CN107707478A - Data forwarding method and equipment - Google Patents

Data forwarding method and equipment Download PDF

Info

Publication number
CN107707478A
CN107707478A CN201710917703.4A CN201710917703A CN107707478A CN 107707478 A CN107707478 A CN 107707478A CN 201710917703 A CN201710917703 A CN 201710917703A CN 107707478 A CN107707478 A CN 107707478A
Authority
CN
China
Prior art keywords
data
interface
information
forwarded
routing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710917703.4A
Other languages
Chinese (zh)
Inventor
张隆伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maipu Communication Technology Co Ltd
Original Assignee
Maipu Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maipu Communication Technology Co Ltd filed Critical Maipu Communication Technology Co Ltd
Priority to CN201710917703.4A priority Critical patent/CN107707478A/en
Publication of CN107707478A publication Critical patent/CN107707478A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Abstract

The present invention provides a kind of data forwarding method and equipment, pass through simple routing configuration in default first forwarding module of data transfer equipment and the second forwarding module, realize under hanging the networking mode with the data transfer equipment by fire wall, the data traffic between first object equipment and the second target device is imported into firewall box.It is more simple in the solution of the present invention configuration compared to the networking configuration method of prior art, it is not error-prone, facilitate the progress problem investigation in network failure.

Description

Data forwarding method and equipment
Technical field
The present invention relates to communication technical field, in particular to a kind of data forwarding method and equipment.
Background technology
In data center's networking, Intranet service area typically passes through core exchange area and outbound communication, core exchange area bag Include the access-layer switch being connected with intranet server, convergence switch and the core switch with outbound communication.To ensure number According to safety, it is necessary to be monitored using firewall box to the data traffic between intranet and extranet.
In current networking technology, frequently with extension two kinds of networking plans of mode by fire wall series system or fire wall.Fire prevention Wall series system is that firewall box is connected between core switch and convergence switch, and monitoring convergence by fire wall hands over The data traffic changed planes between core switch.But in series system, be connected to convergence switch different server it Between data traffic directly forwarded through convergence switch, fire wall can not monitor this partial discharge.Mode is hung by fire wall is Fire wall is connected with convergence switch, by convergence switch by server exchanged with core between data traffic import it is anti- Wall with flues is monitored.But mode is hung by the fire wall of prior art needs the policybased routing (Policy-Based of complexity Routing, PBR) configuration, cumbersome easily error is configured, occurs being unfavorable for problem investigation during network failure.
The content of the invention
, should it is an object of the invention to provide a kind of data forwarding method in order to overcome above-mentioned deficiency of the prior art For data transfer equipment, the data transfer equipment respectively with first object equipment, the second target device and firewall box Connection;The data transfer equipment is preset with the first forwarding module and the second forwarding module, and first forwarding module includes the One routing table, second forwarding module include secondary route table;Methods described includes:
First forwarding module, which receives, to be needed to send to the first information of the first object equipment, according to described first Default first static routing in routing table, the firewall box is forwarded to by the first information, so that the fire wall The first information is forwarded to second forwarding module by equipment;
Second forwarding module receives the first information of the firewall box forwarding, and according to the secondary route table The first information is forwarded to the first object equipment, the secondary route table by second forwarding module with it is described The default dynamic routing of first object equipment room or static routing obtain;
Second forwarding module receives according to the secondary route table to be needed to send to the of second target device Two information, according to default second static routing in the secondary route table, second information is forwarded to the fire wall Equipment, so that second information is forwarded to first forwarding module by the firewall box;
First forwarding module receives the second information of the firewall box forwarding, and according to the default first via by Second information is forwarded to data-interface corresponding with second target device by table.
Alternatively, in the above-mentioned methods, first routing table includes first interface table, is recorded in the first interface table The corresponding relation of the network segment and the data-interface of the data transfer equipment where having second target device;First forwarding Module receives the second information of the firewall box forwarding, and is forwarded second information according to default first routing table The step of to data-interface corresponding with second target device, including:
Destination address of first forwarding module in second information, looked in first routing table corresponding Data-interface, second information is forwarded to and searches the data-interface that reaches.
Alternatively, in the above-mentioned methods, first forwarding module, which receives, needs to send to the first object equipment The first information, according to default first static routing, the step of first information is forwarded to the firewall box, bag Include:
The destination address for the information that the first forwarding module detection receives, the destination address is not recorded in described Information in first interface table is as the first information;
The first information is forwarded to by the firewall box according to first static routing.
Alternatively, in the above-mentioned methods, the first information is forwarded to described anti-by institute according to first static routing The step of wall with flues equipment, including:
All first information are forwarded to by the firewall box according to first static routing.
Alternatively, in the above-mentioned methods, first routing table also includes the 3rd static routing, first static routing For detailed static routing, the 3rd static routing route for default static;It is described according to first static routing will described in The first information is forwarded to the step of firewall box, including:
The first information for meeting the first static routing condition is forwarded into the firewall box;
The first information for not meeting the first static routing condition is forwarded to and institute according to the 3rd static routing State the data-interface of first object equipment connection.
Alternatively, in the above-mentioned methods, first routing table also includes the 3rd static routing, first static routing It is route for default static, the 3rd static routing is detailed static routing;It is described according to first static routing will described in The first information is forwarded to the step of firewall box, including:
The first information for meeting the 3rd static routing condition is forwarded to the number being connected with the first object equipment According to interface;
The first information of the 3rd static routing condition will not met according to being forwarded to first static routing Firewall box.
Alternatively, in the above-mentioned methods, first routing table also includes the 4th static routing, and the secondary route table is also Including the 5th static routing, methods described also includes:
Detect the running status of the firewall box;
When the running status exception of the firewall box, mould is forwarded by described first according to the 4th static routing The first information that block receives is forwarded directly to the data-interface being connected with the first object equipment, static according to the described 5th The data that the second information that second forwarding module receives is forwarded directly to be connected with second target device by route Interface.
Alternatively, in the above-mentioned methods, multiple first forwarding modules of the data transfer equipment, difference described first Forwarding module connects from different second target devices;Methods described also includes:
