CN108769084A - A kind of processor and fire wall - Google Patents

A kind of processor and fire wall Download PDF

Info

Publication number
CN108769084A
CN108769084A CN201810987386.8A CN201810987386A CN108769084A CN 108769084 A CN108769084 A CN 108769084A CN 201810987386 A CN201810987386 A CN 201810987386A CN 108769084 A CN108769084 A CN 108769084A
Authority
CN
China
Prior art keywords
processor
data
processing
bus
plane
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810987386.8A
Other languages
Chinese (zh)
Other versions
CN108769084B (en
Inventor
赵瑞东
李若寒
孙大军
孙晓妮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue CNC Electronics Co Ltd
Original Assignee
Shandong Chaoyue CNC Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue CNC Electronics Co Ltd filed Critical Shandong Chaoyue CNC Electronics Co Ltd
Priority to CN201810987386.8A priority Critical patent/CN108769084B/en
Publication of CN108769084A publication Critical patent/CN108769084A/en
Application granted granted Critical
Publication of CN108769084B publication Critical patent/CN108769084B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Abstract

The invention discloses a kind of processor and fire walls, including:Control plane manages various interfaces for providing;Data plane is used for packet-switching and data dissection process;Wherein, control plane processing management control flow, data plane processing business flow are connected between control plane and data plane by bus.The present invention can effectively guarantee network security.

Description

A kind of processor and fire wall
Technical field
The present invention relates to network safety fileds, and more particularly, to a kind of processor and fire wall.
Background technology
With Network Traffic amount explosive growth, the demand to fire wall performance is also higher and higher.Each manufacturer is not The disconnected hardware and software framework to fire wall is improved and perfect, and the process performance of fire wall is made to be continuously improved.2009, Famous IT researchs have studied the development trend in fire wall market with Gartner companies of counselor company, it is proposed that next-generation The concept of fire wall.
According to the research report of Gartner, next generation firewall should have transparent deployment ability, and with tradition fire prevention The functions such as packet filtering, state-detection, NAT (network address translation) and the VPN (Virtual Private Network) of wall in addition to this also need to have There is integration engine, more security module intelligent data linkages, the application for having depth is identified and controlled and flexible propagation energy Power.In subsequent several years, domestic and international security firm releases the next generation firewall product of oneself one after another.
For a long time, the firewall box of home sale uses always foreign chip and software systems, serious under one's control. Firewall system as information security foundation stone uses foreign chip and system, wherein the risk hidden is self-evident.For existing There is the problem of lacking the fire wall using domestic processor in technology, there has been no effective solution schemes at present.
Invention content
In view of this, the purpose of the embodiment of the present invention is to propose a kind of processor and fire wall, can effectively ensure Network security.
Based on above-mentioned purpose, the one side of the embodiment of the present invention provides a kind of processor, including:
Control plane manages various interfaces for providing;
Data plane is used for packet-switching and data dissection process;
Wherein, control plane processing management control flow, data plane processing business flow, control plane and data plane Between connected by bus.
In some embodiments, control plane and data plane include at least one core group, and each core group includes At least one processing core.
In some embodiments, control plane includes a core group, which includes four processing cores, four processing Core is for handling at least one of:Web administration, network configuration management, remote management, SDN controls, intelligence learning, monitoring Alarm, day to audit, security hardening.
In some embodiments, data plane includes 15 core groups, and each core group includes four processing cores, at four Reason core is respectively used to execute data packet:It receives and pre-processes, stream recombinates and parsing, Deep content detection, transmission.
In some embodiments, four processing cores are concurrently run in a pipeline fashion.
In some embodiments, data plane is also compatible with the processing data packets acceleration mechanism of at least one of:DPDK Frame, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
In some embodiments, bus includes at least one of:Configure bus, controlling bus, daily record bus, alarm Bus.
In some embodiments, the model that processor uses has the 2000+ that soars of 64 processing cores.
The another aspect of the embodiment of the present invention additionally provides a kind of data processing method, has used above-mentioned processor.
The another aspect of the embodiment of the present invention, additionally provide a kind of fire wall, including memory, at least one processor with And the computer program that can be run on a memory and on a processor is stored, wherein processor is processor above-mentioned, or Method above-mentioned is executed when executing program.
The present invention has following advantageous effects:Processor and fire wall provided in an embodiment of the present invention, by using The control plane processing management control flow of processor, data plane processing business flow, between control plane and data plane The technical solution connected by bus, can effectively guarantee network security.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to the required attached drawing of embodiment It is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, general for this field For logical technical staff, without creative efforts, other drawings may also be obtained based on these drawings.
Fig. 1 is the structural schematic diagram of processor provided by the invention;
Fig. 2 is the detailed structure view of processor provided by the invention;
Fig. 3 is the hardware architecture diagram of one embodiment of fire wall provided by the invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference The embodiment of the present invention is further described in attached drawing.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention The non-equal entity of a same names or non-equal parameter, it is seen that " first " " second " only for the convenience of statement, does not answer It is interpreted as the restriction to the embodiment of the present invention, subsequent embodiment no longer illustrates this one by one.
Based on above-mentioned purpose, the first aspect of the embodiment of the present invention, it is proposed that a kind of processor.Fig. 1 shows this The structural schematic diagram of the processor provided is provided.
The processor includes:
Control plane 1 manages various interfaces for providing;
Data plane 2 is used for packet-switching and data dissection process;
Wherein, the processing of control plane 1 management control flow, 2 processing business flow of data plane, control plane 1 and data It is connected by bus between plane 2.
Packet-switching and the detailed process of data processing all incorporate data plane 2 into, and the function of data plane 2, which need to occupy, to be set Standby most resources, to ensure the performance of Message processing.The function of control plane 1 is available to network management personnel's use The various management interfaces of the modes management equipment such as Web, SSH (safety shell protocol), NETconf (network configuration protocol) are supported Setting to functions of the equipments, control data plane 2 complete message forwarding and filtering, control plane 1 occupy device resource compared with It is few.
In some embodiments, control plane 1 and data plane 2 include at least one core group, and each core group is wrapped Include at least one processing core.
In some embodiments, control plane 1 includes a core group, which includes four processing cores, at four Reason core is for handling at least one of:Web administration, network configuration management, remote management, SDN controls, intelligence learning, prison Charge police, log audit, security hardening.1 all programmatic bindings of control plane reserve most cores in a core group It is used for data plane 2.
In some embodiments, data plane 2 include 15 core groups, each core group include four processing cores, four Processing core is respectively used to execute data packet:It receives and pre-processes, stream recombinates and parsing, Deep content detection, transmission.Data The whole flow process of processing data packets is divided into four steps by plane 2, respectively the reception and pretreatment of data packet, stream recombination and Deep analysis, Deep content detection and transmission.Four steps are tied to 4 of a core group respectively using core binding technology In processing core.
In some embodiments, four processing cores are concurrently run in a pipeline fashion.4 cores are with pipeline processes Data packet, 15 function core groups are both 15 assembly lines, and concurrent processing network packet improves handling up for next generation firewall Amount.
In some embodiments, data plane 2 is also compatible with the processing data packets acceleration mechanism of at least one of:DPDK Frame, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
In some embodiments, bus includes at least one of:Configure bus, controlling bus, daily record bus, alarm Bus.
In some embodiments, the model that processor uses has the 2000+ that soars of 64 processing cores.
In a specific embodiment, as shown in Fig. 2, 64 cores of 2000+ processors of soaring are divided into 16 work( Energy core group 0-15, each function core group have 4 cores.Control plane operates in function core group 0, and function includes web administration, net Network configuration management, remote management etc. are responsible for receiving management control flow, monitor the operation of fire wall, configure the function of fire wall, Handle the information such as daily record, alarm.Data plane operates on function core group 1-15, is responsible for processing data packets.Data plane application DPDK frames, using the transmitting-receiving pack mode of poll, without lock mechanism, zero duplication technology, big page memory techniques etc. to data pack receiving and transmitting Accelerated.
Data plane 4 cores of each function core group are run according to assembly line, be each responsible for data packet receive and pretreatment, Data packet stream recombinates and deep analysis, data packet Deep content detection, data packet are sent.Wherein, data packet is received and is pre-processed The main reception for completing data packet and 3 layers and resolve packet process below, decide whether to enter according to analysis result The data packet stream of next stage recombinates and deep analysis process flow, and otherwise the data packet is directly entered packet transmission flow journey, It is forwarded processing;Data packet stream recombinates and deep analysis mainly completes the stream recombination of data packet, and carries out profound data Parsing identifies application type, transfers to data packet Deep content detection flow to be further processed analysis result;Data packet is deep Content detection is spent according to resolve packet as a result, firewall filtering is completed according to firewall policy and threat characteristics library, using knowledge It does not filter, the work such as Deep content detection filtering enter next stage, otherwise discard processing by the data packet of detection;Data Packet, which is sent, to be sent out by allocation of packets to the transmit queue of corresponding network interface card from network interface card hardware according to data packet by query result It sees off, complete Message processing and discharges caching.
From above-described embodiment as can be seen that processor provided in an embodiment of the present invention, flat by using the control of processor Surface treatment management controls flow, and data plane processing business flow is connected between control plane and data plane by bus Technical solution can effectively guarantee network security.
Based on above-mentioned purpose, the second aspect of the embodiment of the present invention, it is proposed that a kind of data processing method.Data processing Method has used processor above-mentioned.
From above-described embodiment as can be seen that data processing method provided in an embodiment of the present invention, by using processor Control plane processing management control flow, data plane processing business flow pass through bus between control plane and data plane The technical solution of connection can effectively guarantee network security.
Based on above-mentioned purpose, a kind of third aspect of the embodiment of the present invention, it is proposed that fire wall.Fire wall includes storage Device, at least one processor and storage are on a memory and the computer program that can run on a processor, wherein processor For processor above-mentioned, or method above-mentioned is executed when executing program.
As shown in figure 3, the hardware architecture diagram of one embodiment for fire wall provided by the invention.
Include a processor 301 and a memory in the fire wall by taking fire wall as shown in Figure 3 as an example 302, and can also include:Input unit 303 and output device 304.
Processor 301, memory 302, input unit 303 and output device 304 can pass through bus or other modes It connects, in Fig. 3 for being connected by bus.
Memory 302 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey Sequence, non-volatile computer executable program and module, such as the corresponding program instruction/mould of the processor in the embodiment of the present application Block.Processor 301 is by running non-volatile software program, instruction and the module of storage in the memory 302, to execute The processor of above method embodiment is realized in the various function application of server and data processing.
Memory 302 may include storing program area and storage data field, wherein storing program area can store operation system System, the required application program of at least one function;Storage data field can be stored uses created data according to processor Deng.In addition, memory 302 may include high-speed random access memory, can also include nonvolatile memory, for example, at least One disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments, memory 302 Optional includes the memory remotely located relative to processor 301, these remote memories can pass through network connection to local Module.The example of above-mentioned network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Input unit 303 can receive the number or character information of input, and generate with the user setting of processor and The related key signals input of function control.Output device 304 may include that display screen etc. shows equipment.
Corresponding program instruction/the module of one or more of processors is stored in the memory 302, when by institute When stating the execution of processor 301, the processor in above-mentioned any means embodiment is executed.
Any one embodiment of the computer equipment for executing processor can reach corresponding aforementioned arbitrary The identical or similar effect of embodiment of the method.
Finally, it should be noted that one of ordinary skill in the art will appreciate that realizing the whole in above-described embodiment method Or part flow, it can be completed by computer program to instruct related hardware, the program can be stored in a computer In read/write memory medium, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..The embodiment of the computer program can reach corresponding aforementioned The identical or similar effect of embodiment of the method for anticipating.
In addition, typically, it can be various electric terminal equipments, example that the embodiment of the present invention, which discloses described device, equipment etc., Such as mobile phone, personal digital assistant (PDA), tablet computer (PAD), smart television, can also be large-scale terminal device, such as service Device etc., therefore protection domain disclosed by the embodiments of the present invention should not limit as certain certain types of device, equipment.The present invention is real Apply example disclose the client can be applied to the combining form of electronic hardware, computer software or both it is above-mentioned arbitrary In a kind of electric terminal equipment.
