CN108234394A - Gateway automatic defense virus system - Google Patents
Gateway automatic defense virus system Download PDFInfo
- Publication number
- CN108234394A CN108234394A CN201611154244.0A CN201611154244A CN108234394A CN 108234394 A CN108234394 A CN 108234394A CN 201611154244 A CN201611154244 A CN 201611154244A CN 108234394 A CN108234394 A CN 108234394A
- Authority
- CN
- China
- Prior art keywords
- secure
- security gateway
- gateway
- cluster
- backup
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of realization gateway automatic defense virus system, wherein method includes:Secure gateway cluster elects one of them to be used as main security gateway in multiple security gateway equipments in advance, other are as backup secure;Main security gateway identifies a need for the data flow of antivirus, and the data flow killed virus is sent in backup secure by inquiring cluster slip condition database and predetermined load balance policy;The data flow killed virus that carries out received is carried out antivirus processing, and will be sent to main security gateway after treated data stream by backup secure;Main security gateway is decapsulated and is forwarded to the data packet through antivirus processing;The present invention realizes the transparency of secure gateway cluster and high performance unification, on the basis of secure gateway cluster high availability is kept, by effective dynamic load balancing mechanism, improves the whole resource utilization of secure gateway cluster.
Description
Technical field
The present invention relates to technical field of network security more particularly to a kind of gateway automatic defense virus systems.
Background technology
With the continuous development of network technology and network security technology, traditional security gateway function cannot meet day
The various new demands that benefit occurs.Traditional security gateway only does central access control in network layer, incompetent to the safety of application layer
For power, security gateway of new generation needs also to carry out centralized Control to the safety of application layer, to realize network from two layers to seven layer
Stereo safety control.In emerging application layer security function, anti-virus functionality has very important status, security gateway
It needs to the FTP, HTTP, POP3 by security gateway, the flows such as SMTP, IMAP carry out real-time virus scan, in documents
Content and anti-virus library in the condition code that stores, and relevant treatment is carried out to containing virulent file, if the file of transmission
It is the file of certain compressed format, then virus scan module needs to compress file, wherein all files of scanning, with reality
Now comprehensive antivirus function.Security gateway antivirus is the action of CPU intensive type, if data traffic is larger, anti-virus module can account for
With relatively more processor time and memory, will inevitably other functions of whole system be generated with certain influence, drop
The effective utilization of low system.
It is generally certain by the way that the flow for carrying out virus scan will be needed to pass through in order to improve the ability of security gateway antivirus
Mode is assigned in different secure gateway cluster equipment, and the throughput of whole system is improved with this.There are mainly two types of at present
Implementation method:
First method by carrying out the division of multiple working groups on secure gateway cluster, also achievees the effect that load balancing,
For different antivirus flows by the different operating group being sent in cluster by force, each working group in cluster is receiving stream
It can all be handled after amount, so as to fulfill the static load balancing of antivirus flow.Networking is carried out using static load balancing mode,
Secure gateway cluster externally shows as multiple logical device, and upstream and downstream equipment must carry out complicated configuration.Flow cannot simultaneously
The state of each equipment in secure gateway cluster carries out load balancing, can only carry out flow hair according to the strategy defined
It send.The security gateway equipment in cluster cannot carry out selective processing for the flow received simultaneously, as long as upstream and downstream is set
Preparation, which is brought, must just be handled.
Second method by adding special load-balancing device in a network, can reach dynamic load balancing effect
Fruit.It, can be according to flow and secure gateway cluster using the upper-layer protocol identification of special equipment and the flow dynamics ability of equalization
The state of equipment come realize antivirus flow dynamic load leveling.Dynamic load leveling scheme based on special load-balancing device
Shortcoming, must it is also obvious that general special load-balancing device is very expensive, while if to exclude the Single Point of Faliure in network
Must network establishment be carried out with the pattern of two-node cluster hot backup, cause to waste load balancing backup safety net while input is expanded
Pass and the system resource of secure gateway cluster backup secure.
Invention content
In view of above-mentioned analysis, the present invention is intended to provide a kind of gateway automatic defense virus system, to solve existing skill
By the way that the flow for needing to carry out virus scan is assigned to different secure gateway clusters by certain mode present in art
Caused problems in equipment.