One of them described first forwarding module, which receives, to be needed to send to the 3rd information of another first forwarding module, According to first static routing, the 3rd information is forwarded to the firewall box, so that the firewall box will 3rd information is forwarded to second forwarding module;
Second forwarding module receives the 3rd information of the firewall box forwarding, according to the described second static road By second information being forwarded into the firewall box, so that the 3rd information is forwarded to by the firewall box Another first forwarding module.
Another object of the present invention is to provide a kind of data transfer equipment, the data transfer equipment includes the first data Interface, the second data-interface, the 3rd data-interface and the 4th data-interface;The data transfer equipment is preset with the first forwarding mould Block and the second forwarding module, first forwarding module include the first routing table, and second forwarding module includes secondary route Table;First data-interface and the second data-interface associate with first forwarding module, the 3rd data-interface and Four data-interfaces associate with the second forwarding module;
First forwarding module is connected by first data-interface with the second target device, and passes through described second Data-interface is connected with firewall box;Destination address is described the according to first routing table by first forwarding module The information of two target devices is forwarded to corresponding first data-interface;First routing table includes the first static routing, institute State the first static routing be used to needing to be sent to the information of first object equipment be forwarded to by second data-interface it is described Firewall box, so that the information received from first forwarding module is forwarded to described second turn by the firewall box Send out module;
Second forwarding module is by the 4th data-interface and the first object linking of devices, and by described 3rd data-interface is connected with the firewall box;The secondary route table includes the second static routing, and described second is quiet State route the information for the destination address for receiving second forwarding module network segment where second target device The firewall box is sent to from the 3rd data-interface, so that the firewall box will be from second forwarding module The information received is forwarded to first forwarding module.
Alternatively, in above-mentioned data transfer equipment, the data transfer equipment be preset with the first VLAN, the 2nd VLAN, 3rd VLAN and the 4th VLAN, the first VLAN associate with first data-interface, the 2nd VLAN and described second Data-interface associates, and the 3rd VLAN associates with the 3rd data-interface, and the 4th VLAN connects with the 4th data Mouth association;First VLAN and the 2nd VLAN belongs to first forwarding module, and the 3rd VLAN and the 4th VLAN belongs to Second forwarding module;First routing table includes first interface table, and record has described second in the first interface table The corresponding relation of the network segment and first data-interface where target device.
Alternatively, in above-mentioned data transfer equipment, first static routing route for default static, for that will own The information in the first interface table is not forwarded to the firewall box to destination address from second data-interface.
Alternatively, in above-mentioned data transfer equipment, the 3rd static routing is also included in first routing table, described One static routing is detailed static routing, and the 3rd static routing route for default static;
First static routing be used for by destination address will meet the information of preset address in first static routing from Second data-interface is forwarded to the firewall box;
3rd static routing route for default static, for destination address in the first interface table and not to be inconsistent Close the described first static information and be forwarded to the first object equipment from the 4th data-interface.
Alternatively, in above-mentioned data transfer equipment, first routing table also includes the 3rd static routing, and the described 3rd Static routing is detailed static routing, and first static routing route for default static;
3rd static routing be used for by destination address will meet the information of preset address in the 3rd static routing from 4th data-interface is forwarded to the first object equipment;
First static routing route for default static, for destination address in the first interface table and not to be inconsistent Close the described 3rd static information and be forwarded to the firewall box from second data-interface.
Alternatively, in above-mentioned data transfer equipment, first routing table also includes the 4th static routing, and the described 4th Static routing is used in the firewall box operation exception, it would be desirable to is sent to the first object by the second data-interface The information of equipment is forwarded to the first object equipment by the 4th data-interface;
The secondary route table also includes the 5th static routing, and the 5th static routing is used in the firewall box During operation exception, the information that destination address is the network segment where second target device is forwarded by first data-interface To second target device.
Alternatively, in above-mentioned data transfer equipment, the data transfer equipment includes multiple first forwarding modules, different First forwarding module associate different the first VLAN and the 2nd VLAN;Different first VLAN associate different first Data-interface;All 2nd VLAN associate same second data-interface.
In terms of existing technologies, the invention has the advantages that:
Data forwarding method provided by the invention and equipment, by two data forwarding modules of data transfer equipment Simple routing configuration is performed, is realized in hanging the networking mode with the data transfer equipment by fire wall, by the first mesh Data traffic between marking device and the second target device imports firewall box.Compared to the networking configuration side of prior art Method, the solution of the present invention configuration on it is more simple, it is not error-prone, facilitate in network failure carry out problem investigation.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is one of block diagram of data transfer equipment provided in an embodiment of the present invention;
Fig. 2 is one of step schematic flow sheet of data forwarding method provided in an embodiment of the present invention;
Fig. 3 is the two of the block diagram of data transfer equipment provided in an embodiment of the present invention;
Fig. 4 is the two of the step schematic flow sheet of data forwarding method provided in an embodiment of the present invention.
Icon:100- data transfer equipments;The data-interfaces of 110- first;The data-interfaces of 120- second;The data of 130- the 3rd Interface;The data-interfaces of 140- the 4th;200- first object equipment;The target devices of 300- second;400- firewall boxs;410- One firewall interface;The firewall interfaces of 420- second.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.The present invention implementation being generally described and illustrated herein in the accompanying drawings The component of example can be configured to arrange and design with a variety of.
Therefore, below the detailed description of the embodiments of the invention to providing in the accompanying drawings be not intended to limit it is claimed The scope of the present invention, but be merely representative of the present invention selected embodiment.It is common based on the embodiment in the present invention, this area The every other embodiment that technical staff is obtained under the premise of creative work is not made, belong to the model that the present invention protects Enclose.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.
First embodiment
Fig. 1 is refer to, Fig. 1 is the data transfer equipment 100 and first object equipment that present pre-ferred embodiments provide 200th, the interaction schematic diagram that the second target device 300 and firewall box 400 communicate.In the present embodiment, the data are passed through Data traffic between the target device 300 of first object equipment 200 and second is imported the fire wall by forwarding unit 100 Equipment 400 is monitored.
In the present embodiment, the target device 300 of first object equipment 200 and second can be with data communication or Data forwarding capability communication equipment, the target device 300 of first object equipment 200 and second, which has, to be used to identify its different body The communication identifier of part, for example, the first object equipment 200 has different IP address from the second target device 300.
Exemplified by when applied to data center's networking, the first object equipment 200 can be the core with outbound communication Interchanger, second target device 300 can be the server in different business region in Intranet, the data transfer equipment 100 can be the convergence switch being connected between the target device 300 of first object equipment 200 and second.
Referring once again to Fig. 1, in the present embodiment, the data transfer equipment 100 can include the first data-interface 110th, the second data-interface 120, the 3rd data-interface 130 and the 4th data-interface 140, the firewall box 400 can wrap Include the first firewall interface 410 and the second firewall interface 420.First data-interface 110 and second target device 300 connections, second data-interface 120 is connected with first firewall interface 410, the 3rd data-interface 130 and Second firewall interface 420 is connected, and the 4th data-interface 140 is connected with the first object equipment 200.
In the present embodiment, the firewall box 400 can be operated in three-layer routing pattern, and first fire wall connects The firewall interface 420 of mouth 410 and second has different IP address.
To realize that the isolation of distinct interface data is transmitted, the data transfer equipment 100 can be preset with the first VLAN, the Two VLAN, the 3rd VLAN and the 4th VLAN, the first VLAN associate with first data-interface 110, the 2nd VLAN Associated with second data-interface 120, the 3rd VLAN associates with the 3rd data-interface 130, the 4th VLAN Associated with the 4th data-interface 140;First VLAN and the 2nd VLAN belongs to first forwarding module, and the described 3rd VLAN and the 4th VLAN belongs to second forwarding module, and different VLAN are preset with the gateway of different segment.
It will be sent respectively from the first object equipment 200 to the information of the second target device 300 and from described to realize The information that second target device 300 is sent to the first object equipment 200 imports the firewall box 400, the data Forwarding unit 100 is preset with the first forwarding module and the second forwarding module.
For example, first forwarding module and the second forwarding module can be relatively independent VRF (Virtual Routing Forwarding, virtual flow-line forwarding).In the present embodiment, first forwarding module can be designated as VRF1, institute VRF2 can be designated as by stating the second forwarding module, and first forwarding module associates with the first VLAN and the 2nd VLAN, the second forwarding Module associates with the 3rd VLAN and the 4th VLAN.
First forwarding module will be receiving, it is necessary to send to first object equipment 200 from the second target device 300 Information is forwarded to first firewall interface 410.The firewall box 400 from first firewall interface 410 to connecing The information received is monitored, and is then forwarded to second forwarding module from second firewall interface 420.Described second The destination address received is being forwarded to and connected with first object equipment 200 for the information of first object equipment 200 by forwarding module The data-interface connect.
Second forwarding module will be receiving from first object equipment 200 be, it is necessary to send to the second target device 300 Information is forwarded to second firewall interface 420.The firewall box 400 from second firewall interface 420 to connecing The information received is monitored, and is then forwarded to first forwarding module from first firewall interface 410.Described first The destination address received is being forwarded to and connected with the second target device 300 for the information of the second target device 300 by forwarding module The data-interface connect.
In the present embodiment, the data-interface 120 of the first data-interface 110 and second can with fixed IP Location.For example, first data-interface 110 associates with the first VLAN, the IP address of first data-interface 110 can be set For the place network segment of the second target device 300.Second data-interface 120 associates with the 2nd VLAN, second data The IP address of interface 120 could be arranged to the place network segment of the first firewall interface 410.
First forwarding module also includes the first routing table, and first routing table includes first interface table, described First forwarding module and the first VLAN and the first data-interface 110 associate determination after, the first interface token record has First data-interface 110 and the corresponding relation of its IP address.First forwarding module is according to the destination of the information received Location, corresponding network segment corresponding data interface is first searched in first routing table and is forwarded.
For example, the firewall box 400 destination address is forwarded to for the information of second target device 300 it is described After first forwarding module, the data transfer equipment 100 believes this according to first routing table of first forwarding module Breath is forwarded to corresponding first data-interface 110.
Specifically, in the present embodiment, the second target device 300 is sent to the letter of first object equipment 200 for realization Breath imports the firewall box 400, and first forwarding module is preset with the first static routing, and first static routing is used In the information for receiving first forwarding module, the information that destination address is not recorded in first routing table passes through Second data-interface 120 is forwarded to the firewall box 400.
For example, the data transfer equipment 100 is sent to first object equipment receiving second target device 300 During 200 information, if not searching corresponding forwarding interface, root in the first interface table according to the destination address of the information The information is forwarded to first firewall interface 410 from second data-interface 120 according to first static routing.Institute The forwarding outlet for stating the first static routing can be the IP address of first firewall interface 410.
In the present embodiment, the 3rd data-interface 130 can have fixed IP address, for example, the 3rd number Associated according to interface 130 with the 3rd VLAN, the IP address of the 3rd data-interface 130 could be arranged to second fire prevention The network segment where wall interface 420.
Second forwarding module also includes secondary route table, the secondary route table by second forwarding module with Default dynamic routing or static routing obtain between the first object equipment 200.The secondary route table includes second interface Table, after the completion of the IP address configuration of the 4th data-interface 140, the 4th data-interface is recorded in the second interface table The corresponding relation of 140 and its IP address.Second forwarding module is according to the destination address of the information received, first described the Corresponding network segment corresponding data interface is searched in two routing tables to be forwarded.
Second forwarding module can also be preset with the second static routing, and second static routing is used for described the The destination address that two forwarding modules receive connects for the information of the place network segment of the second target device 300 from the 3rd data Mouth 130 is sent to the firewall box 400.Wherein, because the firewall box 400 is operated in three tiers model, described The forwarding outlet of two static routing can be the IP address of second firewall interface 420.
To realize the information exchange of the data transfer equipment 100 and the first object equipment 200, the 4th data Interface 140 can be communicated by dynamic routing protocol with the first object equipment 200, learn the routing iinformation of outer net, be realized Intercommunication is route, if this, the second static routing redistribution to the dynamic routing.4th data-interface 140 can also Communicated by static routing with the first object equipment 200, if this, second forwarding module is also including a next-hop The default route of the first object equipment 200.
Based on above-mentioned design, the present embodiment provides a kind of data exchange side applied to data transfer equipment 100 shown in Fig. 1 Method, Fig. 2 is refer to, in the method that the present embodiment provides, can be realized by step S110 and step S120 by the second target Equipment 300 sends to the flow of first object equipment 200 and imports the firewall box 400.
Step S110, first forwarding module, which receives, to be needed to send to the first information of the first object equipment 200, According to default first static routing in first routing table, the first information is forwarded to the firewall box 400, So that the first information is forwarded to second forwarding module by the firewall box 400.
Specifically, the destination address for the information that the first forwarding module detection receives.
If the destination address that the data transfer equipment 100 can find the information in the first interface table is corresponding Data-interface, then send this information to the data-interface found.
If the destination address that the data transfer equipment 100 does not find the information in the first interface table is corresponding Data-interface, the information may be from the second target device 300 need send to first object equipment 200 information, then Using the information as the first information, the first information is then forwarded to by the fire prevention according to first static routing First firewall interface 410 of wall.
Step S120, second forwarding module receive the first information that the firewall box 400 forwards, and according to institute State secondary route table and the first information is forwarded to the first object equipment 200.
The data transfer equipment 100 distributes according to the 4th data-interface 140 recorded in the secondary route table IP address, the first information is forwarded to corresponding 4th data-interface 140.
Second target device 300 is sent to described in the data traffic importing of first object equipment 200 in this way, realizing Firewall box 400.
Fig. 3 is refer to, in the method that the present embodiment provides, can be realized by step S210 and step S220 by second Target device 300 sends to the flow of first object equipment 200 and imports the firewall box 400.
Step S210, second forwarding module receives according to the secondary route table to be needed to send to second target Second information of equipment 300, according to default second static routing in the secondary route table, second information is forwarded to The firewall box 400, so that second information is forwarded to first forwarding module by the firewall box 400.
The data transfer equipment 100 can receive second forwarding module according to second static routing Destination address for the information of the place network segment of first object equipment 200 be forwarded to the firewall box 400 it is second anti- Wall with flues interface 420.
Step S220, first forwarding module receive the second information that the firewall box 400 forwards, and according to institute The first routing table is stated to be forwarded to second information and the 300 corresponding data-interface of the second target device.
Destination address of first forwarding module in second information, phase is searched in first routing table The data-interface answered, second information is forwarded to the data-interface searched and reached.
Based on above-mentioned design, the present embodiment is divided by simple VRF and routing configuration is realized first object equipment 200 and the second data traffic between target device 300 import the firewall box 400, configure very convenient simple, network It is easy to problem investigation during failure.
Alternatively, in some cases, it is necessary to by all numbers between the target device 300 of first object equipment 200 and second The firewall box 400 is imported according to flow.
Therefore in the first embodiment of the present embodiment, first static routing can be that default static is route. In step S110, all first information are forwarded to institute by the data transfer equipment 100 according to first static routing State firewall box 400.
Alternatively, in some cases, it is necessary to will be imported with the interaction data flow of the second target device of part 300 described anti- Wall with flues equipment 400, other parts data traffic are directly forwarded by the data transfer equipment 100, for example, will be with purpose The data traffic of the target interaction of part second of the preset address of address first imports the firewall box 400, other parts number Directly forwarded according to flow by the data transfer equipment 100.
Therefore in second of embodiment of the present embodiment, first routing table also includes the 3rd static routing, described First static routing is detailed static routing, and the 3rd static routing route for default static.
First static routing be used for by destination address will meet the information of preset address in first static routing from Second data-interface 120 is forwarded to the firewall box 400.3rd static routing route for default static, uses In in the first interface table and destination address is not met into the described first static information by way of being forwarded across VRF, The firewall box 400 is forwarded to from second data-interface 120.
For example, the destination address of first static routing is first preset address, forwarding outlet is the described 4th Data-interface 140.3rd static routing route for default static, and forwarding outlet is first firewall interface 410 IP address or second data-interface 120.
In step s 110, the data transfer equipment 100 will meet the first information of the first static routing condition The firewall box 400 is forwarded, the first information for not meeting the first static routing condition is static according to the described 3rd The mode across VRF forwardings is routed through, is forwarded to second data-interface 120 being connected with the first object equipment 200.
What deserves to be explained is in the present embodiment, the firewall box 400 for supporting asymmetric flow forwarding can To realize the importing of the partial discharge firewall box 400 by first static routing and the 3rd static routing.For The firewall box 400 of asymmetric flow forwarding is not supported, and the first tactful road can also be configured in second forwarding module By, first configure the list item that source IP is known IP network section and be used for matching flow, then a forwarding behavior group is bound on the list item, should The outlet of forwarding behavior group is first data-interface 110.In this way, pass through the asymmetric flow of the first policy routing realizing Forwarding.
For example, the destination address of first static routing is first preset address, forwarding outlet is the described 4th Data-interface 140.3rd static routing route for default static, and forwarding outlet is first firewall interface 410 IP address or second data-interface 120.
Alternatively, in some cases, it is necessary to will directly pass through institute with the interaction data flow of the second target device of part 300 State data transfer equipment 100 to be forwarded, other parts data traffic imports the firewall box 400, for example, will be with purpose The data traffic of the target interaction of part second of the preset address of address second directly passes through 100 turns of the data transfer equipment Hair, other parts data traffic import the firewall box 400.
Therefore in the third embodiment of the present embodiment, first routing table also includes the 3rd static routing, described 3rd static routing is detailed static routing, and first static routing route for default static.3rd static routing is used In destination address will be met into the information of preset address in the 3rd static routing by way of being forwarded across VRF, from described Four data-interfaces 140 are forwarded to the first object equipment 200.First static routing is that default static is route, for inciting somebody to action Destination address in the first interface table and does not meet the described 3rd static information and forwarded from second data-interface 120 To the firewall box 400.
For example, the destination address of the 3rd static routing is second preset address, forwarding outlet is described first The IP address of firewall interface 410.3rd static routing route for default static, and forwarding outlet connects for the 4th data Mouth 140.
In step s 110, the data transfer equipment 100 will meet the first information of the 3rd static routing condition By way of being forwarded across VRF, the data-interface being connected with the first object equipment 200 is forwarded to.Described will not met The first information of three static routing conditions is forwarded to the firewall box 400 according to first static routing.