In addition, disclosed method is also implemented as the computer program executed by CPU according to embodiments of the present invention, it should Computer program can store in a computer-readable storage medium.When the computer program is executed by CPU, the present invention is executed The above-mentioned function of being limited in method disclosed in embodiment.
In addition, above method step and system unit can also utilize controller and for storing so that controller is real The computer readable storage medium of the computer program of existing above-mentioned steps or Elementary Function is realized.
In addition, it should be appreciated that computer readable storage medium (for example, memory) as described herein can be volatile Property memory or nonvolatile memory, or may include both volatile memory and nonvolatile memory.As example And not restrictive, nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable to son ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory.Volatile memory may include arbitrary access Memory (RAM), the RAM can serve as external cache.As an example and not restrictive, RAM can be with more Kind form obtains, such as synchronous random access memory (DRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate SDRAM (DDR SDRAM), enhancing SDRAM (ESDRAM), synchronization link DRAM (SLDRAM) and directly Rambus RAM (DRRAM). The storage device of disclosed aspect is intended to the memory of including but not limited to these and other suitable type.
Those skilled in the art will also understand is that, various illustrative logical blocks, mould in conjunction with described in disclosure herein Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate This interchangeability of part and software, with regard to various exemplary components, square, module, circuit and step function to its into General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application To the design constraint of whole system.Those skilled in the art can in various ways realize described for each concrete application Function, but this realization decision should not be interpreted as causing a departure from range disclosed by the embodiments of the present invention.
Various illustrative logical blocks, module and circuit in conjunction with described in disclosure herein can be utilized and be designed to The following component of function described here is executed to realize or execute:General processor, digital signal processor (DSP), special collection At circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, divide Any combinations of vertical hardware component or these components.General processor can be microprocessor, but alternatively, processing Device can be any conventional processors, controller, microcontroller or state machine.Processor can also be implemented as computing device Combination, for example, the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessors combination DSP and/or any Other this configurations.
The step of method in conjunction with described in disclosure herein or algorithm, can be directly contained in hardware, be held by processor In capable software module or in combination of the two.Software module may reside within RAM memory, flash memory, ROM storages Device, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art it is any its In the storage medium of its form.Illustrative storage medium is coupled to processor so that processor can be from the storage medium Information is written to the storage medium in middle reading information.In an alternative, the storage medium can be with processor collection At together.Pocessor and storage media may reside in ASIC.ASIC may reside in user terminal.It is replaced at one In scheme, pocessor and storage media can be used as discrete assembly resident in the user terminal.
In one or more exemplary designs, the function can be real in hardware, software, firmware or its arbitrary combination It is existing.If realized in software, can be stored in using the function as one or more instruction or code computer-readable It is transmitted on medium or by computer-readable medium.Computer-readable medium includes computer storage media and communication media, The communication media includes any medium for helping computer program being transmitted to another position from a position.Storage medium It can be any usable medium that can be accessed by a general purpose or special purpose computer.As an example and not restrictive, the computer Readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc memory apparatus, disk storage equipment or other magnetic Property storage device, or can be used for carry or storage form be instruct or data structure required program code and can Any other medium accessed by general or specialized computer or general or specialized processor.In addition, any connection can It is properly termed as computer-readable medium.For example, if using coaxial cable, optical fiber cable, twisted-pair feeder, digital subscriber line (DSL) or such as wireless technology of infrared ray, radio and microwave to send software from website, server or other remote sources, Then above-mentioned coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as wireless technology of infrared ray, radio and microwave are included in The definition of medium.As used herein, disk and CD include compact disk (CD), laser disk, CD, digital versatile disc (DVD), floppy disk, Blu-ray disc, wherein disk usually magnetically reproduce data, and CD using laser optics reproduce data.On The combination for stating content should also be as being included in the range of computer-readable medium.
It is exemplary embodiment disclosed by the invention above, it should be noted that in the sheet limited without departing substantially from claim Under the premise of inventive embodiments scope of disclosure, it may be many modifications and change.According to open embodiment described herein The function of claim to a method, step and/or action be not required to execute with any particular order.In addition, although the present invention is implemented Element can be described or be required in the form of individual disclosed in example, but be odd number unless explicitly limited, it is understood that be multiple.
It should be understood that it is used in the present context, unless context clearly supports exception, singulative " one It is a " (" a ", " an ", " the ") be intended to also include plural form.It is to be further understood that "and/or" used herein is Finger includes one or the arbitrary and all possible combinations of more than one project listed in association.
It is for illustration only that the embodiments of the present invention disclose embodiment sequence number, can not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not It is intended to imply that range disclosed by the embodiments of the present invention (including claim) is limited to these examples;In the think of of the embodiment of the present invention Under road, it can also be combined between the technical characteristic in above example or different embodiments, and exist as described above Many other variations of the different aspect of the embodiment of the present invention, for simplicity, they are not provided in details.Therefore, all at this Within the spirit and principle of inventive embodiments, any omission, modification, equivalent replacement, improvement for being made etc. should be included in this hair Within the protection domain of bright embodiment.

