CN108900544A - Active and standby fire wall setting method and device - Google Patents

Active and standby fire wall setting method and device Download PDF

Info

Publication number
CN108900544A
CN108900544A CN201810917323.5A CN201810917323A CN108900544A CN 108900544 A CN108900544 A CN 108900544A CN 201810917323 A CN201810917323 A CN 201810917323A CN 108900544 A CN108900544 A CN 108900544A
Authority
CN
China
Prior art keywords
firewall
functional area
weighted value
sum
area weighted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810917323.5A
Other languages
Chinese (zh)
Inventor
曾祥禄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuleng Technology Co Ltd
Original Assignee
Wuhan Sipuleng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuleng Technology Co Ltd filed Critical Wuhan Sipuleng Technology Co Ltd
Priority to CN201810917323.5A priority Critical patent/CN108900544A/en
Publication of CN108900544A publication Critical patent/CN108900544A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Hardware Redundancy (AREA)

Abstract

A kind of active and standby fire wall setting method and device.The method includes:Obtain the sum of the functional area weighted value of the first firewall;The first heartbeat message is received, the first heartbeat message is sent from the second firewall to the first firewall, and the first heartbeat message includes:The sum of functional area weighted value of second firewall;If the sum of functional area weighted value of the first firewall is greater than the sum of the functional area weighted value of the second firewall, master firewall is set by the first firewall;If the sum of functional area weighted value of the first firewall sets backup firewall for the first firewall less than the sum of the functional area weighted value of the second firewall.Scheme provided by the present application, the sum of the sum of functional area weighted value by comparing the first firewall and the functional area weighted value of the second firewall, it is able to carry out the setting of master firewall and backup firewall, to realize the automatic setting of active and standby firewall, without being manually arranged, operation is simplified, the working efficiency of firewall Dual-Computer Hot-Standby System is improved.