What deserves to be explained is in the present embodiment, the firewall box 400 for supporting asymmetric flow forwarding can To realize the direct forwarding of partial discharge by first static routing and the 3rd static routing.For not supporting asymmetric drift The firewall box 400 of forwarding is measured, it is necessary to which the forwarding outlet of second static routing is configured into first data-interface 110, and the second policybased routing is configured, first configure the list item that source IP is known IP network section and be used for matching flow, then on the list item A forwarding behavior group is bound, the outlet of the forwarding behavior group is the 3rd data-interface 130.In this way, pass through described second The forwarding of the asymmetric flow of policy routing realizing.
Alternatively, for not supporting the firewall box 400 of bypass (bypass) function, it is necessary in the firewall box During 400 operation exception, forwarded without the firewall box 400 by the complete independently information of data transfer equipment 100.
Therefore in the present embodiment, RTR (Response Time can be configured on the data transfer equipment 100 Reporter, response time reporter) entity detects the running status of the firewall box 400.And configure and described the Floating static router corresponding to one static routing and the second static routing, detecting the operation irregularity of firewall box 400 When by the floating static router realize directly by the data transfer equipment 100 enter row information forward, realize bypass functionality.
First forwarding module also includes the 4th static routing, and the 4th static routing is first static routing Corresponding floating static router, in 400 operation exception of firewall box, it would be desirable to be sent to the first object equipment 200 information is forwarded to the first object equipment 200 by the 4th data-interface 140.4th static routing AD (Administrative distance, management position away from) value is more than first static routing.
Second forwarding module also includes the 5th static routing, and the 5th static routing is second static routing Corresponding floating static router, for being second target by destination address in 400 operation exception of firewall box The information of the place network segment of equipment 300 is forwarded to second target device 300 by first data-interface 110.Described The AD values of four static routing are more than second static routing.
In the present embodiment, the switching of routing availability can be realized by TRACK functions.For example, the RTR entities lead to Cross ICMP-echo modes and configure detection and the address of the firewall interface 410 of firewall box 400 first, and configure TRACK1 and RTR links.First static routing associates with TRACK1, and the forwarding outlet of the 4th static routing is described 4th data-interface 140, is forwarded across VRF.Second static routing associates with TRACK1, the 5th static routing Forwarding outlet is first data-interface 110, is forwarded across VRF.
In this way, the data transfer equipment 100 can detect the running status of the firewall box 400.When described anti- During the running status exception of wall with flues equipment 400, less first static routing of AD is deleted from first forwarding module, is used The 4th larger static routing of AD values, the first information for being received first forwarding module according to the 4th static routing It is forwarded directly to the data-interface being connected with the first object equipment 200.Meanwhile delete AD from second forwarding module It is worth less second static routing, using the 5th static routing that AD values are larger, according to the 5th static routing by described The second information that two forwarding modules receive is forwarded directly to the data-interface being connected with second target device 300.
Alternatively, the present embodiment also in, the data transfer equipment 100 includes multiple first forwarding modules, different First forwarding module associates different the first VLAN and the 2nd VLAN.Different first VLAN associate the first different numbers According to interface 110.All 2nd VLAN associate same second data-interface 120.Wherein, different VLAN have different gateways.
One of them described first forwarding module, which receives, to be needed to send to the 3rd information of another first forwarding module, According to first static routing, the 3rd information is forwarded to the firewall box 400, so that the firewall box The first information is forwarded to second forwarding module by 400.
Second forwarding module receives the 3rd information that the firewall box 400 forwards, static according to described second Route, the firewall box 400 is forwarded to by second information, so that the firewall box 400 is believed the described 3rd Breath is forwarded to another first forwarding module.
For example, refer to Fig. 4, first forwarding module includes the first forwarding module A (VRF1A is designated as in Fig. 4) and the One forwarding module B (VRF1B is designated as in Fig. 4).
The first forwarding module A associates with VLAN10 and VLAN20, and VLAN10 associates with the first data-interface 110A, VLAN20 associates with the second data-interface 120.The first data-interface 110A is connected with the second target device 300A.For institute It is the first VLAN of the first forwarding module A to state the first forwarding module A, VLAN10, and VLAN20 is the first forwarding module A The 2nd VLAN.
The first forwarding module B associates with VLAN30 and VLAN40, and VLAN30 associates with the first data-interface 110B, VLAN40 associates with the second data-interface 120.The first data-interface 110B is connected with the second target device 300B.For institute It is the first VLAN of the first forwarding module B to state the first forwarding module B, VLAN30, and VLAN40 is the first forwarding module B The 2nd VLAN.
It is described when the second target device 300A sends three information to the second target device 300B VRF1A receives the 3rd information, because the destination address of the 3rd information is not in the first routing table of the VRF1A, The 3rd information is then forwarded to by the firewall box 400 according to its first static routing.
After the firewall box 400 receives the 3rd information, second forwarding module is forwarded to.
3rd information is forwarded back to the firewall box by second forwarding module according to its second static routing 400, the 3rd information is forwarded to second data-interface 120 by the firewall box 400.Now, due to described Two data-interfaces 120 belong to the VLAN20 and VLAN40 simultaneously, then have chosen according to the destination address of the 3rd information VLAN40 gateway, that is, the first forwarding module B is forwarded to, according to first routing table in the first forwarding module B, the 3rd Information is finally forwarded to the second target device 300B.
In this way, the data traffic between second target device 300 in difference in functionality region also passes through the fire wall and set Standby 400 monitoring, ensure that the data transmission security between second target device 300 in difference in functionality region.
Second embodiment
The present embodiment is roughly the same with first embodiment, and its difference is, the firewall box 400 is operated in two Layer transparent mode.First VLAN is trunk patterns, and the 2nd VLAN, the 3rd VLAN and the 4th VLAN are access moulds Formula.The forwarding outlet of first static routing is second data-interface 120, and the forwarding of second static routing exports For the 3rd data-interface 130.
In the present embodiment, realize that RTR entity configurations detect the number when bypassing by the data transfer equipment 100 According to the address of the direct-connected data-interface 130 of fire wall the 3rd of forwarding unit 100.
In this way, the firewall box 400 for being operated in two layers of transparent mode, the scheme of the present embodiment can equally be realized Data traffic between the target device 300 of first object equipment 200 and second is imported into the firewall box 400.
In summary, data forwarding method provided by the invention and equipment, two numbers in data transfer equipment 100 are passed through According to simple routing configuration is performed in forwarding module, realize between the target device 300 of first object equipment 200 and second Data traffic imports firewall box 400.Compared to the networking configuration method of prior art, the solution of the present invention configures more Simply, it is not error-prone, facilitate the progress problem investigation in network failure.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (15)

1. a kind of data forwarding method, applied to data transfer equipment, it is characterised in that the data transfer equipment is respectively with One target device, the second target device and firewall box connection;The data transfer equipment be preset with the first forwarding module and Second forwarding module, first forwarding module include the first routing table, and second forwarding module includes secondary route table;Institute The method of stating includes:
First forwarding module, which receives, to be needed to send to the first information of the first object equipment, according to the first via by Default first static routing in table, the firewall box is forwarded to by the first information, so that the firewall box The first information is forwarded to second forwarding module;
Second forwarding module receives the first information of the firewall box forwarding, and according to the secondary route table by institute State the first information and be forwarded to the first object equipment, the secondary route table passes through second forwarding module and described first Default dynamic routing or static routing obtain between target device;
Second forwarding module receives according to the secondary route table to be needed to send to the second letter of second target device Breath, according to default second static routing in the secondary route table, the firewall box is forwarded to by second information, So that second information is forwarded to first forwarding module by the firewall box;
First forwarding module receives the second information of the firewall box forwarding, and will according to default first routing table Second information is forwarded to data-interface corresponding with second target device.
2. according to the method for claim 1, it is characterised in that first routing table includes first interface table, and described the The network segment where record has second target device in one interface table is corresponding with the data-interface of the data transfer equipment to close System;First forwarding module receives the second information of the firewall box forwarding, and will according to default first routing table Second information is forwarded to the step of data-interface corresponding with second target device, including:
Destination address of first forwarding module in second information, corresponding number is looked in first routing table According to interface, second information is forwarded to the data-interface searched and reached.
3. according to the method for claim 2, it is characterised in that first forwarding module, which receives, to be needed to send to described the The first information of one target device, according to default first static routing, the first information is forwarded to the fire wall and set Standby step, including:
The destination address for the information that the first forwarding module detection receives, described first is not recorded in by the destination address Information in interface table is as the first information;
The first information is forwarded to by the firewall box according to first static routing.
4. according to the method for claim 3, it is characterised in that institute is according to first static routing by the first information The step of being forwarded to the firewall box, including:
All first information are forwarded to by the firewall box according to first static routing.
5. according to the method for claim 3, it is characterised in that first routing table also includes the 3rd static routing, institute It is detailed static routing to state the first static routing, and the 3rd static routing route for default static;It is described according to described first The step of first information is forwarded to the firewall box by static routing, including:
The first information for meeting the first static routing condition is forwarded into the firewall box;
The first information for not meeting the first static routing condition is forwarded to and described according to the 3rd static routing The data-interface of one target device connection.
6. according to the method for claim 3, it is characterised in that first routing table also includes the 3rd static routing, institute State the first static routing to route for default static, the 3rd static routing is detailed static routing;It is described according to described first The step of first information is forwarded to the firewall box by static routing, including:
The first information for meeting the 3rd static routing condition is forwarded to the data being connected with the first object equipment to connect Mouthful;
The first information for not meeting the 3rd static routing condition is forwarded to the fire prevention according to first static routing Wall equipment.
7. according to the method for claim 1, it is characterised in that first routing table also includes the 4th static routing, institute Stating secondary route table also includes the 5th static routing, and methods described also includes:
Detect the running status of the firewall box;
When the running status exception of the firewall box, first forwarding module is connect according to the 4th static routing The first information received is forwarded directly to the data-interface being connected with the first object equipment, according to the 5th static routing The data-interface that the second information that second forwarding module receives is forwarded directly to be connected with second target device.
8. according to the method for claim 1, it is characterised in that the multiple first forwarding moulds of data transfer equipment Block, different first forwarding modules connect from different second target devices;Methods described also includes:
One of them described first forwarding module, which receives, to be needed to send to the 3rd information of another first forwarding module, according to First static routing, the 3rd information is forwarded to the firewall box, so that the firewall box is by described in 3rd information is forwarded to second forwarding module;
Second forwarding module receives the 3rd information of the firewall box forwarding, will according to second static routing Second information is forwarded to the firewall box, so that the 3rd information is forwarded to another institute by the firewall box State the first forwarding module.
9. a kind of data transfer equipment, it is characterised in that the data transfer equipment includes the first data-interface, the second data connect Mouth, the 3rd data-interface and the 4th data-interface;The data transfer equipment is preset with the first forwarding module and the second forwarding mould Block, first forwarding module include the first routing table, and second forwarding module includes secondary route table;First data Interface and the second data-interface associate with first forwarding module, the 3rd data-interface and the 4th data-interface and second Forwarding module associates;
First forwarding module is connected by first data-interface with the second target device, and passes through second data Interface is connected with firewall box;Destination address is second mesh according to first routing table by first forwarding module The information of marking device is forwarded to corresponding first data-interface;First routing table includes the first static routing, and described One static routing is used to the information for being sent to first object equipment will be needed to be forwarded to the fire prevention by second data-interface Wall equipment, so that the information received from first forwarding module is forwarded to the second forwarding mould by the firewall box Block;
Second forwarding module passes through the described 3rd by the 4th data-interface and the first object linking of devices Data-interface is connected with the firewall box;The secondary route table includes the second static routing, the second static road By the destination address for second forwarding module to be received for the network segment where second target device information from institute State the 3rd data-interface and be sent to the firewall box, so that the firewall box will receive from second forwarding module To information be forwarded to first forwarding module.
10. data transfer equipment according to claim 9, it is characterised in that the data transfer equipment is preset with first VLAN, the 2nd VLAN, the 3rd VLAN and the 4th VLAN, the first VLAN associate with first data-interface, and described second VLAN associates with second data-interface, and the 3rd VLAN associates with the 3rd data-interface, the 4th VLAN with The 4th data-interface association;First VLAN and the 2nd VLAN belongs to first forwarding module, the 3rd VLAN And the 4th VLAN belong to second forwarding module;First routing table includes first interface table, in the first interface table The corresponding relation of the network segment and first data-interface where record has second target device.
11. data transfer equipment according to claim 10, it is characterised in that first static routing is default static Route, for by all purposes address not the information in the first interface table be forwarded to from second data-interface it is described Firewall box.
12. data transfer equipment according to claim 10, it is characterised in that also include the 3rd in first routing table Static routing, first static routing are detailed static routing, and the 3rd static routing route for default static;
First static routing is used to destination address will meet the information of preset address in first static routing from described Second data-interface is forwarded to the firewall box;
3rd static routing route for default static, in the first interface table and destination address not to be met into institute State the first static information and be forwarded to the first object equipment from the 4th data-interface.
13. data transfer equipment according to claim 10, it is characterised in that it is quiet that first routing table also includes the 3rd State is route, and the 3rd static routing is detailed static routing, and first static routing route for default static;
3rd static routing is used to destination address will meet the information of preset address in the 3rd static routing from described 4th data-interface is forwarded to the first object equipment;
First static routing route for default static, in the first interface table and destination address not to be met into institute State the 3rd static information and be forwarded to the firewall box from second data-interface.
14. data transfer equipment according to claim 9, it is characterised in that:
First routing table also includes the 4th static routing, and the 4th static routing is used to run in the firewall box When abnormal, it would be desirable to which the information that the first object equipment is sent to by the second data-interface is turned by the 4th data-interface It is sent to the first object equipment;
The secondary route table also includes the 5th static routing, and the 5th static routing is used to run in the firewall box When abnormal, by destination address, the information of the network segment where second target device is forwarded to institute by first data-interface State the second target device.
15. data transfer equipment according to claim 10, it is characterised in that the data transfer equipment includes multiple the One forwarding module, different first forwarding modules associate different the first VLAN and the 2nd VLAN;Difference described first VLAN associates the first different data-interfaces;All 2nd VLAN associate same second data-interface.
CN201710917703.4A 2017-09-30 2017-09-30 Data forwarding method and equipment Pending CN107707478A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710917703.4A CN107707478A (en) 2017-09-30 2017-09-30 Data forwarding method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710917703.4A CN107707478A (en) 2017-09-30 2017-09-30 Data forwarding method and equipment

Publications (1)

Publication Number Publication Date
CN107707478A true CN107707478A (en) 2018-02-16

Family

ID=61184074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710917703.4A Pending CN107707478A (en) 2017-09-30 2017-09-30 Data forwarding method and equipment

Country Status (1)

Country Link
CN (1) CN107707478A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987842A (en) * 2022-12-15 2023-04-18 浪潮思科网络科技有限公司 Fault positioning method, device, equipment and medium based on firewall side-hanging mode

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030177072A1 (en) * 2002-03-12 2003-09-18 Carlos Bared Internet-based grocery ordering system and method for providing drive-through customer pickup of grocery orders at multiple locations as selected by customer
KR20040015474A (en) * 2002-08-13 2004-02-19 시큐아이닷컴 주식회사 Network system and method of asymmetric traffic processing for load dispersion
CN1802641A (en) * 2003-04-09 2006-07-12 思科技术公司 Selective diversion and injection of communication traffic
CN1823506A (en) * 2003-09-29 2006-08-23 思科技术公司 Methods and apparatus for routing of information depending on the traffic direction
CN101030890A (en) * 2007-04-10 2007-09-05 杭州华为三康技术有限公司 Flexibly grouping method and its related route apparatus
CN101060432A (en) * 2007-04-10 2007-10-24 杭州华三通信技术有限公司 An IPS equipment flexible arrangement method and relevant equipment
CN201204611Y (en) * 2008-04-24 2009-03-04 上海地面通信息网络有限公司 Control device for interconnect and intercommunication of telecom, China Union and CNC
CN201757911U (en) * 2010-01-12 2011-03-09 张贻转 Automatic-touching ordering multimedia system
CN102065001A (en) * 2009-11-17 2011-05-18 杭州华三通信技术有限公司 Implementation method and equipment of one-way access control
CN202111738U (en) * 2011-07-12 2012-01-11 四川创意信息技术股份有限公司 Network output system based on core exchanger
CN102404178A (en) * 2010-09-09 2012-04-04 上海地面通信息网络有限公司 Four-network interconnection control system
CN104022973A (en) * 2014-06-18 2014-09-03 福建星网锐捷网络有限公司 Message forwarding method, switching module, firewall card and switch
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof
CN204669400U (en) * 2015-06-25 2015-09-23 马秋平 Network egress side safety certification device
CN105207904A (en) * 2014-06-25 2015-12-30 广州市动景计算机科技有限公司 Message processing method, device and router

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030177072A1 (en) * 2002-03-12 2003-09-18 Carlos Bared Internet-based grocery ordering system and method for providing drive-through customer pickup of grocery orders at multiple locations as selected by customer
KR20040015474A (en) * 2002-08-13 2004-02-19 시큐아이닷컴 주식회사 Network system and method of asymmetric traffic processing for load dispersion
CN1802641A (en) * 2003-04-09 2006-07-12 思科技术公司 Selective diversion and injection of communication traffic
CN100484077C (en) * 2003-09-29 2009-04-29 思科技术公司 Method and apparatus for routing information based on the traffic direction
CN1823506A (en) * 2003-09-29 2006-08-23 思科技术公司 Methods and apparatus for routing of information depending on the traffic direction
CN100486181C (en) * 2007-04-10 2009-05-06 杭州华三通信技术有限公司 Flexibly grouping method and its related route apparatus
CN101060432A (en) * 2007-04-10 2007-10-24 杭州华三通信技术有限公司 An IPS equipment flexible arrangement method and relevant equipment
CN101030890A (en) * 2007-04-10 2007-09-05 杭州华为三康技术有限公司 Flexibly grouping method and its related route apparatus
CN201204611Y (en) * 2008-04-24 2009-03-04 上海地面通信息网络有限公司 Control device for interconnect and intercommunication of telecom, China Union and CNC
CN102065001A (en) * 2009-11-17 2011-05-18 杭州华三通信技术有限公司 Implementation method and equipment of one-way access control
CN201757911U (en) * 2010-01-12 2011-03-09 张贻转 Automatic-touching ordering multimedia system
CN102404178A (en) * 2010-09-09 2012-04-04 上海地面通信息网络有限公司 Four-network interconnection control system
CN202111738U (en) * 2011-07-12 2012-01-11 四川创意信息技术股份有限公司 Network output system based on core exchanger
CN104022973A (en) * 2014-06-18 2014-09-03 福建星网锐捷网络有限公司 Message forwarding method, switching module, firewall card and switch
CN105207904A (en) * 2014-06-25 2015-12-30 广州市动景计算机科技有限公司 Message processing method, device and router
CN204669400U (en) * 2015-06-25 2015-09-23 马秋平 Network egress side safety certification device
CN104917653A (en) * 2015-06-26 2015-09-16 北京奇虎科技有限公司 Virtual flow monitoring method based on cloud platform and device thereof

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
佚名: ""VRF技术-原理简介"", 《HTTPS://BLOG.CSDN.NET/DOLPHIN98629/ARTICLE/DETAILS/19408011》 *
佚名: ""大型园区出口配置示例(防火墙旁路部署)"", 《HTTPS://WENKU.BAIDU.COM/VIEW/66545DA527D3240C8447EFE7.HTML》 *
佚名: ""旁挂防火墙配置案例,及说说你部署过的防火墙方式有那些"", 《HTTPS://FORUM.HUAWEI.COM/ENTERPRISE/ZH/THREAD-245473.HTML》 *
杭州华三通信技术有限公司: "《根叔的云图-网络故障大排查》", 31 December 2016 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987842A (en) * 2022-12-15 2023-04-18 浪潮思科网络科技有限公司 Fault positioning method, device, equipment and medium based on firewall side-hanging mode
CN115987842B (en) * 2022-12-15 2024-03-26 浪潮思科网络科技有限公司 Fault positioning method, device, equipment and medium based on firewall bypass mode

Similar Documents

Publication Publication Date Title
CN107911258B (en) SDN network-based security resource pool implementation method and system
EP3681110B1 (en) A region interconnect control using vrf tables across heterogeneous networks
CN105099789B (en) A kind of network element updating method and apparatus
CN101909001B (en) Forwarding frames in a computer network using shortest path bridging
US7978595B2 (en) Method for processing multiple active devices in stacking system and stacking member device
CN102333028B (en) Method and communication equipment for sending messages by using layered bi-layer virtual private network
CN104067566B (en) Shortest path bridging is improved in multizone network
EP1773008A1 (en) Method and system for implementing virtual router redundancy protocol on a resilient packet ring
CN104320502B (en) Terminating gateway IP address distribution method, the method for data transfer, MME and system
CN105281951B (en) Double primary apparatus conflict detection methods and the network equipment in VSU systems
CN102148766A (en) Method for service interworking in PON (passive optical network) under three-layer function networking
CN107733795A (en) Ethernet virtual private networks EVPN and public network interoperability methods and its device
CN107342809A (en) A kind of service feature monitoring and Fault Locating Method and device
CN109327374A (en) Realize the system and method for three-layer VPN network insertion
CN108886494A (en) The method and apparatus established and kept using the pseudo-wire of Intermediate System-to-Intermediate System (IS-IS)
CN102891903A (en) NAT (Network Address Translation) converting method and equipment
CN103200107B (en) Message transmitting method and message transmitting equipment
CN102932251B (en) Realize the method and apparatus of local three layers of termination
CN107707478A (en) Data forwarding method and equipment
CN103534985B (en) Service load allocating method, apparatus and communication system
CN110191042A (en) A kind of message forwarding method and device
CN104253751B (en) A kind of message transmitting method and equipment based on multi-role host
JPWO2010150575A1 (en) Transport control system and transport control server
CN103493439A (en) Information receiving and sending methods and apparatuses
CN101060432B (en) An IPS equipment flexible arrangement method and relevant equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180216

RJ01 Rejection of invention patent application after publication