The purpose of the present invention is mainly achieved through the following technical solutions:
The present invention provides a kind of method for realizing secure gateway cluster anti-virus, including:
Secure gateway cluster elects one of them to be used as main security gateway in multiple security gateway equipments in advance, other are as standby
Part security gateway;
The data flow received is identified in the main security gateway, identifies a need for the data flow of antivirus, and leads to
It crosses inquiry cluster slip condition database and the data flow killed virus is sent to by it using predetermined load balance policy and select
Backup secure on;
The data flow killed virus that carries out received is carried out antivirus processing, and will pass through by the selected backup secure
Kill virus processing data stream into being sent to the main security gateway after data packet;
The main security gateway is right after the data packet handled through antivirus that the selected backup secure is sent is received
The data packet is decapsulated, and then the data packet is forwarded by normal process flow.
Further, the secure gateway cluster is elected one of as main peace in multiple security gateway equipments in advance
Full gateway, other are specifically included as the step of backup secure:
The secure gateway cluster elects one of them to be used as main security gateway according to the security gateway equipment priority of setting,
He is as backup secure;And the secure gateway cluster be additionally operable to security gateway equipment each monitoring interface into
Row weight setting when priority is consistent, carries out selecting main security gateway according to different interface weights.
Further, the method further includes:When the secure gateway cluster detects that current main security gateway generation is different
After reason condition cisco unity malfunction, the main safety of conduct is chosen again in all backup secures according to priority algorithm
Gateway, and carry out the migration process of main security gateway.
Further, the data flow received is identified in the main security gateway, identifies a need for antivirus
Data flow, and the data flow killed virus is sent to by its selected backup safety net according to predetermined load balance policy
The step of shutting specifically includes:
The main security gateway carries out safety regulation matching to the data flow received, to carrying out the data flow of antivirus processing
And its connection table is marked;Then the data flow killed virus is sent to it according to predetermined load balance policy to select
Backup secure on carry out antivirus processing;Wherein, it is included in the safety regulation to meeting ICP/IP protocol in data flow
IP packet five-tuple attribute specification;The predetermined load balance policy is:Polling algorithm, weight polling algorithm or dynamic
Polling algorithm.
Further, the method further includes:All backups of the main security gateway real time monitoring secure gateway cluster
The state of security gateway when having determined the failure of some backup secure, shields the backup secure, and should
The work of backup secure is transferred to the other equipment in cluster.
The present invention also provides a kind of system for realizing secure gateway cluster anti-virus, including:Multiple security gateway equipments
The secure gateway cluster of composition, wherein,
The secure gateway cluster, for one of them being elected to be used as main security gateway in multiple security gateway equipments in advance,
Other are as backup secure;
The main security gateway for the data flow received to be identified, identifies a need for the data flow of antivirus, and
And the data flow killed virus is sent in its selected backup secure according to predetermined load balance policy;And
The main security gateway is additionally operable to after the data packet handled through antivirus that the selected backup secure is sent is received,
Data packet is decapsulated, then the data packet is forwarded by normal process flow;
The backup secure, for the data flow killed virus that carries out received to be carried out antivirus processing, and will pass through
The data stream of processing of killing virus is forwarded into being sent to the main security gateway after data packet.
Further, the secure gateway cluster is specifically used for, it is elected according to the security gateway equipment priority of setting
In a main security gateway of conduct, other are as backup secure;And the secure gateway cluster is additionally operable to safety net
Each the monitoring interface for closing equipment carries out weight setting, when priority is consistent, is selected according to different interface weights
Main security gateway.
Further, the secure gateway cluster is additionally operable to, when detecting that current main security gateway is abnormal situation not
After working normally, a main security gateway of conduct is chosen again in all backup secures according to priority algorithm, and
Carry out the migration process of main security gateway.
Further, the main security gateway specifically includes:Flow detection module and load balancing module, wherein,
The flow detection module, for carrying out safety regulation matching to the data flow received, to needing to carry out antivirus processing
Data flow and its connection table be marked;The IP packet to meeting ICP/IP protocol in data flow is included in the safety regulation
Five-tuple attribute specification;
The load balancing module, for the data flow killed virus to be sent to its choosing according to predetermined load balance policy
Antivirus processing is carried out in fixed backup secure;The predetermined load balance policy is:Polling algorithm, weight polling algorithm or
Person's dynamic polling algorithm.
Further, the main security gateway is additionally operable to, and monitors all backup secures of secure gateway cluster in real time
State, when having determined the failure of some backup secure, according to load balancing by the number in the backup secure
It is sent in other backup secures according to stream.
The present invention has the beneficial effect that:
The present invention is by secure gateway cluster main equipment between needing the flow of virus scan secure gateway cluster into Mobile state
Load balancing realizes load-balancing function in cluster.Simultaneously after an equipment in cluster breaks down, flow can be automatic
It is redistributed between the surplus equipment of cluster, after the main equipment of secure gateway cluster breaks down, cluster can be automatic
New main equipment election, and take over cluster load balance function are carried out, realizes the transparency and high-performance of secure gateway cluster
Unification, on the basis of secure gateway cluster high availability is kept, by effective dynamic load balancing mechanism, improve peace
The whole resource utilization of full gateway cluster.Secure gateway cluster has good retractility and autgmentability simultaneously, can not change
Become under conditions of network topology, the throughput that security gateway is killed virus is promoted by simply increasing new security gateway.
Other features and advantages of the present invention will illustrate in the following description, and become aobvious and easy from specification
See or understood by implementing the present invention.The purpose of the present invention and other advantages can be by will in the specification write, right
Specifically noted structure is sought in book and attached drawing to realize and obtain.
Description of the drawings
Fig. 1 is the flow diagram of the method for the invention;
Fig. 2 is the topological structure schematic diagram of a secure gateway cluster in the method for the invention example;
Fig. 3 is the structure diagram of system of the present invention.
Specific embodiment
The preferred embodiment of the present invention is specifically described below in conjunction with the accompanying drawings, wherein, attached drawing forms the application part, and
It is used to illustrate the principle of the present invention together with embodiments of the present invention.For purpose of clarity and simplification, when it may make the present invention
Theme it is smudgy when, illustrating in detail for known function and structure in device described herein will be omitted.
The method of the invention is described in detail with reference to attached drawing 1 first.
As shown in FIG. 1, FIG. 1 is the flow diagrams of the method for the invention, specifically may include steps of:
Step 101:Secure gateway cluster elects one of them to be used as main security gateway in multiple security gateway equipments in advance,
He is as backup secure;Be exactly specifically, due to virus scan to be realized (AV) flow in secure gateway cluster into
Row load-balancing function, and support the transparent access upstream and downstream network environment of secure gateway cluster, secure gateway cluster must be
Inside elects the interaction process that a main security gateway is responsible for carrying out flow with upstream and downstream network environment, and others are as backup
Security gateway only communicates with main security gateway, and transparent relationship is kept with upstream and downstream environment;
Wherein, election process specifically includes:Secure gateway cluster according to the priority facility of setting select main security gateway with it is standby
Part security gateway, priority is high for main security gateway, remaining is backup secure.It simultaneously can be to each of security gateway
A monitoring interface carries out weight setting, and weights are bigger, and the availability for representing this interface is higher, in the consistent feelings of priority facility
Under condition, secure gateway cluster can carry out the election of main security gateway according to different interface weights;
Step 102:The data flow received is identified in main security gateway, identifies a need for the data flow of antivirus, and
And the data flow killed virus is sent in its selected backup secure according to predetermined load balance policy;Specifically
Say to be exactly to carry out safety regulation matching first after data packet enters main security gateway, in safety regulation include to data packet
In meet ICP/IP protocol IP packet five-tuple attribute specification, while in safety regulation also comprising it is in need to data packet into
Capable Killing Tactics.Data packet does not continue to carry out after a safety regulation is had matched the matching of other safety regulations, phase then
The data flow and its connection table for needing progress anti-virus processing can be marked in matched security strategy;Then pass through query set
Group's slip condition database and Dynamic Load-Balancing Strategy determine that data packet is sent in which of cluster backup secure,
By the dedicated heart beat interface of secure gateway cluster by packet encapsulation, it is sent to corresponding backup secure;Security gateway
Cluster state database data has recorded the status information of entire cluster, and status information includes each member device in cluster
Cpu busy percentage, memory usage connect number size, interface status information, priority facility information, virus base information etc..Even
It connects after table is labeled, subsequent packets of all this connections of matching can be all sent to identical backup safety net by main security gateway
It puts capable processing into, while flow load balance is carried out, it is same standby to ensure that the data packet between same stream is assigned to
On part security gateway, ensure the consistency of service and data;
Step 103:The data flow killed virus that carries out received is carried out antivirus processing, and will pass through and kill by backup secure
The data stream of poison processing is into being sent to main security gateway after data packet;It is exactly specifically that backup secure receives
After the data packet that heartbeat oral instructions are brought, virus scan processing is carried out after being decapsulated to data packet, and by virus scan
(AV) flow by the heartbeat mouth of backup secure is sent back main security gateway by the flow after after being Resealed;
Step 104:Main security gateway receive backup secure transmission through antivirus processing data packet after, to data packet into
Row decapsulation, is then forwarded data packet by normal process flow.
The method of the invention further includes:
(device hardware failure, prison after secure gateway cluster detects that main security gateway is abnormal situation cisco unity malfunction
Control interface fault, monitoring software failure), can main security gateway be carried out in secure gateway cluster equipment room according to priority algorithm
Migrate work;After the migration of main security gateway, it is functional that new main security gateway takes over the external institute of entire secure gateway cluster, together
When be responsible for carrying out the flow of reception the work of load balancing according to secure gateway cluster slip condition database.
Also, other equipment state in main security gateway real time monitoring cluster, can be with after having backup secure failure
Adjustment load balancing in real time, shields the backup secure, and the work of the backup secure is transferred to
Other equipment in cluster;It is exactly specifically, once main security gateway detects the backup secure for having failure in cluster,
It can be shielded immediately, and the other equipment in secure gateway cluster is notified to update local secure gateway cluster status data
Library makes it be no longer participate in the operation of cluster and load balancing, and work is transferred to the other equipment in cluster;It is and if main
Security gateway detects that an equipment in cluster can not temporarily work, then detects twice again, unless all failing just thinks this
Equipment failure so as to ensure that it will not be carried out error masking because separate unit security gateway equipment is temporarily busy, causes to interrupt just
Often connection is so as to reduce the efficiency of entire secure gateway cluster.
Other backup nodes in secure gateway cluster other than handling the flow of main security gateway distribution, also can and other
Equipment carries out internal state detection, by the operation conditions for monitoring main security gateway, it is ensured that each equipment in cluster has
One unified secure gateway cluster slip condition database can carry out new main security gateway at once when main security gateway fails
Election, avoids main security gateway Single Point of Faliure.
In the present invention, secure gateway cluster load balancing can be RR (Round Robin, poll) algorithm, WRR
(Weight Round Robin, weight poll) algorithm or DRR (Dynamic RoundRobin, dynamic polling) algorithm, tool
Body is described as follows:
RR algorithms:A kind of most simple method for being also easiest to realize.In entire secure gateway cluster, each security gateway node
All there is identical status, each node cycle rotation of the algorithm in secure gateway cluster selects, each section in cluster
Point is all selected in turn under identical status.The advantages of this method is simple, reduces the communication between group system, section
About system resource, all node processing powers and all identical situation of performance suitable for cluster.
WRR algorithms:The concept of weight is added on the basis of polling algorithm, can be that each equipment in cluster adds
Add a weighted value, can judge the difference of cluster interior joint according to different weighted values when system performs polling algorithm
Status, so as to distribute corresponding flow.Can different weights, processing capacity be set according to the different processing capacity of distinct device
High equipment can be assigned to more flows.
DRR algorithms:Due to network flow distribution and the uncertainty of security gateway equipment working condition, static equilibrium is calculated
Method cannot be adjusted flow according to load and the state of equipment in itself, inherently fail to and ensure real load balancing, this
When will use dynamic load leveling scheme.The slip condition database of entire secure gateway cluster can regularly update, when main safety
When gateway carries out data load balance, can load-balancing mechanism be adjusted according to cluster state Database Dynamic, when detecting
One equipment disposal ability decline or cisco unity malfunction after, the flow for being sent to the equipment can be reduced, excess traffic is born
Load is balanced in the other equipment in cluster.Each equipment in secure gateway cluster can establish a unified cluster shape
State database.The database includes the connection state information of each equipment in secure gateway cluster, interface status information,
CPU state information, internal storage state information, equipment weight information etc..The status information automatic push of each cluster device are to safely
In gateway cluster, the cluster state of other equipment meeting real-time update oneself after the status information for receiving other equipment in cluster
Database information.Each node composition in secure gateway cluster monitors mutually the group system mutually backed up, realizes cluster
The consistency of internal data.
Secure gateway cluster slip condition database needs to safeguard two tables, and one is sender-table, and one is receiver-table, is sent out
Statistics indicate that corresponding secure gateway cluster node load is more than its threshold value and needs migration task in the person's of sending table, recorded in receiver-table
Show that corresponding node load is less than its threshold value and can receive new task.Content in every table passes through the status information between cluster
Carry out real-time update, it is ensured that the main security gateway in secure gateway cluster can carry out the dynamic of flow according to the real time information in table
State load balancing.
Dynamic polling algorithm no longer simply traverses each equipment in cluster or is carried out according to static weighted value
The distribution of load can be dynamically adapted to the flow of respective nodes, when a node processing energy according to the working condition of different nodes
It, can loading to flow dynamics in other available devices after power declines.
For a further understanding of the method for the invention, a specific example will be lifted below and is illustrated.
As shown in Fig. 2, Fig. 2 is the topological structure schematic diagram of a secure gateway cluster, including:Fire wall A, fire wall B,
Fire wall C and fire wall D forms a secure gateway cluster, which accesses network rings by SWITCH-1 and SWITCH-2
Border, cluster externally show as an independent logical device, IP address there are one external, and the other equipment in network does not have to close
The number of equipment and networking situation in heart cluster.Security gateway in cluster is carried out respective heartbeat mouth by SWITCH-3
Connection elects A as main security gateway by cluster priority algorithm, and other equipment is backup secure.Upstream and downstream equipment
Being sent to the flow of cluster can all be sent on main security gateway A, and A security gateways carry out analysis and identification to the flow of reception, right
The flow of virus scan (AV) is needed to be sent to corresponding backup safety net by special purpose interface according to Dynamic Load-Balancing Strategy
It closes.
3 pairs of systems of the present invention are described in detail below in conjunction with the accompanying drawings.
As shown in figure 3, Fig. 3 is the structure diagram of system described in the embodiment of the present invention, can specifically include:Comprising multiple
The secure gateway cluster of security gateway, main security gateway and backup secure, in order to carry out the nothing between master/slave device
Seaming and cutting are changed, and need each security gateway in the cluster that should have identical security strategy, virus base and connection table letter
Breath, these information can be synchronized automatically in the course of work of cluster between cluster, it is ensured that have one to flow after switching
The processing behavior of cause.
(1) secure gateway cluster including multiple security gateway equipments, externally shows as the safety being logically independent
Gateway is mainly responsible for and one of them is elected to be used as main security gateway in multiple security gateway equipments, other are as backup safety
Gateway;It is exactly specifically, since virus scan to be realized (AV) flow carries out load-balancing function in secure gateway cluster,
And support the transparent access upstream and downstream network environment of secure gateway cluster, secure gateway cluster must elect a master in inside
Security gateway is responsible for carrying out the interaction process of flow with upstream and downstream network environment, other as backup secure and main peace
Full gateway communicates, and transparent relationship is kept with upstream and downstream environment;Wherein, election process specifically includes:Secure gateway cluster is according to setting
Fixed priority facility selects main security gateway and backup secure, and priority is high for main security gateway, remaining is backup
Security gateway.Weight setting can be carried out to each monitoring interface of security gateway simultaneously, weights are bigger to represent this interface
Availability it is higher, under priority facility unanimous circumstances, secure gateway cluster can be carried out according to different interface weights
The election of main security gateway;Also, when secure gateway cluster detects that main security gateway is abnormal situation cisco unity malfunction
(device hardware failure monitors interface fault, monitoring software failure) afterwards, can be according to priority algorithm in secure gateway cluster equipment
Between carry out the migration work of main security gateway;After main security gateway migration, new main security gateway takes over entire security gateway collection
The external institute of group is functional, while is responsible for according to secure gateway cluster slip condition database to the flow progress load balancing of reception
Work.
(2) main security gateway is mainly responsible for the load balancing work of entire secure gateway cluster flow for main security gateway
Make, and as by secure gateway cluster flow unique entrance, it is all by backup secure processing flows it is last
It also needs to be sent by main security gateway;It is exactly specifically that the data flow received is identified, is recognized the need for
The data flow killed virus, and it is selected according to predetermined load balance policy the data flow killed virus to be sent to its
In backup secure;And receive backup secure transmission through antivirus processing data packet after, to data packet into
Row decapsulation, is then carried out the forwarding of data packet by normal process flow;
Main security gateway can specifically include:Flow detection module and load balancing module, wherein,
Flow detection module for carrying out safety regulation matching to the data flow received, is included in safety regulation to data packet
In meet ICP/IP protocol IP packet five-tuple attribute specification, to need carry out anti-virus processing flow and its connection table
It is marked;
Load balancing module inquires cluster slip condition database and Dynamic Load-Balancing Strategy determines that data packet is sent out for passing through
It is sent in which of cluster backup secure, by the dedicated heart beat interface of secure gateway cluster by packet encapsulation, hair
It is sent to corresponding backup secure;The predetermined load balance policy can be:Polling algorithm, weight polling algorithm or dynamic
State polling algorithm;
Also, main security gateway will also monitor the state of all backup secures of secure gateway cluster in real time, when having determined
When some backup secure fails, which is shielded, and the work of the backup secure is shifted
Other equipment into cluster.
(3) backup secure, for the data flow killed virus that carries out received to be carried out antivirus processing, and will
Data stream by antivirus processing is forwarded into being sent to main security gateway after data packet;It is exactly specifically to back up
After security gateway receives the data packet that heartbeat oral instructions are brought, virus scan processing is carried out after being decapsulated to data packet,
And flow is sent back by master by the heartbeat mouth of backup secure after the flow after virus scan (AV) is Resealed
Security gateway;Meanwhile alternate device must also monitor the state of entire cluster, to fail, again in current main security gateway
After electing main security gateway, newly generated main security gateway can take over the function to entire cluster in real time.
In conclusion the present invention provides a kind of gateway automatic defense virus system, secure gateway cluster is externally shown as
One security gateway being logically independent carries out main security gateway election by proprietary algorithm in cluster internal, elects
Main security gateway can carry out the other equipment in cluster the work such as status checkout is synchronous with key message, other in cluster are set
Standby is backup secure.In addition to main security gateway, the backup secure in cluster also monitors the status information of entire cluster,
After the failure of main security gateway is detected, new main security gateway election can be carried out automatically, due to backup secure before
Also the state-detection of entire cluster has been carried out, can have been accomplished on the main security gateway newly elected to virus scan (AV) is needed to flow
The seamless load balancing of amount.Main security gateway is responsible for communicating with external environment, and backup secure is only responsible for processing main wall
The flow of transmission, treated that flow is all turned again by proprietary channel by main security gateway for all backup secures
Hair, it is ensured that the transparent access network of entire cluster.
The present invention is realized in secure gateway cluster to the dynamic load leveling of virus scan (AV) flow, solves peace
Full gateway cluster static load balancing mode accesses network complexity, and flexibility is low and is set in a network using special load balancing
The problems such as standby input is big, the wasting of resources.New system model have scheme is cost-effective, be easily achieved, system robust, safety and
The advantages of manageability is strong.It is cheap that one kind is provided on existing network structure basis, effectively, transparent method, to be promoted
Secure gateway cluster utilization rate of equipment and installations and virus scan flow throughput.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art in the technical scope disclosed by the present invention, the change or replacement that can be readily occurred in,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claims
Subject to enclosing.
Claims (10)
- A kind of 1. method for realizing secure gateway cluster anti-virus, which is characterized in that including:Secure gateway cluster elects one of them to be used as main security gateway in multiple security gateway equipments in advance, other are as standby Part security gateway;The data flow received is identified in the main security gateway, identifies a need for the data flow of antivirus, and leads to It crosses inquiry cluster slip condition database and the data flow killed virus is sent to by it using predetermined load balance policy and select Backup secure on;The data flow killed virus that carries out received is carried out antivirus processing, and will pass through by the selected backup secure Kill virus processing data stream into being sent to the main security gateway after data packet;The main security gateway is right after the data packet handled through antivirus that the selected backup secure is sent is received The data packet is decapsulated, and then the data packet is forwarded by normal process flow.
- 2. according to the method described in claim 1, it is characterized in that, the secure gateway cluster is set in advance in multiple security gateways Standby middle election is one of to be used as main security gateway, other are specifically included as the step of backup secure:The secure gateway cluster elects one of them to be used as main security gateway according to the security gateway equipment priority of setting, He is as backup secure;And the secure gateway cluster be additionally operable to security gateway equipment each monitoring interface into Row weight setting when priority is consistent, carries out selecting main security gateway according to different interface weights.
- 3. method according to claim 1 or 2, which is characterized in that the method further includes:When the secure gateway cluster After detecting that current main security gateway is abnormal situation cisco unity malfunction, according to priority algorithm in all backup safety nets A main security gateway of conduct is chosen in the Central Shanxi Plain again, and carries out the migration process of main security gateway.
- 4. method according to claim 1 or 2, which is characterized in that the main security gateway flows into the data received Row identification identifies a need for the data flow of antivirus, and the number that will be killed virus according to predetermined load balance policy The step being sent in its selected backup secure according to stream specifically includes:The main security gateway carries out safety regulation matching to the data flow received, to carrying out the data flow of antivirus processing And its connection table is marked;Then the data flow killed virus is sent to it according to predetermined load balance policy to select Backup secure on carry out antivirus processing;Wherein, it is included in the safety regulation to meeting ICP/IP protocol in data flow IP packet five-tuple attribute specification;The predetermined load balance policy is:Polling algorithm, weight polling algorithm or dynamic Polling algorithm.
- 5. method according to claim 1 or 2, which is characterized in that the method further includes:The main security gateway is real-time The state of all backup secures of secure gateway cluster is monitored, when having determined the failure of some backup secure, to this Backup secure is shielded, and the work of the backup secure is transferred to the other equipment in cluster.
- 6. a kind of system for realizing secure gateway cluster anti-virus, which is characterized in that including:Multiple security gateway equipment compositions Secure gateway cluster, wherein,The secure gateway cluster, for one of them being elected to be used as main security gateway in multiple security gateway equipments in advance, Other are as backup secure;The main security gateway for the data flow received to be identified, identifies a need for the data flow of antivirus, and And the data flow killed virus is sent in its selected backup secure according to predetermined load balance policy;And The main security gateway is additionally operable to after the data packet handled through antivirus that the selected backup secure is sent is received, Data packet is decapsulated, then the data packet is forwarded by normal process flow;The backup secure, for the data flow killed virus that carries out received to be carried out antivirus processing, and will pass through The data stream of processing of killing virus is forwarded into being sent to the main security gateway after data packet.
- 7. system according to claim 6, which is characterized in that the secure gateway cluster is specifically used for, according to setting The election of security gateway equipment priority is one of to be used as main security gateway, other are as backup secure;And the peace Full gateway cluster is additionally operable to carry out weight setting, when priority is consistent, root to each monitoring interface of security gateway equipment It carries out selecting main security gateway according to different interface weights.
- 8. the system described according to claim 6 or 7, which is characterized in that the secure gateway cluster is additionally operable to, and is worked as when detecting After preceding main security gateway is abnormal situation cisco unity malfunction, according to priority algorithm in all backup secures again A main security gateway of conduct is chosen, and carries out the migration process of main security gateway.
- 9. the system described according to claim 6 or 7, which is characterized in that the main security gateway specifically includes:Flow detection mould Block and load balancing module, wherein,The flow detection module, for carrying out safety regulation matching to the data flow received, to needing to carry out antivirus processing Data flow and its connection table be marked;The IP packet to meeting ICP/IP protocol in data flow is included in the safety regulation Five-tuple attribute specification;The load balancing module, for the data flow killed virus to be sent to its choosing according to predetermined load balance policy Antivirus processing is carried out in fixed backup secure;The predetermined load balance policy is:Polling algorithm, weight polling algorithm or Person's dynamic polling algorithm.
- 10. the system described according to claim 6 or 7, which is characterized in that the main security gateway is additionally operable to, real time monitoring peace The state of all backup secures of full gateway cluster, it is equal according to load when having determined the failure of some backup secure Data flow in the backup secure is sent in other backup secures by weighing apparatus strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611154244.0A CN108234394A (en) | 2016-12-14 | 2016-12-14 | Gateway automatic defense virus system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611154244.0A CN108234394A (en) | 2016-12-14 | 2016-12-14 | Gateway automatic defense virus system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108234394A true CN108234394A (en) | 2018-06-29 |
Family
ID=62650396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611154244.0A Pending CN108234394A (en) | 2016-12-14 | 2016-12-14 | Gateway automatic defense virus system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108234394A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2757297C1 (en) * | 2021-04-19 | 2021-10-13 | Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Method for security gateway cluster operation |
| CN114531426A (en) * | 2022-01-05 | 2022-05-24 | 万蚓网络科技(上海)有限公司 | End-to-end streaming media routing method based on back-to-back authentication mode |
-
2016
- 2016-12-14 CN CN201611154244.0A patent/CN108234394A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2757297C1 (en) * | 2021-04-19 | 2021-10-13 | Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Method for security gateway cluster operation |
| CN114531426A (en) * | 2022-01-05 | 2022-05-24 | 万蚓网络科技(上海)有限公司 | End-to-end streaming media routing method based on back-to-back authentication mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101909067A (en) | Antivirus method and system for secure gateway cluster | |
| CN103236949B (en) | Monitoring method, device and the system of a kind of server cluster | |
| CN104488238B (en) | The system and method controlled for cluster link aggregation in network environment | |
| CN103944746B (en) | A kind of method and device of two-node cluster hot backup | |
| CN104243337B (en) | A kind of method and device across cluster load balance | |
| US7587633B2 (en) | Fault tolerant routing in a network routing system based on a passive replication approach | |
| CN108712464A (en) | A kind of implementation method towards cluster micro services High Availabitity | |
| CN101060485B (en) | Topology changed messages processing method and processing device | |
| CN104104570A (en) | Aggregation processing method in IRF (Intelligent Resilient Framework) system and device | |
| CN1812300B (en) | Loop network connection control method, route exchanging equipment and loop network system | |
| US11095476B2 (en) | Spanning tree protocol enabled n-node link aggregation system | |
| CN106375384A (en) | Management system of mirror network flow in virtual network environment and control method | |
| CN108512751B (en) | Port state processing method and network equipment | |
| EP1754071A2 (en) | System and method for detecting link failures | |
| CN109787827B (en) | CDN network monitoring method and device | |
| CN101854283B (en) | Communication method and equipment of RPR (Resilient Packet Ring) looped network | |
| CN112491700B (en) | Network path adjustment method, system, device, electronic equipment and storage medium | |
| CN106953747B (en) | SDN self-healing method based on deep learning | |
| CN104518936B (en) | Link dynamic aggregation method and apparatus | |
| CN103607293B (en) | A kind of flow rate protecting method and equipment | |
| CN105656715B (en) | Method and apparatus for monitoring the state of cloud computing environment lower network equipment | |
| CN103843286A (en) | Triggering a redundant router master/backup status change based on switch connectivity | |
| CN105516292A (en) | Hot standby method of cloud platform of intelligent substation | |
| CN104079497B (en) | High-availability loading balancing equipment and method under transparent network bridge mode | |
| US9065678B2 (en) | System and method for pinning virtual machine adapters to physical adapters in a network environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180629 |
|
| WD01 | Invention patent application deemed withdrawn after publication |