Description

Active and standby fire wall setting method and device
Technical field
This application involves field of communication technology, in particular to a kind of active and standby fire wall setting method and device.
Background technique
Firewall is a kind of equipment for ensuring information security, forms one of protective barrier between different networks, such as Between internal network and external network, to protect network from the intrusion of illegal user.
In the related art, firewall system generallys use Dual-Computer Hot-Standby System.In firewall Dual-Computer Hot-Standby System, if It sets there are two firewall, when a firewall is master firewall, another firewall is backup firewall, and master firewall and standby anti- Communication is attached by heartbeat between wall with flues.In normal work, message is handled by master firewall and carries out data and turned Hair, and backup firewall does not handle any message.When master firewall, which breaks down, to work, such as master firewall is delayed Machine, backup firewall do not receive the signal of the master firewall transmitted by heartbeat, then backup firewall is handled instead of master firewall Message simultaneously carries out data forwarding.Wherein, in firewall Dual-Computer Hot-Standby System, need to preselect setting master firewall and standby fire prevention Wall, and the process needs technical staff manually to distinguish setting.In addition, when master firewall restores and is able to carry out normal work After work, it is still necessary to handle message by master firewall and carry out data forwarding, at this time, it is also necessary to which technical staff sets manually again It sets, so that backup firewall stops processing message and forwarding data, and handles message and forwarding data by master firewall.
In existing firewall Dual-Computer Hot-Standby System, active and standby firewall is either preset, or is restored by main anti- Wall with flues processing message simultaneously forwards data, requires manually to be configured firewall by technical staff, cumbersome, causes to prevent fires Wall Dual-Computer Hot-Standby System working efficiency is low.
Summary of the invention
The application provides a kind of active and standby fire wall setting method and device, can be used for solving in the prior art because active and standby anti- Wall with flues needs technical staff to be configured manually, cumbersome, causes firewall Dual-Computer Hot-Standby System working efficiency is low to ask Topic.
In a first aspect, the application provides a kind of active and standby fire wall setting method, the method includes:
Obtain the sum of the functional area weighted value of the first firewall;
The first heartbeat message is received, first heartbeat message is sent from the second firewall to first firewall, institute Stating the first heartbeat message includes:The sum of the functional area weighted value of second firewall;
If the sum of functional area weighted value of first firewall be greater than second firewall functional area weighted value it With then set master firewall for first firewall;
If the sum of functional area weighted value of first firewall be less than second firewall functional area weighted value it With then set backup firewall for first firewall.
Optionally, the sum of the functional area weighted value for obtaining the first firewall, including:
Determine that functional area in the open state in first firewall, the functional area in the open state refer to The functional area for having communication capacity;
The weighted value of the functional area in normal condition is added, the functional area weight of first firewall is obtained The sum of value.
Optionally, after the sum of described functional area weighted value for obtaining the first firewall, further include:
The second heartbeat message is sent to second firewall, second heartbeat message includes:First firewall The sum of functional area weighted value.
Optionally, first heartbeat message further includes:The memory size of second firewall;
After the first heartbeat message of the reception, further include:
If the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it With, and the memory size of first firewall is greater than the content capacity of second firewall, then by first firewall It is set as the master firewall;
If the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it With, and the memory size of first firewall is less than the content capacity of second firewall, then by first firewall It is set as the backup firewall.
Optionally, first heartbeat message further includes:The priority number of second firewall;
After the first heartbeat message of the reception, further include:
If the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it It is equal to the content capacity of second firewall with the memory size of first firewall, and first firewall is excellent First series is greater than the priority number of second firewall, then sets the master firewall for first firewall;
If the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it It is equal to the content capacity of second firewall with the memory size of first firewall, and first firewall is excellent First series is less than the priority number of second firewall, then sets the backup firewall for first firewall.
Second aspect, the application provide a kind of active and standby firewall setting device, and described device includes:
Weight Acquisition module, the sum of the functional area weighted value for obtaining the first firewall;
Message receiving module, for receiving the first heartbeat message, first heartbeat message is from the second firewall to described First firewall is sent, and first heartbeat message includes:The sum of the functional area weighted value of second firewall;
Active and standby setup module is greater than second firewall for the sum of the functional area weighted value when first firewall The sum of functional area weighted value when, set master firewall for first firewall;
The active and standby setup module is also used to be less than described second when the sum of functional area weighted value of first firewall When the sum of functional area weighted value of firewall, backup firewall is set by first firewall.
Optionally, the Weight Acquisition module, including:
Status determining unit, for determining functional area in the open state in first firewall, described be in is opened The functional area for opening state refers to the functional area for having communication capacity;
Weight calculation unit obtains described first for the weighted value of the functional area in normal condition to be added The sum of functional area weighted value of firewall.
Optionally, described device further includes:
Message sending module, for sending the second heartbeat message, the second heartbeat message packet to second firewall It includes:The sum of the functional area weighted value of first firewall.
Optionally, first heartbeat message further includes:The memory size of second firewall;
The active and standby setup module, is also used to:
When the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it With, and the memory size of first firewall be greater than second firewall content capacity when, by first firewall It is set as the master firewall;
When the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it With, and the memory size of first firewall be less than second firewall content capacity when, by first firewall It is set as the backup firewall.
Optionally, first heartbeat message further includes:The priority number of second firewall;
The active and standby setup module, is also used to:
When the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it It is equal to the content capacity of second firewall with the memory size of first firewall, and first firewall is excellent When first series is greater than the priority number of second firewall, the master firewall is set by first firewall;
When the sum of functional area weighted value of first firewall be equal to second firewall functional area weighted value it It is equal to the content capacity of second firewall with the memory size of first firewall, and first firewall is excellent When first series is less than the priority number of second firewall, the backup firewall is set by first firewall.
In scheme provided by the present application, by comparing the sum of functional area weighted value of the first firewall and the second firewall The sum of functional area weighted value, is able to carry out the setting of master firewall and backup firewall, to realize setting automatically for active and standby firewall It sets, without being manually arranged, simplifies operation, improve the working efficiency of firewall Dual-Computer Hot-Standby System.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is a kind of schematic diagram of network architecture shown according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of active and standby fire wall setting method shown according to an exemplary embodiment;
Fig. 3 is a kind of flow chart of the active and standby fire wall setting method shown according to another exemplary embodiment;
Fig. 4 is a kind of flow chart of the active and standby fire wall setting method shown according to another exemplary embodiment;
Fig. 5 is a kind of block diagram of active and standby firewall setting device shown according to an exemplary embodiment;
Fig. 6 is a kind of block diagram of firewall Dual-Computer Hot-Standby System shown according to an exemplary embodiment.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in the embodiment of the present application, and keep the application real The above objects, features, and advantages for applying example can be more obvious and easy to understand, with reference to the accompanying drawing to the technology in the embodiment of the present application Scheme is described in further detail.
Before the technical solution explanation to the embodiment of the present application, first in conjunction with attached drawing to the network rack of the embodiment of the present application Structure is illustrated.Referring to FIG. 1, the schematic diagram for the network architecture being applicable in it illustrates the embodiment of the present application.
The network architecture may include:First firewall 101, the second firewall 102, interchanger 103 and core switch 104。
First firewall 101 and the second firewall 102 are guaranteed network security between internally positioned network and external network Equipment.Communication is attached by wire jumper of uniting as one between first firewall 101 and the second firewall 102.First firewall 101 and second firewall 102 be used to handle message in interchanger 103 and core switch 104 and forward data.
It should be noted that firewall Dual-Computer Hot-Standby System includes two firewalls, the first firewall 101 can be above-mentioned Any one firewall in two firewalls, then the second firewall 102 is another firewall except the first firewall 101.
Interchanger 103 is a kind of network equipment for signal forwarding.Interchanger 103 and the first firewall 101 and Two firewalls 102 are communicatively coupled, and the first firewall 101 and the second firewall 102 are connected by interchanger 103 To external network.
Core switch 104 is the interchanger positioned at core layer.Core switch 104 and the first firewall 101 and Two firewalls 102 are communicatively coupled, and the first firewall 101 and the second firewall 102 is enabled to pass through core switch 104 It is connected to internal network.
Referring to FIG. 2, the flow chart of the active and standby fire wall setting method provided it illustrates the application one embodiment.It should Method can be applied to the first firewall shown in Fig. 1.This method may include the following steps.
Step 201, the sum of the functional area weighted value of the first firewall is obtained.
Functional area refers to that the routing interface of firewall, firewall are attached with other equipment by functional area and are communicated.Its In, functional area includes functional area in the open state and the functional area being in close state.Functional area in the open state Refer to have the functional area of communication capacity, the functional area that can be communicated, for example, being connected with cable and assisting with other equipment The successful functional area of quotient.Correspondingly, the functional area being in close state refers to the functional area that can not be communicated, for example, not having The functional area of connected with network cable, alternatively, being connected with cable but negotiating the functional area of failure with other equipment.First firewall is stored with The weighted value of each functional area.Wherein, the weighted value of functional area can be pre-configured with based on practical experience by designer.
In a kind of possible embodiment, the weighted value of each functional area is identical.First firewall is being obtained from When the sum of functional area weighted value of body, functional area in the open state is first determined, then by functional area in the open state Weighted value is added, and obtains the sum of functional area weighted value of the first firewall.Illustratively, the weight of the functional area of the first firewall Value is 10.First firewall determines that functional area in the open state is respectively:Functional area A1, functional area B1, functional area C1, then The weighted value of three functional areas is added, obtaining the sum of functional area weighted value of the first firewall is 30.
In alternatively possible embodiment, the weighted value of functional area in different states is different.In opening state The weighted value of the functional area of state is above-mentioned preconfigured weighted value.The weighted value for the functional area being in close state is zero.The The weighted value of each functional area is added by one firewall when obtaining the sum of itself functional area weighted value, obtains functional area power The sum of weight values.
Step 202, the first heartbeat message is received.
It is connected between first firewall and the second firewall by heartbeat.First firewall is received by heartbeat by the The first heartbeat message that two firewalls are sent.It include the sum of the functional area weighted value of the second firewall in first heartbeat message.
Step 203, if the sum of functional area weighted value of the first firewall be greater than the second firewall functional area weighted value it With then set master firewall for the first firewall.
First firewall obtains the business of the second firewall in the first heartbeat message after receiving the first heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the second firewall. If the sum of functional area weighted value of the first firewall is greater than the sum of the functional area weighted value of the second firewall, by the first firewall It is set as master firewall.Itself is set master firewall by first firewall, to carry out Message processing and data forwarding.
The sum of functional area weighted value of firewall indicates firewall functional area quantity in the open state.Functional area power Weight values are bigger, and functional area quantity in the open state is more, and firewall carries out Message processing and the efficiency of data forwarding is also got over It is high;Functional area weighted value is smaller, and functional area quantity in the open state is fewer, and firewall carries out Message processing and data forwarding Efficiency it is also lower.
The sum of functional area weighted value of first firewall is greater than the sum of the functional area weighted value of the second firewall, indicates first Functional area in the open state is more in firewall.Partial service compared to the first firewall, in the second firewall It mouthful is in close state, such as the functional area that loosens of cable or the functional area for negotiating failure, leads to the second firewall processing report The efficiency of text and forwarding data is lower.Therefore, the first firewall itself will be set as master firewall, carry out Message processing and data Forwarding.
Step 204, if the sum of functional area weighted value of the first firewall less than the second firewall functional area weighted value it With then set backup firewall for the first firewall.
First firewall compares the big of the sum of the sum of own service mouth weighted value and the functional area weighted value of the second firewall It is small.If the sum of functional area weighted value of the first firewall is prevented less than the sum of the functional area weighted value of the second firewall by first Wall with flues is set as backup firewall.First firewall itself will be set as backup firewall, carry out Message processing and data forwarding.
The sum of functional area weighted value of first firewall indicates first less than the sum of the functional area weighted value of the second firewall Functional area quantity in the open state is less than functional area quantity in the open state in the second firewall in firewall.First The efficiency that firewall handles message and progress data forwarding handles message lower than the second firewall and carries out the efficiency of data forwarding. Therefore, the first firewall itself will be set as backup firewall, does not handle message and carries out data forwarding.
In scheme provided by the present application, the first heartbeat message sent by received second firewall, the first firewall Can according to the functional area weighted value of the second firewall in the sum of functional area weighted value of itself and the first heartbeat message it With judgement will be set as master firewall or backup firewall certainly, to realize the automatic setting of active and standby firewall, be not necessarily to artificial hand Dynamic setting, simplifies operation, improves the working efficiency of firewall Dual-Computer Hot-Standby System.
Referring to FIG. 3, the flow chart of the active and standby fire wall setting method provided it illustrates the application one embodiment.It should Method can be applied to the second firewall shown in Fig. 1.This method may include the following steps.
Step 301, the sum of the functional area weighted value of the second firewall is obtained.
Second firewall is stored with the weighted value of each functional area.Wherein, the weighted value of functional area can be by designer It is pre-configured with based on practical experience.When needing that active and standby firewall is arranged, the second firewall obtains the functional area weighted value of itself The sum of.
In a kind of possible embodiment, the weighted value of each functional area is identical.Second firewall is being obtained from When the sum of body functional area weighted value, functional area in the open state is first determined, then by the power of functional area in the open state Weight values are added, and obtain the sum of functional area weighted value of the second firewall.Illustratively, the weighted value of the functional area of the second firewall It is 10.Second firewall determines that functional area in the open state is respectively:Functional area A2, functional area B2, functional area C2 then will The weighted value of three functional areas is added, and obtaining the sum of functional area weighted value of the second firewall is 30.
In alternatively possible embodiment, the weighted value of functional area in different states is different.In opening state The weighted value of the functional area of state is above-mentioned preconfigured weighted value, and the weighted value for the functional area being in close state is zero. The weighted value of each functional area is added when obtaining the sum of itself functional area weighted value, obtains functional area by the second firewall The sum of weighted value.
Step 302, the second heartbeat message is received.
It is connected between first firewall and the second firewall by heartbeat.Second firewall is received by heartbeat by the The second heartbeat message that one firewall is sent.It include the sum of the functional area weighted value of the first firewall in second heartbeat message.
Step 303, if the sum of functional area weighted value of the first firewall less than the second firewall functional area weighted value it With then set master firewall for the second firewall.
Second firewall obtains the business of the first firewall in the second heartbeat message after receiving the second heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the first firewall. If the sum of functional area weighted value of the first firewall is less than the sum of the functional area weighted value of the second firewall, by the second firewall It is set as master firewall.Itself is set master firewall by second firewall, to carry out Message processing and data forwarding.
Step 304, if the sum of functional area weighted value of the first firewall be greater than the second firewall functional area weighted value it With then set backup firewall for the second firewall.
Second firewall compares the big of the sum of the sum of own service mouth weighted value and the functional area weighted value of the first firewall It is small.If the sum of functional area weighted value of the first firewall is greater than the sum of the functional area weighted value of the second firewall, second is prevented Wall with flues is set as backup firewall.Second firewall itself will be set as backup firewall, does not reprocess message and carries out data forwarding.
In scheme provided by the present application, the second heartbeat message sent by received first firewall, the second firewall Can according to the functional area weighted value of the first firewall in the sum of functional area weighted value of itself and the second heartbeat message it With judgement will be set as master firewall or backup firewall certainly, to realize the automatic setting of active and standby firewall, be not necessarily to artificial hand Dynamic setting, simplifies operation, improves the working efficiency of firewall Dual-Computer Hot-Standby System.
Referring to FIG. 4, the flow chart of the active and standby fire wall setting method provided it illustrates the application one embodiment.It should Method can be applied to network structure shown in Fig. 1.This method may include the following steps.
Step 401, the first firewall obtains the sum of functional area weighted value of itself.
Above-mentioned steps 401 are identical as the content of the step 201 in embodiment illustrated in fig. 2, and details can refer in Fig. 2 embodiment Introduction, the embodiment of the present application no longer repeats this.
Step 402, the second firewall obtains the sum of functional area weighted value of itself.
Above-mentioned steps 402 are identical as the content of the step 301 in embodiment illustrated in fig. 3, and details can refer in Fig. 3 embodiment Introduction, the embodiment of the present application no longer repeats this.
It should be noted that above-mentioned steps 401 and step 402 may be performed simultaneously, can also successively it execute, the application is real Example is applied not limit this.
Step 403, the first firewall sends the second heartbeat message to the second firewall.
First firewall sends the second heartbeat message to the second firewall by heartbeat.Second heartbeat message includes: The sum of functional area weighted value of first firewall.The sum of the functional area weighted value that first firewall will acquire is sent to the second fire prevention Wall, so that the second firewall in the next steps being capable of industry according to the sum of functional area weighted value of the first firewall with itself The sum of business mouth weighted value carries out the setting of active and standby firewall.
Optionally, the second heartbeat message further includes:The priority number of the memory size of first firewall and the first firewall. Wherein, the priority number of the first firewall can be preset based on practical experience.
Optionally, when the first firewall breaks down, such as delay machine occurs, the first firewall is without the second firewall of normal direction Send the second heartbeat message.Second firewall does not receive the second heartbeat message, then the second firewall itself will be arranged based on prevent Wall with flues carries out Message processing and data forwarding.
Step 404, the second firewall sends the first heartbeat message to the first firewall.
Second firewall sends the first heartbeat message to the first firewall by heartbeat.First heartbeat message includes: The sum of functional area weighted value of first firewall.The sum of the functional area weighted value that second firewall will acquire is sent to the first fire prevention Wall, so that the first firewall in the next steps being capable of industry according to the sum of functional area weighted value of itself with the second firewall The sum of business mouth weighted value carries out the setting of active and standby firewall.
Optionally, the first heartbeat message further includes:The priority number of the memory size of second firewall and the second firewall. Wherein, the priority number of the second firewall can be preset based on practical experience.
Optionally, when the second firewall breaks down, such as delay machine occurs, the second firewall is without the first firewall of normal direction Send the first heartbeat message.First firewall does not receive the first heartbeat message, then the first firewall itself will be arranged based on prevent Wall with flues carries out Message processing and data forwarding.
It should be noted that above-mentioned steps 403 and step 404 may be performed simultaneously, can also successively it execute, the application is real Example is applied not limit this.
Step 405, if the sum of functional area weighted value of the first firewall be greater than the second firewall functional area weighted value it With then itself is set master firewall by the first firewall.
First firewall obtains the business of the second firewall in the first heartbeat message after receiving the first heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the second firewall. If the sum of functional area weighted value of the first firewall is greater than the sum of the functional area weighted value of the second firewall, the first firewall will It itself is set as master firewall, carries out Message processing and data forwarding.
Step 406, if the sum of functional area weighted value of the first firewall be greater than the second firewall functional area weighted value it With then itself is set backup firewall by the second firewall.
Second firewall obtains the business of the first firewall in the second heartbeat message after receiving the second heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the first firewall. If the sum of functional area weighted value of the first firewall is greater than the sum of the functional area weighted value of the second firewall, the second firewall will Itself is set as backup firewall.
It should be noted that above-mentioned steps 405 are performed simultaneously with step 406, i.e., when the functional area weight of the first firewall When the sum of value is greater than the sum of the functional area weighted value of the second firewall, the first firewall itself will be set as master firewall, and Itself is set backup firewall by second firewall.Message processing and data forwarding are carried out by the first firewall.
Step 407, if the sum of functional area weighted value of the first firewall less than the second firewall functional area weighted value it With then itself is set backup firewall by the first firewall.
First firewall obtains the business of the second firewall in the first heartbeat message after receiving the first heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the second firewall. If the sum of functional area weighted value of the first firewall, less than the sum of the functional area weighted value of the second firewall, the first firewall will Itself is set as backup firewall.
Step 408, if the sum of functional area weighted value of the first firewall less than the second firewall functional area weighted value it With then itself is set master firewall by the second firewall.
Second firewall obtains the business of the first firewall in the second heartbeat message after receiving the second heartbeat message The sum of mouth weighted value, and compare the size of the sum of the sum of own service mouth weighted value and the functional area weighted value of the first firewall. If the sum of functional area weighted value of the first firewall, less than the sum of the functional area weighted value of the second firewall, the second firewall will It itself is set as master firewall, carries out Message processing and data forwarding.
It should be noted that above-mentioned steps 407 are performed simultaneously with step 408, i.e., when the functional area weight of the first firewall Value the sum of less than the second firewall the sum of functional area weighted value when, the first firewall itself will be set as backup firewall, and Itself is set master firewall by second firewall.Message processing and data forwarding are carried out by the second firewall.
In a kind of possible embodiment, the first heartbeat message further includes:The memory size of second firewall.Second heart Jumping message further includes:The memory size of first firewall.When the sum of functional area weighted value of the first firewall is equal to the second fire prevention When the sum of functional area weighted value of wall, if the memory size of the first firewall be greater than the second firewall content capacity, first Firewall itself will be set as master firewall, itself is set backup firewall by the second firewall;If the memory of the first firewall Capacity is less than the content capacity of the second firewall, then the first firewall itself will be set as backup firewall, and the second firewall will be certainly Body is set as master firewall.
In alternatively possible embodiment, the first heartbeat message further includes:The memory size of second firewall and The priority number of two firewalls.Second heartbeat message further includes:The memory size of first firewall and the first firewall it is preferential Series.Wherein, the priority number of the priority number of the first firewall and the second firewall can be preset based on practical experience, And the priority number of the priority number of the first firewall and the second firewall is different.When the functional area weighted value of the first firewall The sum of be equal to the second firewall the sum of functional area weighted value, and the memory size of the first firewall be greater than the second firewall it is interior When holding capacity, if the priority number of the first firewall is greater than the priority number of the second firewall, the first firewall sets itself It is set to master firewall, itself is set backup firewall by the second firewall;If the priority number of the first firewall is anti-less than second The priority number of wall with flues, then the first firewall itself will be set as backup firewall, the second firewall itself will be arranged based on prevent fires Wall.
Optionally, after active and standby firewall is provided with, every to pass through preset duration, the first firewall and the second firewall are again It is secondary to be executed since above-mentioned steps 401 and step 402, i.e., the setting of active and standby firewall is carried out again.So that working as main fire prevention When the functional area of wall is broken down, active and standby firewall can switch in time, ensure that the work of firewall Dual-Computer Hot-Standby System It is unaffected to make efficiency.Wherein, preset duration can be set based on practical experience.For example, preset duration is 5 seconds, then first is anti- Wall with flues and the second firewall carried out the setting of primary active and standby firewall every 5 seconds.
Illustratively, the first firewall is master firewall, and the second firewall is backup firewall.First firewall and second is prevented The every setting that primary active and standby firewall is carried out by preset duration of wall with flues.When the partial service mouth of the first firewall breaks down, Such as the cable of functional area loosens, and the sum of functional area weighted value of the first firewall is caused to be weighed less than the functional area of the second firewall When the sum of weight values, i.e., the efficiency of the first firewall Message processing and data forwarding turns lower than the second firewall Message processing and data The efficiency of hair.First firewall and the second firewall carry out the setting of active and standby firewall according to the sum of functional area weighted value, can incite somebody to action First firewall is set as backup firewall, and sets master firewall for the second firewall, so that more efficient second be prevented Wall with flues ensure that the working efficiency of firewall Dual-Computer Hot-Standby System is unaffected as master firewall.
After backup firewall replaces it to carry out Message processing and data forwarding because of master firewall failure, if the event of master firewall Barrier has been repaired, and by comparing the sum of functional area weighted value, master firewall can re-start Message processing and data forwarding, and standby Firewall no longer carries out Message processing and data forwarding, thus the automatic switchover for the active and standby firewall realized, without manually Setting, improves the working efficiency of firewall Dual-Computer Hot-Standby System.
Illustratively, the first firewall is master firewall, and the second firewall is backup firewall, the functional area of the first firewall The sum of weighted value is greater than the sum of the functional area weighted value of the second firewall.When the first firewall breaks down, the second firewall The second heartbeat message for not receiving the transmission of the first firewall itself will then be set as master firewall, carry out Message processing sum number According to forwarding.After the first firewall restores, the first firewall and the second firewall can be communicated again.First firewall and Second firewall carries out the setting of active and standby firewall according to the sum of functional area weighted value.Due to the functional area weight of the first firewall The sum of value is greater than the sum of the functional area weighted value of the second firewall, and the first firewall becomes master firewall again, and second prevents fires Wall is backup firewall.
It is anti-with second by comparing the sum of functional area weighted value of the first firewall in scheme provided by the embodiments of the present application The sum of functional area weighted value of wall with flues, the first firewall and the second firewall are able to carry out setting for master firewall and backup firewall It sets, to realize the automatic setting of active and standby firewall, without being manually arranged, simplifies operation, improve firewall two-shipper The working efficiency of hot-backup system.
Following is the application Installation practice, can be used for executing the application embodiment of the method.It is real for the application device Undisclosed details in example is applied, the application embodiment of the method is please referred to.
Fig. 5 is a kind of block diagram of active and standby firewall setting device shown according to an exemplary embodiment.The device has Realize that the above-mentioned exemplary function of Fig. 2 method, the function it is real can also to be executed corresponding software by hardware realization by hardware It is existing.The apparatus may include:Weight Acquisition module 501, message receiving module 502 and active and standby setup module 503.
Weight Acquisition module 501, the sum of the functional area weighted value for obtaining the first firewall;
Message receiving module 502, for receiving the first heartbeat message, first heartbeat message is from the second firewall to institute The transmission of the first firewall is stated, first heartbeat message includes:The sum of the functional area weighted value of second firewall;
Active and standby setup module 503, is used for:Prevent when the sum of functional area weighted value of first firewall is greater than described second When the sum of functional area weighted value of wall with flues, master firewall is set by first firewall;When the industry of first firewall When the sum of business mouth weighted value is less than the sum of the functional area weighted value of second firewall, set standby for first firewall Firewall.
Device provided by the embodiments of the present application, the first heartbeat message sent by received second firewall, first is anti- Wall with flues can be according to the functional area weight of the second firewall in the sum of functional area weighted value of itself and the first heartbeat message The sum of value, judgement will be set as master firewall or backup firewall certainly, to realize the automatic setting of active and standby firewall, be not necessarily to people Work manual setting simplifies operation, improves the working efficiency of firewall Dual-Computer Hot-Standby System.
Optionally, Weight Acquisition module 501 includes:Status determining unit and weight calculation unit;
The status determining unit, for determining functional area in the open state in first firewall, the place Refer to have the functional area of communication capacity in the functional area of open state;
The weight calculation unit obtains described for the weighted value of the functional area in normal condition to be added The sum of functional area weighted value of first firewall.
Optionally, described device further includes:Message sending module;
The message sending module, for sending the second heartbeat message, the second heartbeat report to second firewall Text includes:The sum of the functional area weighted value of first firewall.
Optionally, first heartbeat message further includes:The memory size of second firewall;
The active and standby setup module 503, is also used to:Described in being equal to when the sum of functional area weighted value of first firewall The sum of functional area weighted value of second firewall, and the memory size of first firewall is greater than the interior of second firewall When holding capacity, the master firewall is set by first firewall;When first firewall functional area weighted value it Be equal to second firewall the sum of functional area weighted value, and the memory size of first firewall be less than described second When the content capacity of firewall, the backup firewall is set by first firewall.
Optionally, first heartbeat message further includes:The priority number of second firewall;
The active and standby setup module 503, is also used to:Described in being equal to when the sum of functional area weighted value of first firewall The sum of functional area weighted value of second firewall, first firewall memory size be equal to second firewall content Capacity, and the priority number of first firewall be greater than second firewall priority number when, described first is prevented fires Wall is set as the master firewall;When the sum of functional area weighted value of first firewall is equal to the industry of second firewall Be engaged in the sum of mouth weighted value, first firewall memory size be equal to the content capacity of second firewall, and described the When the priority number of one firewall is less than the priority number of second firewall, set described standby for first firewall Firewall.
Fig. 6 is a kind of block diagram of firewall Dual-Computer Hot-Standby System shown according to an exemplary embodiment.The firewall is double Machine hot-backup system 601 includes:First firewall 101 and the second firewall 102.Firewall Dual-Computer Hot-Standby System 601 includes two Firewall, the first firewall 101 can be any one firewall in above-mentioned two firewall, then the second firewall 102 is Another firewall except first firewall 101.Wherein, the first firewall 101 can be used for realizing such as the exemplary function of Fig. 2 method Can, and the second firewall 102 can be used for realizing such as the exemplary function of Fig. 3 method.
It is anti-with second by comparing the sum of functional area weighted value of the first firewall in scheme provided by the embodiments of the present application The sum of functional area weighted value of wall with flues, the first firewall and the second firewall in firewall Dual-Computer Hot-Standby System are able to carry out master The setting of firewall and backup firewall, without being manually arranged, simplifies behaviour to realize the automatic setting of active and standby firewall Make, improves the working efficiency of firewall Dual-Computer Hot-Standby System.
In the specific implementation, the application also provides a kind of computer storage medium, wherein the computer storage medium can store There is program, which may include the part or complete in each embodiment of active and standby fire wall setting method provided by the present application when executing Portion's step.The storage medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random Storage memory (Random Access Memory, RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present application can add by software The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present application substantially or Say that the part that contributes to existing technology can be embodied in the form of software products, which can deposit Storage is in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that computer equipment (can be with It is personal computer, server or the network equipment etc.) execute certain part institutes of each embodiment of the application or embodiment The method stated.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure Its embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following Claim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.

Claims (10)

1. a kind of active and standby fire wall setting method, which is characterized in that the method includes:
Obtain the sum of the functional area weighted value of the first firewall;
The first heartbeat message is received, first heartbeat message is sent from the second firewall to first firewall, and described One heartbeat message includes:The sum of the functional area weighted value of second firewall;
If the sum of functional area weighted value of first firewall is greater than the sum of the functional area weighted value of second firewall, Master firewall is set by first firewall;
If the sum of functional area weighted value of first firewall is less than the sum of the functional area weighted value of second firewall, Backup firewall is set by first firewall.
2. the method according to claim 1, wherein it is described obtain the first firewall functional area weighted value it With, including:
Determine that functional area in the open state in first firewall, the functional area in the open state refer to have The functional area of communication capacity;
The weighted value of the functional area in normal condition is added, obtain first firewall functional area weighted value it With.
3. the method according to claim 1, wherein the sum of the functional area weighted value for obtaining the first firewall Later, further include:
The second heartbeat message is sent to second firewall, second heartbeat message includes:The industry of first firewall The sum of business mouth weighted value.
4. method according to any one of claims 1 to 3, which is characterized in that first heartbeat message further includes:It is described The memory size of second firewall;
After the first heartbeat message of the reception, further include:
If the sum of functional area weighted value of first firewall is equal to the sum of the functional area weighted value of second firewall, and The memory size of first firewall is greater than the content capacity of second firewall, then sets first firewall to The master firewall;
If the sum of functional area weighted value of first firewall is equal to the sum of the functional area weighted value of second firewall, and The memory size of first firewall is less than the content capacity of second firewall, then sets first firewall to The backup firewall.
5. according to the method described in claim 4, it is characterized in that, first heartbeat message further includes:Second fire prevention The priority number of wall;
After the first heartbeat message of the reception, further include:
If the sum of functional area weighted value of first firewall is equal to the sum of functional area weighted value of second firewall, institute The memory size for stating the first firewall is equal to the content capacity of second firewall, and the priority number of first firewall Greater than the priority number of second firewall, then the master firewall is set by first firewall;
If the sum of functional area weighted value of first firewall is equal to the sum of functional area weighted value of second firewall, institute The memory size for stating the first firewall is equal to the content capacity of second firewall, and the priority number of first firewall Less than the priority number of second firewall, then the backup firewall is set by first firewall.
6. device is arranged in a kind of active and standby firewall, which is characterized in that described device includes:
Weight Acquisition module, the sum of the functional area weighted value for obtaining the first firewall;
Message receiving module, for receiving the first heartbeat message, first heartbeat message is from the second firewall to described first Firewall is sent, and first heartbeat message includes:The sum of the functional area weighted value of second firewall;
Active and standby setup module is greater than the industry of second firewall for the sum of the functional area weighted value when first firewall When the sum of business mouth weighted value, master firewall is set by first firewall;
The active and standby setup module is also used to be less than second fire prevention when the sum of functional area weighted value of first firewall When the sum of functional area weighted value of wall, backup firewall is set by first firewall.
7. device according to claim 6, which is characterized in that the Weight Acquisition module, including:
Status determining unit, it is described to be in opening state for determining functional area in the open state in first firewall The functional area of state refers to the functional area for having communication capacity;
Weight calculation unit obtains first fire prevention for the weighted value of the functional area in normal condition to be added The sum of functional area weighted value of wall.
8. device according to claim 6, which is characterized in that described device further includes:
Message sending module, for sending the second heartbeat message to second firewall, second heartbeat message includes:Institute State the sum of the functional area weighted value of the first firewall.
9. according to the described in any item devices of claim 6 to 8, which is characterized in that first heartbeat message further includes:It is described The memory size of second firewall;
The active and standby setup module, is also used to:
When functional area weighted value the sum of of the sum of the functional area weighted value of first firewall equal to second firewall, and When the memory size of first firewall is greater than the content capacity of second firewall, set first firewall to The master firewall;
When functional area weighted value the sum of of the sum of the functional area weighted value of first firewall equal to second firewall, and When the memory size of first firewall is less than the content capacity of second firewall, set first firewall to The backup firewall.
10. device according to claim 9, which is characterized in that first heartbeat message further includes:Second fire prevention The priority number of wall;
The active and standby setup module, is also used to:
When the sum of functional area weighted value of first firewall is equal to the sum of functional area weighted value of second firewall, institute The memory size for stating the first firewall is equal to the content capacity of second firewall, and the priority number of first firewall Greater than second firewall priority number when, set the master firewall for first firewall;
When the sum of functional area weighted value of first firewall is equal to the sum of functional area weighted value of second firewall, institute The memory size for stating the first firewall is equal to the content capacity of second firewall, and the priority number of first firewall Less than second firewall priority number when, set the backup firewall for first firewall.
CN201810917323.5A 2018-08-13 2018-08-13 Active and standby fire wall setting method and device Pending CN108900544A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810917323.5A CN108900544A (en) 2018-08-13 2018-08-13 Active and standby fire wall setting method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810917323.5A CN108900544A (en) 2018-08-13 2018-08-13 Active and standby fire wall setting method and device

Publications (1)

Publication Number Publication Date
CN108900544A true CN108900544A (en) 2018-11-27

Family

ID=64354344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810917323.5A Pending CN108900544A (en) 2018-08-13 2018-08-13 Active and standby fire wall setting method and device

Country Status (1)

Country Link
CN (1) CN108900544A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505220A (en) * 2019-08-12 2019-11-26 北京威努特技术有限公司 Support the method, apparatus and communication terminal of the two-node cluster hot backup of OPC protocol realization
CN111130914A (en) * 2020-02-27 2020-05-08 紫光云技术有限公司 Hot standby method for dual computers of firewall system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035683A (en) * 2010-12-20 2011-04-27 新邮通信设备有限公司 Control method and system for switching of main board and standby board
US8051218B2 (en) * 2009-04-29 2011-11-01 Sharp Laboratories Of America, Inc. Methods and systems for outlying peripheral device management
CN103227725A (en) * 2012-03-30 2013-07-31 杭州华三通信技术有限公司 Method and device for dual-server backup of firewall
CN103944749A (en) * 2014-02-28 2014-07-23 汉柏科技有限公司 Double-computer hot standby method and system based on heartbeats
CN104618148A (en) * 2015-01-07 2015-05-13 杭州华三通信技术有限公司 Firewall device and backup method thereof
US9075928B2 (en) * 2012-10-24 2015-07-07 Texas Instruments Incorporated Hazard detection and elimination for coherent endpoint allowing out-of-order execution
CN105516292A (en) * 2015-12-03 2016-04-20 国家电网公司 Hot standby method of cloud platform of intelligent substation

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8051218B2 (en) * 2009-04-29 2011-11-01 Sharp Laboratories Of America, Inc. Methods and systems for outlying peripheral device management
CN102035683A (en) * 2010-12-20 2011-04-27 新邮通信设备有限公司 Control method and system for switching of main board and standby board
CN103227725A (en) * 2012-03-30 2013-07-31 杭州华三通信技术有限公司 Method and device for dual-server backup of firewall
US9075928B2 (en) * 2012-10-24 2015-07-07 Texas Instruments Incorporated Hazard detection and elimination for coherent endpoint allowing out-of-order execution
CN103944749A (en) * 2014-02-28 2014-07-23 汉柏科技有限公司 Double-computer hot standby method and system based on heartbeats
CN104618148A (en) * 2015-01-07 2015-05-13 杭州华三通信技术有限公司 Firewall device and backup method thereof
CN105516292A (en) * 2015-12-03 2016-04-20 国家电网公司 Hot standby method of cloud platform of intelligent substation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505220A (en) * 2019-08-12 2019-11-26 北京威努特技术有限公司 Support the method, apparatus and communication terminal of the two-node cluster hot backup of OPC protocol realization
CN111130914A (en) * 2020-02-27 2020-05-08 紫光云技术有限公司 Hot standby method for dual computers of firewall system

Similar Documents

Publication Publication Date Title
CN101369996B (en) Gateway device
CN104410526B (en) A kind of calling-control method, Diameter forwarding unit and system
CN107147562B (en) Message treatment method and device
JPH0457428A (en) Network path setting system
CN104486128B (en) A kind of system and method for realizing redundancy heartbeat between dual controller node
CN107995304A (en) A kind of session keeping method and device based on cookie
CN105516640B (en) A kind of detection method and system of video communication session exception
CN108900544A (en) Active and standby fire wall setting method and device
JP2007042070A (en) System server for data processing with multiple clients and data processing method
CN104270339A (en) Reconnection method, equipment and system for TCP (Transmission Control Protocol) connection
CN104283780A (en) Method and device for establishing data transmission route
CN108023968A (en) A kind of session information synchronous method, device and equipment
CN108833164A (en) Server control method, device, electronic equipment and storage medium
US20130090760A1 (en) Apparatus and method for managing robot components
CN106603480B (en) The transmission method and device of files in stream media
CN107835518A (en) Selectivity connection and control method, mobile terminal and the storage medium of search bluetooth
CN109688011A (en) A kind of agent selection method and device based on OpenStack
CN106330571B (en) A kind of fault handling method and device
CN109379205A (en) A kind for the treatment of method and apparatus of meeting delay
CN109447750A (en) A kind of server, order processing method and system
CN106411917B (en) A kind of method and relevant device of file transmission detection
CN106095516A (en) A kind of data processing method and electronic equipment
CN103401779A (en) Message forwarding path switching method, device and network equipment
CN104123261B (en) A kind of electronic equipment and information transferring method
CN107948122A (en) Isolating device traversing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181127

RJ01 Rejection of invention patent application after publication