Claims (10)

1. a kind of processor, which is characterized in that including:
Control plane manages various interfaces for providing;
Data plane is used for packet-switching and data dissection process;
Wherein, control plane processing management control flow, the data plane processing business flow, the control plane and It is connected by bus between the data plane.
2. processor according to claim 1, which is characterized in that the control plane and the data plane are including extremely A few core group, each core group include at least one processing core.
3. processor according to claim 2, which is characterized in that the control plane includes a core group, the institute It includes four processing cores to state core group, and four processing cores are for handling at least one of:Web administration, network Configuration management, remote management, SDN controls, intelligence learning, monitoring alarm, log audit, security hardening.
4. processor according to claim 2, which is characterized in that the data plane includes 15 core groups, each The core group includes four processing cores, and four processing cores are respectively used to execute data packet:It receives and locates in advance Reason, stream recombination and parsing, Deep content detection, transmission.
5. processor according to claim 4, which is characterized in that four processing cores in a pipeline fashion and ship Row.
6. processor according to claim 4, which is characterized in that the data plane is also compatible with the number of at least one of Acceleration mechanism is handled according to packet:DPDK frames, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
7. processor according to claim 1, which is characterized in that the bus includes at least one of:Configuration bus, Controlling bus, daily record bus, alarm bus.
8. processor according to claim 1, which is characterized in that the model that the processor uses has described in 64 The 2000+ that soars of processing core.
9. a kind of data processing method, which is characterized in that use processor as claimed in any one of claims 1 to 6.
10. a kind of fire wall, including memory, at least one processor and it is stored on the memory and can be at the place The computer program run on reason device, which is characterized in that the processor is the place as described in any one of claim 1-8 Reason device or the processor execute method as claimed in claim 9 when executing described program.
CN201810987386.8A 2018-08-28 2018-08-28 Processor and firewall Active CN108769084B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810987386.8A CN108769084B (en) 2018-08-28 2018-08-28 Processor and firewall

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810987386.8A CN108769084B (en) 2018-08-28 2018-08-28 Processor and firewall

Publications (2)

Publication Number Publication Date
CN108769084A true CN108769084A (en) 2018-11-06
CN108769084B CN108769084B (en) 2020-12-15

Family

ID=63966612

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810987386.8A Active CN108769084B (en) 2018-08-28 2018-08-28 Processor and firewall

Country Status (1)

Country Link
CN (1) CN108769084B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600852A (en) * 2020-04-27 2020-08-28 中国舰船研究设计中心 Firewall design method based on programmable data plane
CN112637017A (en) * 2020-12-25 2021-04-09 深圳市高德信通信股份有限公司 Network data analysis method based on application layer data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1879388A (en) * 2003-11-24 2006-12-13 思科技术公司 Dual mode firewall
CN101102200A (en) * 2007-06-15 2008-01-09 中兴通讯股份有限公司 Switcher firewall plug board
CN101304322A (en) * 2008-06-30 2008-11-12 杭州华三通信技术有限公司 Network equipment and packet forwarding method
CN202004785U (en) * 2010-11-30 2011-10-05 汉柏科技有限公司 Small-volume and high-processing capacity firewall system based on multi-core technology
CN106789152A (en) * 2016-11-17 2017-05-31 东软集团股份有限公司 Processor extended method and device based on many queue network interface cards
US20180084477A1 (en) * 2014-10-13 2018-03-22 At&T Intellectual Property I, L.P. System and Methods for Managing a User Data Path

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1879388A (en) * 2003-11-24 2006-12-13 思科技术公司 Dual mode firewall
CN101102200A (en) * 2007-06-15 2008-01-09 中兴通讯股份有限公司 Switcher firewall plug board
CN101304322A (en) * 2008-06-30 2008-11-12 杭州华三通信技术有限公司 Network equipment and packet forwarding method
CN202004785U (en) * 2010-11-30 2011-10-05 汉柏科技有限公司 Small-volume and high-processing capacity firewall system based on multi-core technology
US20180084477A1 (en) * 2014-10-13 2018-03-22 At&T Intellectual Property I, L.P. System and Methods for Managing a User Data Path
CN106789152A (en) * 2016-11-17 2017-05-31 东软集团股份有限公司 Processor extended method and device based on many queue network interface cards

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600852A (en) * 2020-04-27 2020-08-28 中国舰船研究设计中心 Firewall design method based on programmable data plane
CN112637017A (en) * 2020-12-25 2021-04-09 深圳市高德信通信股份有限公司 Network data analysis method based on application layer data
CN112637017B (en) * 2020-12-25 2022-02-08 深圳市高德信通信股份有限公司 Network data analysis method based on application layer data

Also Published As

Publication number Publication date
CN108769084B (en) 2020-12-15

Similar Documents

Publication Publication Date Title
CN102246489B (en) Systems and methods for connection management for asynchronous messaging over http
CN103765851B (en) The system and method redirected for the transparent layer 2 to any service
EP3465987B1 (en) Logging of traffic in a computer network
CN107079060A (en) The system and method optimized for carrier-class NAT
CN104052789A (en) Load balancing for a virtual networking system
CN103685304A (en) Method and system for sharing session information
CN103503424A (en) Systems and methods for implementing connection mirroring in a multi-core system
CN105306368B (en) A kind of transmission method and device of data message
CN101563907B (en) Methods and systems for recording and real-time playback and seeking of a presentation layer protocol data stream
CN103973704A (en) Domain name resolution method, device and system based on WIFI device
CN102685101A (en) Proxy communications on a social network
CN107247648A (en) Method, the apparatus and system of remote items system supervisory are realized based on Docker
CN108769084A (en) A kind of processor and fire wall
CN107800722A (en) Isolate the method and device of industrial control equipment and external network server
CN113885797B (en) Data storage method, device, equipment and storage medium
CN105812432A (en) Cloud file processing method and device
CN116582365B (en) Network traffic safety control method and device and computer equipment
CN110321199B (en) Method and device for notifying common data change, electronic equipment and medium
CN106713462A (en) Network data packet processing method and device
CN110413382A (en) A kind of method, equipment and the readable medium of the resource dynamic adjustment of Docker container
US20140298325A1 (en) Secure and reliable mechanism to provide a single object instance in a clustered system
CN107592340A (en) The method and apparatus of remote operation management server
CN103279308B (en) The caching method of remote application interface and device
CN109117221A (en) Data sharing method, device, equipment and the storage medium of active window
CN112291210B (en) Method and device for acquiring front-end equipment catalog

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant