CN110445724B - SPAN capable of customizing application data stream and load balancing system and method thereof - Google Patents
SPAN capable of customizing application data stream and load balancing system and method thereof Download PDFInfo
- Publication number
- CN110445724B CN110445724B CN201810420673.0A CN201810420673A CN110445724B CN 110445724 B CN110445724 B CN 110445724B CN 201810420673 A CN201810420673 A CN 201810420673A CN 110445724 B CN110445724 B CN 110445724B
- Authority
- CN
- China
- Prior art keywords
- application data
- module
- data stream
- network monitoring
- span
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/208—Port mirroring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
The invention relates to a SPAN capable of customizing application data stream and a load balancing system and a method thereof, which are composed of a client, a SPAN module, a configuration module and other corresponding connection servers and network monitoring equipment; wherein a conditional filtering module is inserted between the conventional filtering module and the data structure module, and the output of the conditional filtering module is used for sending the copy of the application data stream of the customized monitoring to the network monitoring equipment through the sending module; the configuration module is internally provided with a customized condition module to form a customized condition and configuration module; and the application data stream sending module is used for sending the application data stream and the copy thereof meeting the customization conditions. The invention can select monitoring, greatly improves monitoring efficiency, supports load balance of a plurality of network monitoring devices and reduces the influence on normal application data flow of the original port to the minimum.
Description
Technical Field
The invention relates to the field of network application data stream delivery control, in particular to a SPAN capable of customizing an application data stream and a load balancing system and method thereof.
Background
The role of a Switch Port Analyzer (SPAN) is mainly to provide application data flow to a certain network Analyzer. SPAN is typically used to send a copy of application data packets seen on one port to a network monitoring device on another port on a two-layer network device. This is typically used for intrusion detection systems that require monitoring of network traffic, such as for supporting application data flow program performance management, passive probing or actual user monitoring techniques, etc.
The alias of the switch port analyzer is called a port Mirroring (port Mirroring), and the function of the switch port analyzer is to forward data traffic of one or more source ports to a certain designated port on a switch or a router to realize monitoring on a network, and the designated port may be referred to as a "SPAN port" or a "Mirroring port". Under the condition of not seriously influencing the normal throughput of the source port, the monitoring and analysis of the network flow can be carried out through the mirror image port. The mirror image function is used in the enterprise, so that the application data flow in the enterprise can be well monitored and managed, and when the network fails, the failure can be quickly positioned.
Fig. 1 is a block diagram of a SPAN system in the prior art, in which an application data stream is sent to a network monitoring device through a switch and a SPAN port, and the monitored application data stream and its copy are provided internally by the switch. When the switch needs to have SPAN characteristics, such as artificially copying the unicast packets of client a to the sniffer port, in this relationship diagram, the sniffer is connected to a port configured to receive a copy of each packet sent by client a. This port is called a SPAN port. In the SPAN system in the prior art, an application data stream receiving module, a conventional filtering module and a sending module are installed inside a switch, wherein the conventional filtering module forwards all application data stream copies, and the conventional filtering module realizes the SPAN system operation by receiving the services of a configuration module, a data structure module and a display module.
The existing SPAN technology has the following problems: 1. the monitoring of the client application data flow is complete and can not be selected or customized, namely, the system forwards all flow copies and sends the flow copies to the monitoring equipment no matter whether the application data flow needs to be monitored or not, when the direction of the application data flow needing to be monitored is not single, the filtering workload is multiplied, thus not only causing burden to network bandwidth resources, but also bringing unnecessary working pressure to the network monitoring work, and causing low working efficiency; 2. the prior art only supports two-layer deployment of network monitoring equipment, that is, the whole application data stream interaction is completed in two layers of OSI (Open System Interconnection Open communication System) 7 layer protocol, and can only be used on two-layer network equipment, but does not support three-layer deployment, mainly because three-layer deployment SPAN requires IP address configuration to complete the whole data stream interaction in three layers of OSI7 layer protocol, which is not favorable for flexible configuration of network System equipment, and is difficult to realize load balance of application data stream duplicate transmission and network monitoring equipment selection.
Disclosure of Invention
In order to overcome the problems in the prior art, a first objective of the present invention is to provide a SPAN system and method capable of customizing an application data stream, so as to reduce the workload of filtering the application data stream and improve the network monitoring timeliness and network monitoring performance.
The second objective of the present invention is to provide a load balancing system based on a customized application data stream SPAN system, so that the SPAN system not only supports network two-layer deployment, but also conveniently supports network three-layer deployment, and is used to implement forwarding of a copy of a customized application data stream according to the configuration of a configuration module:
1) The application data streams to be monitored are transmitted to the network monitoring device in a balanced manner,
2) The application data stream DUP to be monitored is directed to all network monitoring devices.
In order to realize the purpose of the invention, the invention adopts the following technical scheme:
a SPAN system capable of customizing application data stream is composed of a client, a SPAN module, a corresponding connection server and a network monitoring device; the SPAN module comprises an application data stream receiving module, an application data stream duplicate sending module, a conventional filtering module, a data structure module, a configuration module and a display module, wherein:
inserting a conditional filtering module between a conventional filtering module and a data structure module, wherein the output of the conditional filtering module is used for sending a copy of the customized monitored application data stream to the network monitoring equipment through a sending module;
the configuration module is internally provided with a customization condition module to form a customization condition and configuration module;
the application data stream sending module: the method is used for realizing the transmission of the application data stream and the copy thereof meeting the customization conditions.
The customization condition and configuration module is used for setting and filtering the application data flow meeting the direction condition.
The customization condition and configuration module sets the application data flow meeting the quintuple filtering condition.
A load balancing system of SPAN system capable of customizing application data stream is formed by connecting the SPAN system capable of customizing application data stream and load balancing equipment, wherein
The application data flow sending module comprises an application data flow message algorithm and a configuration identification module, and when the message algorithm is configured to LB, the application data flow copies are sent to a plurality of network monitoring devices in a balanced manner; when the message algorithm is configured as a DUP, a copy of the application data stream is sent to all network monitoring devices.
The client is a client set consisting of a plurality of application data streams, and converts the client information into corresponding quintuple data to be sent to a conventional filtering module.
The network monitoring device end is a set of a plurality of network monitoring devices and is used for uniformly sending one or more application data streams to be monitored and copies thereof to a plurality of appointed network monitoring devices or sending one or more application data streams to all appointed network monitoring devices.
The load balancing system of the customized application data stream SPAN system sets LB or DUP rules in a customization condition and configuration module, and associates a client set with a network monitoring device set by using a strategy.
A SPAN method capable of customizing application data stream is realized by the following steps:
receiving application data flow, checking whether a message is legal or not and whether a TCP or UDP message or not, and if not, directly entering a service processing flow; if yes, continue to
Step two, judging whether a filtering condition is met, if not, judging that the application data flow is not customized and monitored, and directly sending the application data flow to a service for processing; if yes, determining the application data stream to be monitored in a customized mode, and then
And step three, the customized and monitored application data flow is sent to service processing, and meanwhile, a copy of the customized and monitored application data flow is made and sent to network monitoring equipment.
The filtering condition in the second step is one of a direction filtering condition or a quintuple filtering condition.
The invention has the advantages that the application data traffic needing to be monitored can be selected, not all the application data traffic is mirrored, and the mirrored application data flow is greatly reduced. Meanwhile, the method supports that a plurality of application data streams needing mirroring are respectively mirrored to different network monitoring devices, and load balancing can be carried out according to a certain algorithm (such as a hash algorithm). The invention realizes the customizability of application data flow monitoring, realizes the diversified matching of the application data flow mirror image to the network monitoring equipment, supports the load balance of a plurality of network monitoring equipment and reduces the influence on the normal application data flow of a source port to the minimum.
Drawings
FIG. 1 is a diagram of the SPAN architecture of the prior art of the present invention;
FIG. 2 is a schematic diagram of the SPAN system architecture for customizing application data streams in accordance with the present invention;
FIG. 3 is a schematic diagram of the work of a load balancing system dataflow based on customizable application dataflow;
FIG. 4 is a schematic flow diagram of the SPAN method of the present invention for customizing application data streams;
FIG. 5 is a system architecture diagram of a preferred embodiment of the present invention.
Detailed Description
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details and with various changes and modifications based on the following embodiments.
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 2, the SPAN system capable of customizing application data stream according to the present invention is composed of a client 400, a SPAN module 100, a corresponding connection server 200, and a network monitoring device 300; the SPAN module comprises an application data stream receiving module 110, an application data stream copy sending module 160, a conventional filtering module 120, a data structure module 130, a customized condition and configuration module 140 and a display module 150, wherein a condition filtering module 121 is inserted between the conventional filtering module and the data structure module, and the output of the condition filtering module sends the customized monitored application data stream copy to the network monitoring equipment through the sending module.
The application data stream receiving module is called as a receiving module for short: the system is used for receiving network data packets sent by the client and is also a data source of the conventional filtering module. According to the special scene requirement, the application data stream receiving module can configure a promiscuous mode and a non-promiscuous mode, a two-layer deployment mode configures the promiscuous mode, and a three-layer deployment mode configures the non-promiscuous mode.
The application data stream sending module is called as a sending module for short: the system is used for realizing the sending of the application data stream and the copy thereof meeting the customized condition, wherein the system can comprise an application data stream message algorithm and a configuration identification module, and when the message algorithm is configured to LB (load balancing), the forwarded application data stream copy is sent to a plurality of network monitoring devices in a balanced manner; when the message algorithm is configured as a DUP (duplicate), the application data stream is duplicated on all network monitoring devices.
The conventional filtering module filters all application data stream copies and forwards the application data stream copies; the condition filter module inserted between the conventional filter module and the data structure module conditionally forwards the application data stream and the copy thereof to the network monitoring device according to the data given by the customization condition and the configuration module, for example, the customization condition and configuration module may set a copy of the application data stream satisfying the direction condition to be filtered to the network monitoring device, or may set a copy of the application data stream satisfying the quintuple filter condition to be filtered to the network monitoring device. The condition filtering module and the conventional filtering module form a filtering module. The five-tuple includes source IP address, source port, destination IP address, destination port and transport layer protocol. The custom monitored application data stream data needs to be converted into fixed quintuple data, that is, one or more pieces of monitored application data stream data are required, each should have fixed quintuple data, especially a destination IP address and a destination port, otherwise, the custom condition filtering of the application data stream cannot be realized.
The customization condition and configuration module is used for customizing and configuring quintuple data of the monitored application data flow, the data flow direction and a received physical interface; and configuring the MAC address and the transmitted physical interface of the network monitoring device. If there is no restriction on a certain item of the five tuple data of the monitored application data stream, all zeros may be configured, for example: source IP address, source port zero, etc.
Or customizing the condition and configuring a plurality of application data streams to form a filter set A, and customizing the condition and configuring a plurality of network monitoring devices to form a set B; in the B set, load balancing and DUP rules of a plurality of network monitoring devices can be realized through customized conditions and configurations; LB or DUP rules are set in the customization condition and configuration module, and the client end set and the network monitoring equipment set are associated by using the strategy. The display module is used for displaying the static customization and the configuration filtering condition and displaying the dynamic statistical information of the application data stream.
The data structure module converts the user configuration information into a data structure convenient for storage, and simultaneously serves a conventional filtering module and a conditional filtering module.
A load balancing system of a SPAN system capable of customizing application data streams is formed by connecting the SPAN system capable of customizing application data streams with load balancing equipment.
The client is a client set composed of a plurality of application data streams, conditions are customized, the client information is configured and converted into fixed quintuple data, and the fixed quintuple data is sent to the condition filtering module.
The network monitoring device side is a set of a plurality of network monitoring devices and is used for uniformly sending one or more copies of the application data streams to be monitored to a specified one or more network monitoring devices and sending one or more application data streams to all the specified network monitoring devices through the customization condition and configuration module.
LB or DUP rules are set in the custom conditions and configuration module, and the client set and the network monitoring device set are associated by the strategy.
As shown in fig. 3, the application data stream copy sending module is configured to send a copy of an application data stream to a network monitoring device for customized monitoring. The customized monitored application data flow copy is identified by a message, for example, whether an algorithm for sending the message is an LB (load balance) or DUP (Dual-purpose protocol), and if the algorithm is an LB (load balance) message, the message is sent to each network monitoring device of the same type in a balanced manner; if it is a DUP (duplicate) message, the message is sent to all the network monitoring devices. When the customized and monitored application data flow duplicate message is an LB message, the source IP address and the destination IP address in the quintuple may be configured (e.g., hashed) to implement SPAN module configuration. The load balancing algorithm may support HASH source IP + destination IP or HASH source port + destination port. Other algorithms may also be added as desired.
The customization condition and configuration module sets and filters the application data flow copies meeting the direction condition.
The customization condition and configuration module sets an application data stream copy meeting the quintuple filtering condition.
As shown in fig. 4, a SPAN method for customizing application data stream is implemented by the following steps:
receiving application data flow, checking whether the message is legal or not and whether a TCP or UDP message or not, and if not, directly entering a service processing flow; if yes, continue to
Step two, judging whether a filtering condition is met, if not, judging that the application data flow is not customized and monitored, and directly sending the application data flow to a service for processing; if yes, determining the application data stream to be monitored in a customized mode, and then
And step three, sending the network data flow customized and monitored to service processing, simultaneously making a network data flow copy customized and monitored, and sending the network data flow copy customized and monitored to network monitoring equipment.
The filtering condition is a directional filtering condition.
The filtration conditions are quintuple filtration conditions.
The service module in the flow chart of the method is the processing of three-layer to seven-layer services by the APV equipment. For example, SLB (server load balancing), NAT (Network Address Translation), LLB (Link load balance), and the like.
Fig. 5 shows an embodiment of the whole network architecture of the customized application data stream SPAN system and its load balancing system according to the present invention: the architecture is composed of a group of client application data streams 401, 402 … …, etc., switches 501 and 502, a load balancing device 600 (for example, an APV series application delivery controller manufactured by Hua Yao (china) technologies ltd) which inserts a built-in SPAN system module between the two switches), network monitoring devices 301 and 302, and a server 200 connected through the internet.
In the example of fig. 5, the number of application data streams selected to be monitored may be 1 or more. The number of selected network monitoring devices may be 1 or more. The same type of network monitoring device may be supported, as may different types of network monitoring devices, for example: IPS (IPS: intrusion Prevention System), IDS (Intrusion Detection Systems), firewall (Firewall), and the like.
In the example of fig. 5, when the same type of network monitoring device is selected, the application data stream data of the customized monitoring is sent to the network monitoring device in a balanced manner, and meanwhile, the data of the same application data stream is sent to the same network monitoring device; when different types of network monitoring devices are selected, custom monitored application data flow data is distributed to all network monitoring devices. The monitored application data flow port can normally receive data packets from the network monitoring device, and if a certain application data flow is found to be abnormal, the network monitoring device can block the application data flow.
The example of fig. 5 may further enumerate application scenarios of the present invention:
for example, the client application data stream 401 is mirrored to the network monitoring device 301; the client application data stream data 402 is mirrored to the network monitoring device 302;
for example two, the client application data streams 401 and 402 are mirrored to the network monitoring device 301; client application data flow data 403 is mirrored to network monitoring device 302;
third, application data streams 401 and 402 are mirrored to network monitoring devices 301 and 302; and load balancing between 301 and 302 is achieved;
example four, client application data stream 401 is mirrored to network monitoring devices 301 and 302; and traffic sharing between 301 and 302 is achieved.
And fifthly, configuring customized network monitoring on the application data stream of the existing SSL interrupt, wherein the network monitoring equipment is deployed by a bypass, the balance of clear text traffic is realized and is transmitted to the network monitoring equipment, the influence on the main service is reduced to the minimum, and the normal use of the main service is not influenced even if the equipment deployed by the bypass fails.
As shown in fig. 5, in this network architecture, the network security device is set to L2 mode (with the function of two-layer switching), for example, an APV series application delivery controller manufactured by Hua Yao (china) technologies ltd, which integrates ingress and egress nodes. An example of a configuration of the network architecture of fig. 5 is given below:
in example five, the conventional network basic configuration, such as IP address and routing configuration, may be:
the SLB (Server Load Balancing) basic configuration may be:
the configuration of SSL (Secure Sockets Layer) interception may be:
the SPAN and load balancing configuration of the customizable application data stream of the invention can be as follows:
it should be noted that, each unit mentioned in each device embodiment of the present invention is a logical unit, and physically, one logical unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of multiple physical units, and the physical implementation manner of these logical units itself is not the most important, and the combination of the functions implemented by these logical units is the key to solve the technical problem provided by the present invention. Furthermore, the invention does not incorporate the various embodiments of the plant described above and the units that are not too closely related to solving the technical problems posed by the invention, in order to highlight the innovative part of the invention, but this does not indicate the absence of the embodiments of the plant described above and of the units of other related embodiments.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.
Claims (9)
1. A SPAN system that can customize application data streams, comprising: the system comprises a client, an SPAN module, a corresponding connection server and network monitoring equipment; the SPAN module comprises: the device comprises an application data stream receiving module, an application data stream sending module, a conventional filtering module, a data structure module, a configuration module and a display module, and is characterized in that:
inserting a conditional filtering module between a conventional filtering module and a data structure module, wherein the output of the conditional filtering module sends a copy of the customized monitored application data stream to the network monitoring equipment through an application data stream sending module;
the configuration module is internally provided with a customization condition module to form a customization condition and configuration module;
the application data stream sending module: the application data flow sending module comprises an application data flow message algorithm and a configuration identification module: when the message algorithm is configured to LB, the application data flow copies are transmitted to a plurality of network monitoring devices in a balanced manner; when the message algorithm is configured as a DUP, a copy of the application data stream is sent to all network monitoring devices.
2. The SPAN system of a customizable application data stream according to claim 1, characterized in that: the customization condition and configuration module is used for setting and filtering the application data flow meeting the direction condition.
3. SPAN system for customizable application data flow according to claim 1, characterized in that: the customization condition and configuration module sets the application data flow meeting the quintuple filtering condition.
4. A load balancing system of a customized application data stream SPAN system is characterized in that: the SPAN system of the customizable application data stream of any of claims 1-3 connected to a load balancing device, wherein the application data stream sending module of claim 1 comprises an application data stream message algorithm and configuration identification module: when the message algorithm is configured to LB, the application data flow copies are transmitted to a plurality of network monitoring devices in a balanced manner; when the message algorithm is configured as a DUP, a copy of the application data stream is sent to all network monitoring devices.
5. The system for load balancing of a customizable application data flow SPAN system in accordance with claim 4, wherein: the client is a client set consisting of a plurality of application data streams, and converts the client information into corresponding quintuple data to be sent to a conventional filtering module.
6. The load balancing system for a customizable application data stream, SPAN, system in accordance with claim 4, wherein: the network monitoring device end is a set of a plurality of network monitoring devices and is used for uniformly sending one or more application data streams to be monitored and copies thereof to a plurality of appointed network monitoring devices or sending one or more application data streams to all appointed network monitoring devices.
7. The system for load balancing of a customizable application data flow SPAN system in accordance with claim 4, wherein: LB or DUP rules are set in the custom conditions and configuration module and policies are used to associate the set of clients with the set of network monitoring devices.
8. A SPAN method for customizing an application data stream, comprising the steps of:
receiving application data flow, checking whether a message is legal or not and whether a TCP or UDP message or not, and if not, directly entering a service processing flow; if yes, continue to
Step two, judging whether a filtering condition is met, if not, judging that the application data flow is not customized and monitored, and directly sending the application data flow to a service for processing; if yes, determining the application data stream to be monitored in a customized mode, and then
And step three, sending the customized and monitored application data stream to service processing, simultaneously making a customized and monitored application data stream copy and sending the customized and monitored application data stream copy to network monitoring equipment, wherein if the message algorithm is configured as LB, making the customized and monitored application data stream copy and sending the customized and monitored application data stream copy to a plurality of network monitoring equipment in a balanced manner.
9. The SPAN method of customizable application data stream according to claim 8, characterized in that: the filtering condition in the second step is one of a directional filtering condition or a quintuple filtering condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420673.0A CN110445724B (en) | 2018-05-04 | 2018-05-04 | SPAN capable of customizing application data stream and load balancing system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420673.0A CN110445724B (en) | 2018-05-04 | 2018-05-04 | SPAN capable of customizing application data stream and load balancing system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110445724A CN110445724A (en) | 2019-11-12 |
| CN110445724B true CN110445724B (en) | 2023-01-10 |
Family
ID=68427248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810420673.0A Active CN110445724B (en) | 2018-05-04 | 2018-05-04 | SPAN capable of customizing application data stream and load balancing system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110445724B (en) |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1260061A2 (en) * | 2000-02-22 | 2002-11-27 | Top Layer Networks, Inc. | System and method for flow mirroring in a network switch |
| CN104243211A (en) * | 2014-09-22 | 2014-12-24 | 北京星网锐捷网络技术有限公司 | Data stream mirroring method and device |
| CN107864061A (en) * | 2017-11-15 | 2018-03-30 | 北京易讯通信息技术股份有限公司 | A kind of method of virtual machine port speed constraint and mirror image in private clound |
-
2018
- 2018-05-04 CN CN201810420673.0A patent/CN110445724B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110445724A (en) | 2019-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111614605B (en) | Method for configuring firewall, security management system and computer readable medium | |
| US11558293B2 (en) | Network controller subclusters for distributed compute deployments | |
| US10693784B1 (en) | Fibre channel over ethernet (FCoE) link aggregation group (LAG) support in data center networks | |
| US10897420B1 (en) | Service chaining among devices of interconnected topology | |
| EP3266166B1 (en) | Method and apparatus for load balancing in network switches | |
| JP6445015B2 (en) | System and method for providing data services in engineered systems for execution of middleware and applications | |
| US9185056B2 (en) | System and methods for controlling network traffic through virtual switches | |
| US7505401B2 (en) | Method, apparatus and program storage device for providing mutual failover and load-balancing between interfaces in a network | |
| US11611454B2 (en) | Distributed network interfaces for application cloaking and spoofing | |
| EP2882162B1 (en) | Data stream security processing method and apparatus | |
| JP4892550B2 (en) | Data communication system and method | |
| US20050265248A1 (en) | Asymmetric packets switch and a method of use | |
| US20040131059A1 (en) | Single-pass packet scan | |
| US8938521B2 (en) | Bi-directional synchronization enabling active-active redundancy for load-balancing switches | |
| US8479275B1 (en) | Secure high-throughput data-center network employing routed firewalls | |
| CN115834534A (en) | System for global virtual network | |
| US10587521B2 (en) | Hierarchical orchestration of a computer network | |
| Shahriar et al. | Designing a reliable and redundant network for multiple VLANs with Spanning Tree Protocol (STP) and Fast Hop Redundancy Protocol (FHRP) | |
| CN116566752B (en) | Safety drainage system, cloud host and safety drainage method | |
| CN110445724B (en) | SPAN capable of customizing application data stream and load balancing system and method thereof | |
| US7061907B1 (en) | System and method for field upgradeable switches built from routing components | |
| Hirata et al. | Flexible service creation node architecture and its implementation | |
| US7894426B2 (en) | Conduit port for network chips | |
| Vadivelu et al. | Design and performance analysis of complex switching networks through VLAN, HSRP and link aggregation | |
| EP4221098A1 (en) | Integrated broadband network gateway (bng) device for providing a bng control plane for one or more distributed bng user plane devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century Applicant after: Beijing Huayao Technology Co.,Ltd. Address before: 100125 Beijing city Chaoyang District Liangmaqiao Road No. 40 building 10 room 1001, twenty-first Century Applicant before: ARRAY NETWORKS, Inc. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |