CN108769084A - A kind of processor and fire wall - Google Patents
A kind of processor and fire wall Download PDFInfo
- Publication number
- CN108769084A CN108769084A CN201810987386.8A CN201810987386A CN108769084A CN 108769084 A CN108769084 A CN 108769084A CN 201810987386 A CN201810987386 A CN 201810987386A CN 108769084 A CN108769084 A CN 108769084A
- Authority
- CN
- China
- Prior art keywords
- processor
- data
- processing
- bus
- plane
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Abstract
The invention discloses a kind of processor and fire walls, including:Control plane manages various interfaces for providing;Data plane is used for packet-switching and data dissection process;Wherein, control plane processing management control flow, data plane processing business flow are connected between control plane and data plane by bus.The present invention can effectively guarantee network security.
Description
Technical field
The present invention relates to network safety fileds, and more particularly, to a kind of processor and fire wall.
Background technology
With Network Traffic amount explosive growth, the demand to fire wall performance is also higher and higher.Each manufacturer is not
The disconnected hardware and software framework to fire wall is improved and perfect, and the process performance of fire wall is made to be continuously improved.2009,
Famous IT researchs have studied the development trend in fire wall market with Gartner companies of counselor company, it is proposed that next-generation
The concept of fire wall.
According to the research report of Gartner, next generation firewall should have transparent deployment ability, and with tradition fire prevention
The functions such as packet filtering, state-detection, NAT (network address translation) and the VPN (Virtual Private Network) of wall in addition to this also need to have
There is integration engine, more security module intelligent data linkages, the application for having depth is identified and controlled and flexible propagation energy
Power.In subsequent several years, domestic and international security firm releases the next generation firewall product of oneself one after another.
For a long time, the firewall box of home sale uses always foreign chip and software systems, serious under one's control.
Firewall system as information security foundation stone uses foreign chip and system, wherein the risk hidden is self-evident.For existing
There is the problem of lacking the fire wall using domestic processor in technology, there has been no effective solution schemes at present.
Invention content
In view of this, the purpose of the embodiment of the present invention is to propose a kind of processor and fire wall, can effectively ensure
Network security.
Based on above-mentioned purpose, the one side of the embodiment of the present invention provides a kind of processor, including:
Control plane manages various interfaces for providing;
Data plane is used for packet-switching and data dissection process;
Wherein, control plane processing management control flow, data plane processing business flow, control plane and data plane
Between connected by bus.
In some embodiments, control plane and data plane include at least one core group, and each core group includes
At least one processing core.
In some embodiments, control plane includes a core group, which includes four processing cores, four processing
Core is for handling at least one of:Web administration, network configuration management, remote management, SDN controls, intelligence learning, monitoring
Alarm, day to audit, security hardening.
In some embodiments, data plane includes 15 core groups, and each core group includes four processing cores, at four
Reason core is respectively used to execute data packet:It receives and pre-processes, stream recombinates and parsing, Deep content detection, transmission.
In some embodiments, four processing cores are concurrently run in a pipeline fashion.
In some embodiments, data plane is also compatible with the processing data packets acceleration mechanism of at least one of:DPDK
Frame, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
In some embodiments, bus includes at least one of:Configure bus, controlling bus, daily record bus, alarm
Bus.
In some embodiments, the model that processor uses has the 2000+ that soars of 64 processing cores.
The another aspect of the embodiment of the present invention additionally provides a kind of data processing method, has used above-mentioned processor.
The another aspect of the embodiment of the present invention, additionally provide a kind of fire wall, including memory, at least one processor with
And the computer program that can be run on a memory and on a processor is stored, wherein processor is processor above-mentioned, or
Method above-mentioned is executed when executing program.
The present invention has following advantageous effects:Processor and fire wall provided in an embodiment of the present invention, by using
The control plane processing management control flow of processor, data plane processing business flow, between control plane and data plane
The technical solution connected by bus, can effectively guarantee network security.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to the required attached drawing of embodiment
It is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, general for this field
For logical technical staff, without creative efforts, other drawings may also be obtained based on these drawings.
Fig. 1 is the structural schematic diagram of processor provided by the invention;
Fig. 2 is the detailed structure view of processor provided by the invention;
Fig. 3 is the hardware architecture diagram of one embodiment of fire wall provided by the invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference
The embodiment of the present invention is further described in attached drawing.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention
The non-equal entity of a same names or non-equal parameter, it is seen that " first " " second " only for the convenience of statement, does not answer
It is interpreted as the restriction to the embodiment of the present invention, subsequent embodiment no longer illustrates this one by one.
Based on above-mentioned purpose, the first aspect of the embodiment of the present invention, it is proposed that a kind of processor.Fig. 1 shows this
The structural schematic diagram of the processor provided is provided.
The processor includes:
Control plane 1 manages various interfaces for providing;
Data plane 2 is used for packet-switching and data dissection process;
Wherein, the processing of control plane 1 management control flow, 2 processing business flow of data plane, control plane 1 and data
It is connected by bus between plane 2.
Packet-switching and the detailed process of data processing all incorporate data plane 2 into, and the function of data plane 2, which need to occupy, to be set
Standby most resources, to ensure the performance of Message processing.The function of control plane 1 is available to network management personnel's use
The various management interfaces of the modes management equipment such as Web, SSH (safety shell protocol), NETconf (network configuration protocol) are supported
Setting to functions of the equipments, control data plane 2 complete message forwarding and filtering, control plane 1 occupy device resource compared with
It is few.
In some embodiments, control plane 1 and data plane 2 include at least one core group, and each core group is wrapped
Include at least one processing core.
In some embodiments, control plane 1 includes a core group, which includes four processing cores, at four
Reason core is for handling at least one of:Web administration, network configuration management, remote management, SDN controls, intelligence learning, prison
Charge police, log audit, security hardening.1 all programmatic bindings of control plane reserve most cores in a core group
It is used for data plane 2.
In some embodiments, data plane 2 include 15 core groups, each core group include four processing cores, four
Processing core is respectively used to execute data packet:It receives and pre-processes, stream recombinates and parsing, Deep content detection, transmission.Data
The whole flow process of processing data packets is divided into four steps by plane 2, respectively the reception and pretreatment of data packet, stream recombination and
Deep analysis, Deep content detection and transmission.Four steps are tied to 4 of a core group respectively using core binding technology
In processing core.
In some embodiments, four processing cores are concurrently run in a pipeline fashion.4 cores are with pipeline processes
Data packet, 15 function core groups are both 15 assembly lines, and concurrent processing network packet improves handling up for next generation firewall
Amount.
In some embodiments, data plane 2 is also compatible with the processing data packets acceleration mechanism of at least one of:DPDK
Frame, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
In some embodiments, bus includes at least one of:Configure bus, controlling bus, daily record bus, alarm
Bus.
In some embodiments, the model that processor uses has the 2000+ that soars of 64 processing cores.
In a specific embodiment, as shown in Fig. 2, 64 cores of 2000+ processors of soaring are divided into 16 work(
Energy core group 0-15, each function core group have 4 cores.Control plane operates in function core group 0, and function includes web administration, net
Network configuration management, remote management etc. are responsible for receiving management control flow, monitor the operation of fire wall, configure the function of fire wall,
Handle the information such as daily record, alarm.Data plane operates on function core group 1-15, is responsible for processing data packets.Data plane application
DPDK frames, using the transmitting-receiving pack mode of poll, without lock mechanism, zero duplication technology, big page memory techniques etc. to data pack receiving and transmitting
Accelerated.
Data plane 4 cores of each function core group are run according to assembly line, be each responsible for data packet receive and pretreatment,
Data packet stream recombinates and deep analysis, data packet Deep content detection, data packet are sent.Wherein, data packet is received and is pre-processed
The main reception for completing data packet and 3 layers and resolve packet process below, decide whether to enter according to analysis result
The data packet stream of next stage recombinates and deep analysis process flow, and otherwise the data packet is directly entered packet transmission flow journey,
It is forwarded processing;Data packet stream recombinates and deep analysis mainly completes the stream recombination of data packet, and carries out profound data
Parsing identifies application type, transfers to data packet Deep content detection flow to be further processed analysis result;Data packet is deep
Content detection is spent according to resolve packet as a result, firewall filtering is completed according to firewall policy and threat characteristics library, using knowledge
It does not filter, the work such as Deep content detection filtering enter next stage, otherwise discard processing by the data packet of detection;Data
Packet, which is sent, to be sent out by allocation of packets to the transmit queue of corresponding network interface card from network interface card hardware according to data packet by query result
It sees off, complete Message processing and discharges caching.
From above-described embodiment as can be seen that processor provided in an embodiment of the present invention, flat by using the control of processor
Surface treatment management controls flow, and data plane processing business flow is connected between control plane and data plane by bus
Technical solution can effectively guarantee network security.
Based on above-mentioned purpose, the second aspect of the embodiment of the present invention, it is proposed that a kind of data processing method.Data processing
Method has used processor above-mentioned.
From above-described embodiment as can be seen that data processing method provided in an embodiment of the present invention, by using processor
Control plane processing management control flow, data plane processing business flow pass through bus between control plane and data plane
The technical solution of connection can effectively guarantee network security.
Based on above-mentioned purpose, a kind of third aspect of the embodiment of the present invention, it is proposed that fire wall.Fire wall includes storage
Device, at least one processor and storage are on a memory and the computer program that can run on a processor, wherein processor
For processor above-mentioned, or method above-mentioned is executed when executing program.
As shown in figure 3, the hardware architecture diagram of one embodiment for fire wall provided by the invention.
Include a processor 301 and a memory in the fire wall by taking fire wall as shown in Figure 3 as an example
302, and can also include:Input unit 303 and output device 304.
Processor 301, memory 302, input unit 303 and output device 304 can pass through bus or other modes
It connects, in Fig. 3 for being connected by bus.
Memory 302 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey
Sequence, non-volatile computer executable program and module, such as the corresponding program instruction/mould of the processor in the embodiment of the present application
Block.Processor 301 is by running non-volatile software program, instruction and the module of storage in the memory 302, to execute
The processor of above method embodiment is realized in the various function application of server and data processing.
Memory 302 may include storing program area and storage data field, wherein storing program area can store operation system
System, the required application program of at least one function;Storage data field can be stored uses created data according to processor
Deng.In addition, memory 302 may include high-speed random access memory, can also include nonvolatile memory, for example, at least
One disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments, memory 302
Optional includes the memory remotely located relative to processor 301, these remote memories can pass through network connection to local
Module.The example of above-mentioned network includes but not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.
Input unit 303 can receive the number or character information of input, and generate with the user setting of processor and
The related key signals input of function control.Output device 304 may include that display screen etc. shows equipment.
Corresponding program instruction/the module of one or more of processors is stored in the memory 302, when by institute
When stating the execution of processor 301, the processor in above-mentioned any means embodiment is executed.
Any one embodiment of the computer equipment for executing processor can reach corresponding aforementioned arbitrary
The identical or similar effect of embodiment of the method.
Finally, it should be noted that one of ordinary skill in the art will appreciate that realizing the whole in above-described embodiment method
Or part flow, it can be completed by computer program to instruct related hardware, the program can be stored in a computer
In read/write memory medium, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described
Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory
(Random Access Memory, RAM) etc..The embodiment of the computer program can reach corresponding aforementioned
The identical or similar effect of embodiment of the method for anticipating.
In addition, typically, it can be various electric terminal equipments, example that the embodiment of the present invention, which discloses described device, equipment etc.,
Such as mobile phone, personal digital assistant (PDA), tablet computer (PAD), smart television, can also be large-scale terminal device, such as service
Device etc., therefore protection domain disclosed by the embodiments of the present invention should not limit as certain certain types of device, equipment.The present invention is real
Apply example disclose the client can be applied to the combining form of electronic hardware, computer software or both it is above-mentioned arbitrary
In a kind of electric terminal equipment.
In addition, disclosed method is also implemented as the computer program executed by CPU according to embodiments of the present invention, it should
Computer program can store in a computer-readable storage medium.When the computer program is executed by CPU, the present invention is executed
The above-mentioned function of being limited in method disclosed in embodiment.
In addition, above method step and system unit can also utilize controller and for storing so that controller is real
The computer readable storage medium of the computer program of existing above-mentioned steps or Elementary Function is realized.
In addition, it should be appreciated that computer readable storage medium (for example, memory) as described herein can be volatile
Property memory or nonvolatile memory, or may include both volatile memory and nonvolatile memory.As example
And not restrictive, nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable to son
ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory.Volatile memory may include arbitrary access
Memory (RAM), the RAM can serve as external cache.As an example and not restrictive, RAM can be with more
Kind form obtains, such as synchronous random access memory (DRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate SDRAM
(DDR SDRAM), enhancing SDRAM (ESDRAM), synchronization link DRAM (SLDRAM) and directly Rambus RAM (DRRAM).
The storage device of disclosed aspect is intended to the memory of including but not limited to these and other suitable type.
Those skilled in the art will also understand is that, various illustrative logical blocks, mould in conjunction with described in disclosure herein
Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate
This interchangeability of part and software, with regard to various exemplary components, square, module, circuit and step function to its into
General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application
To the design constraint of whole system.Those skilled in the art can in various ways realize described for each concrete application
Function, but this realization decision should not be interpreted as causing a departure from range disclosed by the embodiments of the present invention.
Various illustrative logical blocks, module and circuit in conjunction with described in disclosure herein can be utilized and be designed to
The following component of function described here is executed to realize or execute:General processor, digital signal processor (DSP), special collection
At circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, divide
Any combinations of vertical hardware component or these components.General processor can be microprocessor, but alternatively, processing
Device can be any conventional processors, controller, microcontroller or state machine.Processor can also be implemented as computing device
Combination, for example, the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessors combination DSP and/or any
Other this configurations.
The step of method in conjunction with described in disclosure herein or algorithm, can be directly contained in hardware, be held by processor
In capable software module or in combination of the two.Software module may reside within RAM memory, flash memory, ROM storages
Device, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art it is any its
In the storage medium of its form.Illustrative storage medium is coupled to processor so that processor can be from the storage medium
Information is written to the storage medium in middle reading information.In an alternative, the storage medium can be with processor collection
At together.Pocessor and storage media may reside in ASIC.ASIC may reside in user terminal.It is replaced at one
In scheme, pocessor and storage media can be used as discrete assembly resident in the user terminal.
In one or more exemplary designs, the function can be real in hardware, software, firmware or its arbitrary combination
It is existing.If realized in software, can be stored in using the function as one or more instruction or code computer-readable
It is transmitted on medium or by computer-readable medium.Computer-readable medium includes computer storage media and communication media,
The communication media includes any medium for helping computer program being transmitted to another position from a position.Storage medium
It can be any usable medium that can be accessed by a general purpose or special purpose computer.As an example and not restrictive, the computer
Readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc memory apparatus, disk storage equipment or other magnetic
Property storage device, or can be used for carry or storage form be instruct or data structure required program code and can
Any other medium accessed by general or specialized computer or general or specialized processor.In addition, any connection can
It is properly termed as computer-readable medium.For example, if using coaxial cable, optical fiber cable, twisted-pair feeder, digital subscriber line
(DSL) or such as wireless technology of infrared ray, radio and microwave to send software from website, server or other remote sources,
Then above-mentioned coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as wireless technology of infrared ray, radio and microwave are included in
The definition of medium.As used herein, disk and CD include compact disk (CD), laser disk, CD, digital versatile disc
(DVD), floppy disk, Blu-ray disc, wherein disk usually magnetically reproduce data, and CD using laser optics reproduce data.On
The combination for stating content should also be as being included in the range of computer-readable medium.
It is exemplary embodiment disclosed by the invention above, it should be noted that in the sheet limited without departing substantially from claim
Under the premise of inventive embodiments scope of disclosure, it may be many modifications and change.According to open embodiment described herein
The function of claim to a method, step and/or action be not required to execute with any particular order.In addition, although the present invention is implemented
Element can be described or be required in the form of individual disclosed in example, but be odd number unless explicitly limited, it is understood that be multiple.
It should be understood that it is used in the present context, unless context clearly supports exception, singulative " one
It is a " (" a ", " an ", " the ") be intended to also include plural form.It is to be further understood that "and/or" used herein is
Finger includes one or the arbitrary and all possible combinations of more than one project listed in association.
It is for illustration only that the embodiments of the present invention disclose embodiment sequence number, can not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
Those of ordinary skills in the art should understand that:The discussion of any of the above embodiment is exemplary only, not
It is intended to imply that range disclosed by the embodiments of the present invention (including claim) is limited to these examples;In the think of of the embodiment of the present invention
Under road, it can also be combined between the technical characteristic in above example or different embodiments, and exist as described above
Many other variations of the different aspect of the embodiment of the present invention, for simplicity, they are not provided in details.Therefore, all at this
Within the spirit and principle of inventive embodiments, any omission, modification, equivalent replacement, improvement for being made etc. should be included in this hair
Within the protection domain of bright embodiment.
Claims (10)
1. a kind of processor, which is characterized in that including:
Control plane manages various interfaces for providing;
Data plane is used for packet-switching and data dissection process;
Wherein, control plane processing management control flow, the data plane processing business flow, the control plane and
It is connected by bus between the data plane.
2. processor according to claim 1, which is characterized in that the control plane and the data plane are including extremely
A few core group, each core group include at least one processing core.
3. processor according to claim 2, which is characterized in that the control plane includes a core group, the institute
It includes four processing cores to state core group, and four processing cores are for handling at least one of:Web administration, network
Configuration management, remote management, SDN controls, intelligence learning, monitoring alarm, log audit, security hardening.
4. processor according to claim 2, which is characterized in that the data plane includes 15 core groups, each
The core group includes four processing cores, and four processing cores are respectively used to execute data packet:It receives and locates in advance
Reason, stream recombination and parsing, Deep content detection, transmission.
5. processor according to claim 4, which is characterized in that four processing cores in a pipeline fashion and ship
Row.
6. processor according to claim 4, which is characterized in that the data plane is also compatible with the number of at least one of
Acceleration mechanism is handled according to packet:DPDK frames, poll receive and dispatch pack mode, without lock mechanism, zero duplication technology, big page memory techniques.
7. processor according to claim 1, which is characterized in that the bus includes at least one of:Configuration bus,
Controlling bus, daily record bus, alarm bus.
8. processor according to claim 1, which is characterized in that the model that the processor uses has described in 64
The 2000+ that soars of processing core.
9. a kind of data processing method, which is characterized in that use processor as claimed in any one of claims 1 to 6.
10. a kind of fire wall, including memory, at least one processor and it is stored on the memory and can be at the place
The computer program run on reason device, which is characterized in that the processor is the place as described in any one of claim 1-8
Reason device or the processor execute method as claimed in claim 9 when executing described program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810987386.8A CN108769084B (en) | 2018-08-28 | 2018-08-28 | Processor and firewall |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810987386.8A CN108769084B (en) | 2018-08-28 | 2018-08-28 | Processor and firewall |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108769084A true CN108769084A (en) | 2018-11-06 |
CN108769084B CN108769084B (en) | 2020-12-15 |
Family
ID=63966612
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810987386.8A Active CN108769084B (en) | 2018-08-28 | 2018-08-28 | Processor and firewall |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108769084B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600852A (en) * | 2020-04-27 | 2020-08-28 | 中国舰船研究设计中心 | Firewall design method based on programmable data plane |
CN112637017A (en) * | 2020-12-25 | 2021-04-09 | 深圳市高德信通信股份有限公司 | Network data analysis method based on application layer data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1879388A (en) * | 2003-11-24 | 2006-12-13 | 思科技术公司 | Dual mode firewall |
CN101102200A (en) * | 2007-06-15 | 2008-01-09 | 中兴通讯股份有限公司 | Switcher firewall plug board |
CN101304322A (en) * | 2008-06-30 | 2008-11-12 | 杭州华三通信技术有限公司 | Network equipment and packet forwarding method |
CN202004785U (en) * | 2010-11-30 | 2011-10-05 | 汉柏科技有限公司 | Small-volume and high-processing capacity firewall system based on multi-core technology |
CN106789152A (en) * | 2016-11-17 | 2017-05-31 | 东软集团股份有限公司 | Processor extended method and device based on many queue network interface cards |
US20180084477A1 (en) * | 2014-10-13 | 2018-03-22 | At&T Intellectual Property I, L.P. | System and Methods for Managing a User Data Path |
-
2018
- 2018-08-28 CN CN201810987386.8A patent/CN108769084B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1879388A (en) * | 2003-11-24 | 2006-12-13 | 思科技术公司 | Dual mode firewall |
CN101102200A (en) * | 2007-06-15 | 2008-01-09 | 中兴通讯股份有限公司 | Switcher firewall plug board |
CN101304322A (en) * | 2008-06-30 | 2008-11-12 | 杭州华三通信技术有限公司 | Network equipment and packet forwarding method |
CN202004785U (en) * | 2010-11-30 | 2011-10-05 | 汉柏科技有限公司 | Small-volume and high-processing capacity firewall system based on multi-core technology |
US20180084477A1 (en) * | 2014-10-13 | 2018-03-22 | At&T Intellectual Property I, L.P. | System and Methods for Managing a User Data Path |
CN106789152A (en) * | 2016-11-17 | 2017-05-31 | 东软集团股份有限公司 | Processor extended method and device based on many queue network interface cards |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600852A (en) * | 2020-04-27 | 2020-08-28 | 中国舰船研究设计中心 | Firewall design method based on programmable data plane |
CN112637017A (en) * | 2020-12-25 | 2021-04-09 | 深圳市高德信通信股份有限公司 | Network data analysis method based on application layer data |
CN112637017B (en) * | 2020-12-25 | 2022-02-08 | 深圳市高德信通信股份有限公司 | Network data analysis method based on application layer data |
Also Published As
Publication number | Publication date |
---|---|
CN108769084B (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102246489B (en) | Systems and methods for connection management for asynchronous messaging over http | |
CN103765851B (en) | The system and method redirected for the transparent layer 2 to any service | |
EP3465987B1 (en) | Logging of traffic in a computer network | |
CN107079060A (en) | The system and method optimized for carrier-class NAT | |
CN104052789A (en) | Load balancing for a virtual networking system | |
CN103685304A (en) | Method and system for sharing session information | |
CN103503424A (en) | Systems and methods for implementing connection mirroring in a multi-core system | |
CN105306368B (en) | A kind of transmission method and device of data message | |
CN101563907B (en) | Methods and systems for recording and real-time playback and seeking of a presentation layer protocol data stream | |
CN103973704A (en) | Domain name resolution method, device and system based on WIFI device | |
CN102685101A (en) | Proxy communications on a social network | |
CN107247648A (en) | Method, the apparatus and system of remote items system supervisory are realized based on Docker | |
CN108769084A (en) | A kind of processor and fire wall | |
CN107800722A (en) | Isolate the method and device of industrial control equipment and external network server | |
CN113885797B (en) | Data storage method, device, equipment and storage medium | |
CN105812432A (en) | Cloud file processing method and device | |
CN116582365B (en) | Network traffic safety control method and device and computer equipment | |
CN110321199B (en) | Method and device for notifying common data change, electronic equipment and medium | |
CN106713462A (en) | Network data packet processing method and device | |
CN110413382A (en) | A kind of method, equipment and the readable medium of the resource dynamic adjustment of Docker container | |
US20140298325A1 (en) | Secure and reliable mechanism to provide a single object instance in a clustered system | |
CN107592340A (en) | The method and apparatus of remote operation management server | |
CN103279308B (en) | The caching method of remote application interface and device | |
CN109117221A (en) | Data sharing method, device, equipment and the storage medium of active window | |
CN112291210B (en) | Method and device for acquiring front-end equipment catalog |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |