10505834B2 (en) Session aware adaptive packet filtering
CN108173767B (en) Message forwarding method and device based on VLAN-IF interface multiplexing
CN102664790A (en) Multicast data message forwarding method, system and bridge equipment
CN111478940A (en) Data processing method and device
TW202021319A (en) Packet forwarding method and device utilizing the same
US11258720B2 (en) Flow-based isolation in a service network implemented over a software-defined network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant