CN111342995B - Synchronization device, method and server system - Google Patents

Synchronization device, method and server system Download PDF

Info

Publication number
CN111342995B
CN111342995B CN202010079210.XA CN202010079210A CN111342995B CN 111342995 B CN111342995 B CN 111342995B CN 202010079210 A CN202010079210 A CN 202010079210A CN 111342995 B CN111342995 B CN 111342995B
Authority
CN
China
Prior art keywords
acl
acl rule
rule
name
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010079210.XA
Other languages
Chinese (zh)
Other versions
CN111342995A (en
Inventor
肖建民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202010079210.XA priority Critical patent/CN111342995B/en
Publication of CN111342995A publication Critical patent/CN111342995A/en
Application granted granted Critical
Publication of CN111342995B publication Critical patent/CN111342995B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • H04L41/0846Configuration by using pre-existing information, e.g. using templates or copying from other elements based on copy from other elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/22Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The invention provides a synchronization device, a synchronization method and a server system. The synchronization device includes: a configuration unit configured to configure a first ACL rule in a first access control list ACL of a first server; and a synchronization unit configured to determine whether a second ACL rule having the same name as that of the configured first ACL rule exists in the second ACL in the second server, and synchronize the second ACL in the second server according to a result of the determination. Therefore, the configuration consistency of the ACL between the main equipment and the standby equipment can be ensured.

Description

Synchronization device, method and server system
Technical Field
The invention relates to a synchronization device, a synchronization method and a server system.
Background
An access control list ACL (access control list) is a packet filtering based access control technique that can filter packets on an interface, allow them to pass or drop, depending on set conditions. By means of the access control list, the access of the user to the network can be effectively controlled, and therefore the network security is guaranteed to the maximum extent.
The ACL comprises ACL rules, the ACL rules are stored in a database in a list form when being stored, the ACL rules have the characteristic of priority, the priority of the rules above the list is higher than that of the rules below, when a router or a three-layer switch receives a data packet and needs to access the ACL for processing, the data packet is matched according to the order of the rules in the list from top to bottom, and once one of the data packet is matched, the data packet is not continuously matched but is processed according to the action in the rule in the matching.
In a dual-machine hot standby or VSM networking environment, the ACL configuration needs to be synchronized from the main equipment to the standby equipment, so that when the main equipment is restarted due to a fault, the standby equipment can continuously work by replacing the position of the main equipment with the same configuration, and the influence on a network due to the equipment fault is reduced.
The synchronous configuration in the dual-computer hot standby environment is that the configuration is firstly synchronized to the standby equipment, and then the ID is distributed by the standby equipment according to the synchronized ACL configuration sequence. After synchronization is completed, if the primary device modifies the ACL configuration, the configuration of the secondary device is also modified synchronously, the synchronous content is the ID of the ACL and the configuration to be modified, and the secondary device modifies the ACL configuration stored in the device according to the synchronized ID. When the master device and the slave device are synchronized, the situation of loss of the synchronous message or misplacement of the synchronous sequence may occur, which may cause the situation of incomplete consistency of the ACL configuration between the master device and the slave device. When the subsequent main device modifies the ACL configuration, the ID corresponding to the ACL of the main device is synchronized to the standby device, and due to the synchronization failure or error, the same ACL configuration of the standby device may not exist or the ID is inconsistent with the ID of the main device, but the standby device modifies the configuration according to the ID index, so that other ACL configurations are modified, and the configuration difference between the standby device and the main device is increased.
Disclosure of Invention
An exemplary embodiment of the present invention is directed to overcoming the above-mentioned and/or other problems in the prior art. Accordingly, exemplary embodiments of the present invention provide a synchronization apparatus, method and server system.
In one exemplary embodiment, a synchronization apparatus includes: a configuration unit configured to configure a first ACL rule in a first access control list ACL of a first server; and a synchronization unit configured to determine whether a second ACL rule having the same name as that of the configured first ACL rule exists in the second ACL in the second server, and synchronize the second ACL in the second server according to a result of the determination.
The configuration unit is configured to create a new first ACL rule at configuration time; the synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL, add the new first ACL rule to the second ACL as a new second ACL rule, and assign an identification ID of the new second ACL rule to be the same as that of the new first ACL rule, wherein the identification ID indicates an arrangement order of the ACL rules in the ACL.
The synchronization unit is configured to, when it is determined that a second ACL rule having the same name as that of the new first ACL rule exists in the second ACL, determine whether the ID of the new first ACL rule is the same as that of the second ACL rule having the same name, and when it is determined that the ID of the new first ACL rule is the same as that of the second ACL rule having the same name, not add the new first ACL rule to the second ACL.
The synchronization unit is configured to modify the second ACL rule having the same name to be identical to the new first ACL rule upon determining that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name.
The configuration unit is configured to delete a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured not to delete the second ACL rule when it is determined that the second ACL rule having the same name as the deleted first ACL rule does not exist in the second ACL, and to delete the second ACL rule having the same name when it is determined that the second ACL rule having the same name as the deleted first ACL rule exists in the second ACL.
The configuration unit is configured to modify at least one of a name, a content, and an action of a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured to determine whether a name of a second ACL rule in the second ACL is the same as at least one of a pre-modification name and a post-modification name of the modified first ACL rule, and determine that a second ACL rule having the same name as the modified first ACL rule does not exist in the second ACL and add the modified first ACL rule to the second ACL as a new second ACL rule when it is determined that the name of the second ACL rule is not the same as both the pre-modification name and the post-modification name of the modified first ACL rule.
The synchronization unit is configured to, when it is determined that the name of the second ACL rule is identical to one of the pre-modification name and the post-modification name of the modified first ACL rule, determine that there is a second ACL rule in the second ACL, the name of which is identical to the name of the modified first ACL rule, and modify the second ACL rule, the name of which is identical, to be identical to the modified first ACL rule.
The configuration unit is configured to modify an ID of a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured to, upon determining that a name of a second ACL rule in the second ACL is identical to a name of the modified first ACL rule, modify an ID of the second ACL rule identical in name to be identical to an ID of the modified first ACL rule.
The configuration unit is configured to modify an ID of a first ACL rule in the first ACL based on a reference first ACL rule in the first ACL when creating a new first ACL rule; the synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, add the reference first ACL rule to the second ACL as the reference second ACL rule and assign the ID of the reference second ACL rule to be the same as the ID of the reference first ACL rule.
The synchronization unit is configured to modify an ID of a second ACL rule in the second ACL, the ID of the second ACL rule having the same ID as the ID of the reference second ACL rule and an ID of the second ACL rule having an ID ordered after the ID of the reference second ACL rule, to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and the second ACL rule having an ID ordered after the ID of the reference second ACL rule, and to add the new first ACL rule to the second ACL as a new second ACL rule.
The synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as the new first ACL rule in the second ACL and it is determined that the second ACL has a second ACL rule having the same name as the reference first ACL rule, determine whether an ID of the second ACL rule having the same name is the same as an ID of the reference first ACL rule, and when it is determined that the ID of the second ACL rule having the same name is the same as the ID of the reference first ACL rule, regard the second ACL rule having the same ID as the reference second ACL rule, and modify an ID of the second ACL rule having the ID and the ID of the reference second ACL rule ranked after the ID of the reference second ACL rule to reorder the reference second ACL rule and the second ACL rule having the ID ranked after the ID of the reference second ACL rule, and add the new first ACL rule to the second ACL as the new second ACL rule.
The synchronization unit is configured to, when it is determined that a second ACL rule having a name identical to that of the new first ACL rule does not exist in the second ACL and it is determined that the second ACL rule having a name identical to that of the reference first ACL exists, determine whether an ID of the second ACL rule having the same name is identical to that of the reference first ACL rule, and modify the ID of the second ACL rule having the same name to be identical to that of the reference first ACL rule and serve as the reference second ACL rule when it is determined that the ID of the second ACL rule having the same name is different from that of the reference first ACL rule.
And a checking unit configured to determine whether there is a first ACL rule having a name different from a name of a second ACL rule in the second ACL in the first ACL, wherein when the checking unit determines that there is a first ACL rule having a name different from a name of a second ACL rule in the second ACL in the first ACL, the synchronizing unit adds the first ACL rule having a different name to the second ACL as a new second ACL rule, and assigns an ID of the new second ACL rule to be the same as an ID of the new first ACL rule.
In another exemplary embodiment, a server system includes: a first server; a second server; the synchronization apparatus as described above is configured to configure a first ACL rule in a first access control list ACL of a first server and synchronize a second ACL in a second server.
In another exemplary embodiment, a synchronization method includes: configuring a first Access Control List (ACL) rule in a first ACL of a first server; and determining whether a second ACL rule with the same name as the configured first ACL rule exists in a second ACL in the second server, and synchronizing the second ACL in the second server according to the determination result.
Creating a new first ACL rule at configuration time; and when determining that a second ACL rule with the same name as the new first ACL rule does not exist in the second ACL, adding the new first ACL rule into the second ACL to serve as a new second ACL rule, and allocating the identification ID of the new second ACL rule to be the same as the identification ID of the new first ACL rule, wherein the identification ID indicates the arrangement sequence of the ACL rules in the ACL.
The synchronization unit is configured to, when it is determined that there is a second ACL rule having the same name as the new first ACL rule in the second ACL, determine whether the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name, and not to add the new first ACL rule to the second ACL when it is determined that the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name.
The synchronization unit is configured to modify the second ACL rule having the same name to be the same as the new first ACL rule, upon determining that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name.
The configuration unit is configured to delete a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured not to delete the second ACL rule when it is determined that the second ACL rule having the same name as the deleted first ACL rule does not exist in the second ACL, and to delete the second ACL rule having the same name when it is determined that the second ACL rule having the same name as the deleted first ACL rule exists in the second ACL.
The configuration unit is configured to modify at least one of a name, a content, and an action of a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured to determine whether a name of a second ACL rule in the second ACL is the same as a name of the modified first ACL rule before modification and a name of the modified first ACL rule after modification, and determine that the second ACL rule having the same name as the name of the modified first ACL rule does not exist in the second ACL and add the modified first ACL rule to the second ACL as a new second ACL rule when it is determined that the name of the second ACL rule is not the same as the name of the modified first ACL rule before modification and the name of the modified first ACL rule after modification.
The synchronization unit is configured to, when it is determined that the name of the second ACL rule is identical to one of the pre-modification name and the post-modification name of the modified first ACL rule, determine that there is a second ACL rule in the second ACL, the name of which is identical to the name of the modified first ACL rule, and modify the second ACL rule, the name of which is identical, to be identical to the modified first ACL rule.
The configuration unit is configured to modify an ID of a first ACL rule in the first ACL at the time of configuration; the synchronization unit is configured to modify an ID of a second ACL rule having the same name to be the same as an ID of the modified first ACL rule in the second ACL, upon determining that the name of the second ACL rule is the same as the name of the modified first ACL rule.
The configuration unit is configured to modify an ID of a first ACL rule in the first ACL based on a reference first ACL rule in the first ACL when creating a new first ACL rule; the synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, add the reference first ACL rule to the second ACL as the reference second ACL rule and assign the ID of the reference second ACL rule to be the same as the ID of the reference first ACL rule.
The synchronization unit is configured to modify an ID of a second ACL rule in the second ACL, the ID of the second ACL rule being the same as the ID of the reference second ACL rule and an ID of a second ACL rule having an ID ranked after the ID of the reference second ACL rule, to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and a second ACL rule having an ID ranked after the ID of the reference second ACL rule, and to add the new first ACL rule to the second ACL as a new second ACL rule.
The synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that the second ACL has a second ACL rule having the same name as that of the reference first ACL rule, determine whether an ID of the second ACL rule having the same name is the same as that of the reference first ACL rule, and when it is determined that the ID of the second ACL rule having the same name is the same as that of the reference first ACL rule, regard the second ACL rule having the same ID as the reference second ACL rule, and modify an ID of the second ACL rule having the ID and ID of the reference second ACL rule ordered after that of the reference second ACL rule to reorder the reference second ACL rule and the second ACL rule having the ID ordered after that of the reference second ACL rule, and add the new first ACL rule to the second ACL as the new second ACL rule.
The synchronization unit is configured to, when it is determined that a second ACL rule having the same name as that of the new first ACL rule does not exist in the second ACL and it is determined that the second ACL rule having the same name as that of the reference first ACL rule exists, determine whether an ID of the second ACL rule having the same name is the same as that of the reference first ACL rule, and modify the ID of the second ACL rule having the same name to be the same as that of the reference first ACL rule and serve as the reference second ACL rule when it is determined that the ID of the second ACL rule having the same name is different from that of the reference first ACL rule.
And a checking unit configured to determine whether a first ACL rule having a name different from that of a second ACL rule in the second ACL exists in the first ACL, wherein when the checking unit determines that the first ACL rule having a name different from that of the second ACL rule in the second ACL exists in the first ACL, the synchronizing unit adds the first ACL rule having a different name to the second ACL as a new second ACL rule, and assigns an ID of the new second ACL rule to be the same as an ID of the new first ACL rule.
In other exemplary embodiments, an electronic device includes: at least one processor; a memory coupled to the at least one processor, the memory storing instructions that, when executed by the at least one processor, cause the electronic device to perform the method as described above.
In other exemplary embodiments, a non-transitory machine-readable medium has executable instructions that when executed cause at least one processor to perform the method as described above.
In other exemplary embodiments, a computer program product comprises computer executable instructions that when executed cause at least one processor to perform the method as described above.
Therefore, the configuration consistency of the ACL between the main equipment and the standby equipment can be ensured, and the influence on the network after the main equipment and the standby equipment are switched due to inconsistent equipment configuration can be reduced.
Other features and aspects will become apparent from the following detailed description, the accompanying drawings, and the claims.
Drawings
The invention may be better understood by describing exemplary embodiments thereof in conjunction with the following drawings, in which:
FIG. 1 is a schematic block diagram illustrating a server system in accordance with an illustrative embodiment;
FIG. 2 is a schematic block diagram illustrating a synchronization apparatus according to an exemplary embodiment;
FIG. 3 is a schematic flow chart diagram illustrating a synchronization method in accordance with an illustrative embodiment;
fig. 4 is a schematic block diagram illustrating an electronic device according to an exemplary embodiment.
Detailed Description
While specific embodiments of the invention will be described below, it should be noted that in the course of the detailed description of these embodiments, in order to provide a concise and concise description, all features of an actual implementation may not be described in detail. It should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions are made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Unless otherwise defined, technical or scientific terms used in the claims and the specification should have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The use of "first," "second," and similar terms in the description and in the claims of the present application does not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The terms "a" or "an," and the like, do not denote a limitation of quantity, but rather denote the presence of at least one. The word "comprise" or "comprises", and the like, means that the element or item listed before "comprises" or "comprising" covers the element or item listed after "comprising" or "comprises" and its equivalent, and does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, nor are they restricted to direct or indirect connections.
Fig. 1 is a schematic block diagram illustrating a server system according to an exemplary embodiment, and fig. 2 is a schematic block diagram illustrating a synchronization apparatus included in the server system according to an exemplary embodiment.
As shown in fig. 1, a server system according to an exemplary embodiment may include a first server or main device 10, a second server or standby device 30, and a synchronization apparatus 50. The master device 10, the standby device 30 and the synchronization apparatus 50 may together form a dual-device hot standby or VSM networking environment. The dual-server hot standby may specifically be a hot standby (or high availability) based on two or more servers in the high availability system. The dual-server high availability mode is divided into a master-Standby mode (Active-Standby mode) and a dual-host mode (Active-Active mode) according to a switching mode in work, where the master-Standby mode refers to that one server (e.g., the first server 10 or the second server 30) is in an Active state (i.e., active state) of a certain service, and the other server (e.g., the second server 30 or the first server 10) is in a Standby state (i.e., standby state) of the service. The dual-host mode means that two different services are in Active-Standby states (i.e., active-Standby states and Standby-Active states) on two servers (e.g., the first server 10 and the second server 30), respectively.
A Virtual Switching Matrix VSM (Virtual Switching Matrix) may be a technology for virtualizing a plurality of L2 to 7 layers of physical devices into one logical device for management and use. Each device in the VSM is referred to as a member device. Member equipment is divided into two different roles according to different functions: a Master member Master device (e.g., the first server 10 or the second server 30) responsible for managing and controlling the entire VSM system; all configuration information of the VSM is uniformly issued to all Slave devices by the Master device; the Slave device (e.g., the second server 30 or the first server 10) is controlled and managed by the Master device. The Slave device operates as a backup device of the Master device, and the Slave device can also forward data services. When the Master equipment fails, the system can automatically take over the Slave equipment for the original Master equipment.
For simplicity, a dual-server hot-standby environment with the first server 10 as a main device and the second server 30 as a standby device will be described below. For example, the main device 10 and the standby device 30 may be Personal Computers (PCs), servers, distributed processing devices, routers, and the like. The first server 10 as a master may include a first access control list ACL (access control list). The first ACL of master device 10 may include one or more first ACL rules. Similarly, the second server 30 as a standby device may comprise a second access control list ACL. The second ACL of the standby device 30 may include one or more second ACL rules. The first and second ACLs may be synchronized by synchronization device 50 such that the second ACL rules in the second ACL may remain synchronized (consistent) with the first ACL rules in the first ACL. Here, each of the first and second ACL rules may include an identification ID, a name, content, and an action. The 4 ACL rules included in the first ACL or the second ACL are shown in Table 1 below. For example, different ACL rules may have different names A, B, C, D in the same ACL. The content and actions in the respective ACL rules can be performed by either master device 10 or slave device 30. For example, when the standby device 10 receives data from an IP address of 1.1.1.2, the standby device 10 may allow the data to pass through according to an ACL rule named a; alternatively, when the standby device 10 receives data from the IP address 1.1.1.4, the standby device 10 may perform a packet loss operation on the data according to the ACL rule named C.
TABLE 1
Figure BDA0002379683100000091
When the ACL rules are stored, an ID tag may be added in front of each rule to tag each ACL rule, and the ACL rules are stored and matched according to the size of the ID (i.e., the priority when each ACL rule is executed). When the position of an ACL rule is moved, the corresponding ID will also change, e.g., two ACL rules a and B may have corresponding IDs 1 and 2, and when rule B is moved before rule a, the ID of rule B may be changed to 1 and the ID of rule a will be changed to 2.
ACL agreement between the main device 10 and the standby device 30 will be described in detail belowAnd (5) carrying out the steps. Fig. 2 is a schematic block diagram illustrating a synchronization apparatus 50 according to an exemplary embodiment. As shown in fig. 2, the synchronization apparatus 50 may include a configuration unit 510 and a synchronization unit 530. Here, the synchronization apparatus 50 may be, for example, a general-purpose or special-purpose computing device or computing unit, or implemented by software or code executed on a computing device. For example, synchronization apparatus 50 may be provided by another computing device independent of host device 10 and standby device 30Implementation ofAlternatively, the respective elements/units in the synchronization apparatus 50 may be implemented by the main device 10 and/or the auxiliary device 30 through software or hardware that performs the corresponding functions.
In the synchronization apparatus 50, the configuration unit 510 may be connected with the master device 10 or included in the master device 10. The configuration unit 510 may configure a first ACL rule in a first access control list ACL of a first server. Here, the configuration operation of the configuration unit 510 may include: creating a new first ACL rule, deleting an existing first ACL rule, modifying the ranking/position (ID), name, content and/or action of an existing first ACL rule, or inserting a created first ACL rule in a predetermined ranking position in a first ACL and changing the ranking/position (ID) of other existing first ACL rules accordingly, etc.
The synchronization unit 530 may be connected with the standby device 30, or may be included in the main device 10 or the standby device 30. The synchronizing unit 530 may determine whether a second ACL rule having the same name as the configured first ACL rule exists in the second access control list ACL in the standby device 30, and may synchronize the second ACL in the second server according to the determination result so that the second ACL rule in the second ACL coincides with the first ACL rule in the first ACL.
Specifically, the configuration unit 510 may create a new first ACL rule at the time of configuration, for example, create a new first ACL rule when a first ACL rule is not included in the first ACL, or create a new first ACL rule when an existing first ACL rule is included in the first ACL without changing an ID of the existing first ACL rule. At this time, the synchronization unit 530 may determine whether there is a second ACL rule having the same name as that of the created new first ACL rule in the second ACL. When the synchronization unit 530 determines that there is no second ACL rule having the same name as the new first ACL rule in the second ACL, the synchronization unit 530 may add the new first ACL rule to the second ACL as the new second ACL rule and may assign the ID of the new second ACL rule to be the same as the ID of the new first ACL rule.
Further, when the synchronization unit 530 determines that there is a second ACL rule having the same name as the new first ACL rule in the second ACL, the synchronization unit 530 may further determine whether the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name. When the synchronization unit 530 determines that the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name, the synchronization unit 530 may exit and synchronize, i.e., not add the new first ACL rule to the second ACL.
Further, when the synchronization unit 530 determines that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name, the synchronization unit 530 may modify the second ACL rule (e.g., ID, content, and action) having the same name to be the same as the new first ACL rule (e.g., ID, content, and action).
In addition, configuration unit 510 may delete an existing first ACL rule in the first ACL at the time of configuration. At this time, the synchronization unit 530 may determine whether there is a second ACL rule having the same name as that of the deleted first ACL rule in the second ACL. When the synchronization unit 530 determines that there is no second ACL rule having the same name as the deleted first ACL rule in the second ACL, the synchronization unit 530 may exit the synchronization, i.e., not delete the second ACL rule. On the other hand, when the synchronization unit 530 determines that there is a second ACL rule having the same name as that of the deleted first ACL rule in the second ACL, the synchronization unit 530 may delete the second ACL rule having the same name.
Further, the configuration unit may modify at least one of a name, a content, and an action of the first ACL rule in the first ACL while not changing a position (ID) of the first ACL rule in the first ACL at the time of configuration. At this time, the synchronization unit 530 may determine whether the name of the second ACL rule in the second ACL is the same as at least one of the name of the modified first ACL rule before the modification and the name after the modification. When the synchronization unit 530 determines that the name of the second ACL rule is not identical to both the name of the modified first ACL rule before modification and the name of the modified first ACL rule after modification, the synchronization unit 530 may determine that the second ACL rule having the same name as the name of the modified first ACL rule does not exist in the second ACL, and may add the modified first ACL rule to the second ACL as a new second ACL rule. On the other hand, when the synchronization unit 530 determines that the name of the second ACL rule is identical to one of the pre-modification name and the post-modification name of the modified first ACL rule, the synchronization unit 530 may determine that the second ACL rule having the same name as the modified first ACL rule exists in the second ACL and may modify the name, content, and/or action of the second ACL rule having the same name to be identical to the name, rule, and/or action of the modified first ACL rule.
In addition, configuration unit 510 may modify the ID of the first ACL rules in the first ACL at configuration time, i.e., reorder the existing first ACL rules for some or all of the first ACLs. At this time, the synchronization unit 530 may determine whether the name of the second ACL rule in the second ACL is the same as the name of the modified first ACL rule, and may modify the ID of the second ACL rule having the same name to be the same as the ID of the modified first ACL rule when it is determined that the name of the second ACL rule in the second ACL is the same as the name of the modified first ACL rule.
Further, the configuration unit 510 may modify an ID of a first ACL rule in the first ACL based on a reference first ACL rule in the first ACL when creating a new first ACL rule, that is, insert the created first ACL rule in a predetermined arrangement position in the first ACL and change an arrangement order/position (ID) of other existing first ACL rules accordingly. At this time, the synchronization unit 530 may determine whether there is a second ACL rule having the same name as that of the new first ACL rule in the second ACL and whether there is a second ACL rule having the same name as that of the reference first ACL rule in the second ACL. When the synchronization unit 530 determines that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, the synchronization unit 530 may add the reference first ACL rule to the second ACL as the reference second ACL rule and assign the ID of the reference second ACL rule to be the same as that of the reference first ACL rule. Then, the synchronization unit 530 may modify the ID of the second ACL rule having the same ID as the ID of the reference second ACL rule and the ID of the second ACL rule having the ID ordered after the ID of the reference second ACL rule in the second ACL to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and the second ACL rule having the ID ordered after the ID of the reference second ACL rule. Finally, the synchronization unit 530 may add the new first ACL rule to the second ACL as a new second ACL rule.
On the other hand, when the synchronization unit 530 determines that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and that the second ACL rule having the same name as that of the reference first ACL rule exists, the synchronization unit 530 may determine whether the ID of the second ACL rule having the same name is the same as that of the reference first ACL rule. When the synchronization unit 530 determines that the ID of the second ACL rule having the same name is the same as the ID of the reference first ACL rule, the synchronization unit 530 may take the second ACL rule having the same ID as the reference second ACL rule and modify the ID of the reference second ACL rule and the ID of the second ACL rule having the ID sorted after the ID of the reference second ACL rule to re-sort the reference second ACL rule and the ID of the second ACL rule having the ID sorted after the ID of the reference second ACL rule. The synchronization unit 530 may then add the new first ACL rule to the second ACL as a new second ACL rule. Further, when the synchronization unit 530 determines that there is no second ACL rule having the same name as the new first ACL rule in the second ACL and that the second ACL has a second ACL rule having the same name as the reference first ACL rule, it determines whether the ID of the second ACL rule having the same name is the same as the ID of the reference first ACL rule, and when it is determined that the ID of the second ACL rule having the same name is different from the ID of the reference first ACL rule, modifies the ID of the second ACL rule having the same name to be the same as the ID of the reference first ACL rule and serves as the reference second ACL rule. Then, as described above, the synchronization unit 530 may modify the ID of the second ACL rule having the same ID as the ID of the reference second ACL rule and the ID of the second ACL rule having the ID sorted after the ID of the reference second ACL rule in the second ACL, to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and the second ACL rule having the ID sorted after the ID of the reference second ACL rule, and to add the new first ACL rule to the second ACL as the new second ACL rule.
As described above, the ACL of the primary device and the ACL of the secondary device may be synchronized according to the ACL rule, so that the configuration of the ACLs between the primary device and the secondary device may be ensured to be consistent, and the influence on the network after the primary device and the secondary device are switched due to inconsistent device configurations may be reduced.
Furthermore, the synchronization apparatus 500 may further comprise a checking unit 550. The checking unit 550 may be included in the main device 10 or the standby device 30 or implemented as a separate unit independent from the main device 10 or the standby device 30. The checking unit 550 may determine whether there is a first ACL rule having a name different from that of a second ACL rule in a second ACL of the standby device 30 in the first ACL of the primary device 10. When, for example, the checking unit 550 included in the standby device 30 determines that there is a first ACL rule in the first ACL whose name is different from that of a second ACL rule in the second ACL, a request for synchronizing an ACL rule whose name does not exist may be sent to, for example, the synchronizing unit 550 included in the master device 10. At this time, the synchronization unit 550 may add the first ACL rule having a different name to the second ACL as a new second ACL rule, and assign the ID of the new second ACL rule to be the same as the ID of the new first ACL rule. In one example, the checking operation of the checking unit 550 may be stopped when the configuration unit 510 is configuring the first ACL of the master device. For example, the time interval of the inspection operation of the inspection unit 550 may be set to 1 day to avoid stress on the apparatus by frequent inspections.
Fig. 3 is a schematic flow chart diagram illustrating a synchronization method according to an exemplary embodiment. The method according to the exemplary embodiments may be performed by the server system or the synchronization apparatus described above with reference to fig. 1 and described, or by a general-purpose computing apparatus (e.g., a server, a personal computer, etc.) or a dedicated computing apparatus (e.g., a programmable logic controller, etc.).
As shown in fig. 3, in operation S301, a first ACL rule in a first access control list ACL of a first server may be configured. Here, the configuring operation may include: creating a new first ACL rule, deleting an existing first ACL rule, modifying the arrangement order/location (ID), name, content and/or action of an existing first ACL rule, or inserting a created first ACL rule in a predetermined arrangement location in a first ACL and changing the arrangement order/location (ID) of other existing first ACL rules accordingly, etc.
Then, in operation S303, it may be determined whether a second ACL rule having the same name as that of the configured first ACL rule exists in the second access control list ACL, and the second ACL in the second server may be synchronized according to the determination result so that the second ACL rule in the second ACL coincides with the first ACL rule in the first ACL.
In particular, a new first ACL rule may be created at configuration time, for example, when the first ACL rule is not included in the first ACL, or when an existing first ACL rule is included in the first ACL but the ID of the existing first ACL rule is not changed. At this time, it may be determined whether there is a second ACL rule having the same name as the created new first ACL rule in the second ACL. When it is determined that there is no second ACL rule having the same name as the new first ACL rule in the second ACL, the new first ACL rule may be added to the second ACL as a new second ACL rule, and the ID of the new second ACL rule may be assigned to be the same as the ID of the new first ACL rule.
Further, when it is determined that there is a second ACL rule having the same name as that of the new first ACL rule in the second ACL, it may be further determined whether the ID of the new first ACL rule is the same as that of the second ACL rule having the same name. When it is determined that the ID of the new first ACL rule is the same as the ID of a second ACL rule having the same name, the new first ACL rule may be exited and synchronized, i.e., not added to the second ACL.
Further, when it is determined that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name, the second ACL rule having the same name (e.g., ID, content, and action) may be modified to be the same as the new first ACL rule (e.g., ID, content, and action).
In addition, an existing first ACL rule in the first ACL may be deleted at the time of configuration. At this time, it may be determined whether there is a second ACL rule having the same name as the deleted first ACL rule in the second ACL. When it is determined that there is no second ACL rule in the second ACL having a name that is the same as the name of the deleted first ACL rule, synchronization can be exited, i.e., the second ACL rule is not deleted. On the other hand, when it is determined that there is a second ACL rule having the same name as that of the deleted first ACL rule in the second ACL, the second ACL rule having the same name may be deleted.
Further, the configuration unit may modify at least one of a name, a content, and an action of the first ACL rule in the first ACL while not changing a position (ID) of the first ACL rule in the first ACL at the time of configuration. At this time, it may be determined whether the name of the second ACL rule in the second ACL is the same as at least one of the name of the modified first ACL rule before modification and the name after modification. When it is determined that the name of the second ACL rule is different from the name of the modified first ACL rule before modification and the name of the modified first ACL rule after modification, it may be determined that the second ACL rule having the same name as the modified first ACL rule does not exist in the second ACL, and the modified first ACL rule may be added to the second ACL to serve as a new second ACL rule. On the other hand, when it is determined that the name of the second ACL rule is identical to one of the name of the modified first ACL rule before modification and the name of the modified first ACL rule after modification, it may be determined that the second ACL rule having the same name as the name of the modified first ACL rule exists in the second ACL, and the name, content, and/or action of the second ACL rule having the same name may be modified to be identical to the name, rule, and/or action of the modified first ACL rule.
Further, the ID of the first ACL rules in the first ACL may be modified at configuration time, i.e., some or all of the existing first ACL rules in the first ACL may be reordered. At this time, it may be determined whether a name of the second ACL rule in the second ACL is the same as a name of the modified first ACL rule, and the ID of the second ACL rule having the same name may be modified to be the same as the ID of the modified first ACL rule when it is determined that the name of the second ACL rule in the second ACL is the same as the name of the modified first ACL rule.
Further, it is possible to modify the ID of the first ACL rule in the first ACL based on the reference first ACL rule in the first ACL when creating a new first ACL rule, that is, to insert the created first ACL rule in a predetermined arrangement position in the first ACL and to change the arrangement order/position (ID) of other existing first ACL rules accordingly. At this time, it may be determined whether or not there is a second ACL rule having the same name as that of the new first ACL rule in the second ACL and whether or not there is a second ACL rule having the same name as that of the reference first ACL rule in the second ACL. When it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, the reference first ACL rule may be added to the second ACL as a reference second ACL rule, and the ID of the reference second ACL rule may be assigned to be the same as that of the reference first ACL rule. Then, the ID of a second ACL rule in the second ACL whose ID is the same as that of the reference second ACL rule and the ID of a second ACL rule whose ID is ordered after that of the reference second ACL rule may be modified to reorder the second ACL rule whose ID is the same as that of the reference second ACL rule and the second ACL rule whose ID is ordered after that of the reference second ACL rule. Finally, the new first ACL rule can be added to the second ACL as a new second ACL rule.
On the other hand, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that the second ACL has a second ACL rule having the same name as that of the reference first ACL rule, it may be determined whether the ID of the second ACL rule having the same name is the same as that of the reference first ACL rule. When it is determined that the ID of the second ACL rule having the same name is the same as the ID of the reference first ACL rule, the second ACL rule having the same ID may be taken as the reference second ACL rule, and the ID of the reference second ACL rule and the ID of the second ACL rule having the ID ordered after the ID of the reference second ACL rule are modified to reorder the reference second ACL rule and the second ACL rule having the ID ordered after the ID of the reference second ACL rule. The new first ACL rule can then be added to the second ACL as a new second ACL rule. Further, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that the second ACL has a second ACL rule having the same name as that of the reference first ACL rule, it is determined whether the ID of the second ACL rule having the same name is the same as that of the reference first ACL rule, and when it is determined that the ID of the second ACL rule having the same name is different from that of the reference first ACL rule, the ID of the second ACL rule having the same name is modified to be the same as that of the reference first ACL rule and to be the reference second ACL rule. Then, as described above, the ID of the second ACL rule in the second ACL whose ID is the same as that of the reference second ACL rule and whose ID is ordered after that of the reference second ACL rule may be modified to reorder the second ACL rule whose ID is the same as that of the reference second ACL rule and the second ACL rule whose ID is ordered after that of the reference second ACL rule, and add the new first ACL rule to the second ACL as a new second ACL rule.
As described above, the ACL of the primary device and the ACL of the secondary device may be synchronized according to the name of the ACL rule, so that the configuration of the ACLs between the primary device and the secondary device may be ensured to be consistent, and the influence on the network after the primary device and the secondary device are switched due to inconsistent device configurations may be reduced.
Further, although not shown in fig. 3, the synchronization method may further include an operation of checking. For example, in the checking operation, it may be determined whether there is a first ACL rule having a name different from that of a second ACL rule in a second ACL of the standby apparatus 30 in the first ACL of the main apparatus 10. When it is determined that there is a first ACL rule in the first ACL whose name is different from that of a second ACL rule in the second ACL, a request for synchronizing an ACL rule whose name does not exist may be sent by the standby device 30 to the main device 10. At this time, the first ACL rule having a different name may be added to the second ACL as a new second ACL rule, and the ID of the new second ACL rule may be assigned to be the same as the ID of the new first ACL rule. In one example, the checking operation may be stopped while the first ACL of the primary device is being configured. For example, the time interval of the inspection operation may be set to 1 day to avoid stress on the equipment from frequent inspections.
Systems, devices, and methods according to example embodiments are described above with reference to fig. 1-3. However, the exemplary embodiments are not limited thereto, and for example, such a method may be implemented by hardware, software, or a combination of hardware and software. Fig. 4 is a schematic block diagram illustrating an electronic device according to an example embodiment. In this exemplary embodiment, the electronic device may include at least one processor 410 and a memory 430. The processor 410 may execute at least one computer readable instruction, i.e., an element described above as being implemented in software, stored or encoded in the memory 430, e.g., a non-volatile computer readable storage medium.
In another exemplary embodiment, computer-executable instructions are stored in the memory 430 that, when executed, cause the at least one processor 410 to implement or perform the methods described above with reference to fig. 3.
It should be appreciated that the non-volatile computer or machine executable instructions stored in the memory 430, when executed, may cause the at least one processor 410 to perform the various operations and functions described in connection with fig. 3 in the various exemplary embodiments.
According to one exemplary embodiment, a program product, such as a non-volatile machine or computer readable medium, is provided. A non-transitory machine or computer readable medium may store instructions, such as the elements described above implemented in software, that when executed by a machine, such as a computer, cause the machine or computer to perform the various operations and functions described above in connection with fig. 3 in the various embodiments.
Some exemplary embodiments have been described above. Nevertheless, it will be understood that various modifications may be made. For example, suitable results may be achieved if the described techniques are performed in a different order and/or if components in a described system, architecture, device, or circuit are combined in a different manner and/or replaced or supplemented by additional components or their equivalents. Accordingly, other embodiments are within the scope of the following claims.

Claims (26)

1. A synchronization apparatus, characterized in that the synchronization apparatus comprises:
a configuration unit configured to configure a first ACL rule in a first access control list ACL of a first server, and create a new first ACL rule at the time of configuration;
and a synchronization unit configured to determine whether a second ACL rule having a name identical to that of the configured first ACL rule exists in a second access control list ACL in the second server, add the new first ACL rule to the second ACL as a new second ACL rule when it is determined that the second ACL rule having the same name as that of the new first ACL rule does not exist in the second ACL, and assign an identification ID of the new second ACL rule to be identical to an identification ID of the new first ACL rule, wherein the identification ID indicates an arrangement order of the ACL rules in the ACL.
2. The synchronization apparatus of claim 1,
the synchronization unit is configured to, when it is determined that there is a second ACL rule having the same name as the new first ACL rule in the second ACL, determine whether the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name, and not to add the new first ACL rule to the second ACL when it is determined that the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name.
3. The synchronization apparatus of claim 2,
the synchronization unit is configured to modify the second ACL rule having the same name to be the same as the new first ACL rule, upon determining that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name.
4. The synchronization apparatus of claim 1,
the configuration unit is configured to delete a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured not to delete the second ACL rule when it is determined that the second ACL rule having the same name as the deleted first ACL rule does not exist in the second ACL, and to delete the second ACL rule having the same name when it is determined that the second ACL rule having the same name as the deleted first ACL rule exists in the second ACL.
5. The synchronization apparatus of claim 1,
the configuration unit is configured to modify at least one of a name, a content, and an action of a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured to determine whether a name of a second ACL rule in the second ACL is the same as at least one of a pre-modification name and a post-modification name of the modified first ACL rule, and determine that a second ACL rule having the same name as the modified first ACL rule does not exist in the second ACL and add the modified first ACL rule to the second ACL as a new second ACL rule when it is determined that the name of the second ACL rule is not the same as both the pre-modification name and the post-modification name of the modified first ACL rule.
6. The synchronization apparatus of claim 5,
the synchronization unit is configured to, when it is determined that the name of the second ACL rule is identical to one of the pre-modification name and the post-modification name of the modified first ACL rule, determine that there is a second ACL rule in the second ACL, the name of which is identical to the name of the modified first ACL rule, and modify the second ACL rule, the name of which is identical, to be identical to the modified first ACL rule.
7. The synchronization apparatus of claim 1,
the configuration unit is configured to modify an ID of a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured to, upon determining that a name of a second ACL rule in the second ACL is identical to a name of the modified first ACL rule, modify an ID of the second ACL rule identical in name to be identical to an ID of the modified first ACL rule.
8. The synchronization apparatus of claim 1,
the configuration unit is configured to modify an ID of a first ACL rule in the first ACL based on a reference first ACL rule in the first ACL when creating a new first ACL rule;
the synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, add the reference first ACL rule to the second ACL as the reference second ACL rule and assign the ID of the reference second ACL rule to be the same as the ID of the reference first ACL rule.
9. The synchronization apparatus of claim 8,
the synchronization unit is configured to modify an ID of a second ACL rule in the second ACL, the ID of the second ACL rule having the same ID as the ID of the reference second ACL rule and an ID of the second ACL rule having an ID ordered after the ID of the reference second ACL rule, to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and the second ACL rule having an ID ordered after the ID of the reference second ACL rule, and to add the new first ACL rule to the second ACL as a new second ACL rule.
10. The synchronization apparatus of claim 8,
the synchronization unit is configured to, when it is determined that a second ACL rule having a name identical to that of the new first ACL rule does not exist in the second ACL and it is determined that the second ACL rule having a name identical to that of the reference first ACL exists, determine whether an ID of the second ACL rule having the same name is identical to that of the reference first ACL rule, and modify the ID of the second ACL rule having the same name to be identical to that of the reference first ACL rule and serve as the reference second ACL rule when it is determined that the ID of the second ACL rule having the same name is different from that of the reference first ACL rule.
11. The synchronization apparatus of claim 1, wherein the synchronization apparatus further comprises:
a checking unit configured to determine whether there is a first ACL rule having a name different from that of a second ACL rule in the second ACL in the first ACL,
wherein, when the check unit determines that there is a first ACL rule having a name different from that of a second ACL rule in the second ACL in the first ACL, the synchronization unit adds the first ACL rule having the different name to the second ACL as a new second ACL rule, and assigns an ID of the new second ACL rule to be the same as an ID of the new first ACL rule.
12. A server system, characterized in that the server system comprises:
a first server;
a second server;
a synchronizing device according to any of claims 1-11, configured to configure a first ACL rule in a first access control list ACL of a first server and synchronize a second ACL in a second server.
13. A method of synchronization, the method comprising:
configuring a first Access Control List (ACL) rule in an ACL of a first server, and creating a new ACL rule during configuration;
and when the second ACL is determined not to exist in the second ACL, the second ACL rule with the same name as the name of the new first ACL rule is added into the second ACL to serve as the new second ACL rule, and the identification ID of the new second ACL rule is distributed to be the same as the identification ID of the new first ACL rule, wherein the identification ID indicates the arrangement sequence of the ACL rules in the ACL.
14. The method of claim 13,
the synchronization unit is configured to, when it is determined that there is a second ACL rule having the same name as the new first ACL rule in the second ACL, determine whether the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name, and not to add the new first ACL rule to the second ACL when it is determined that the ID of the new first ACL rule is the same as the ID of the second ACL rule having the same name.
15. The method of claim 14,
the synchronization unit is configured to modify the second ACL rule having the same name to be identical to the new first ACL rule upon determining that the ID of the new first ACL rule is different from the ID of the second ACL rule having the same name.
16. The method of claim 13,
the configuration unit is configured to delete a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured not to delete the second ACL rule when it is determined that the second ACL rule having the same name as the deleted first ACL rule does not exist in the second ACL, and to delete the second ACL rule having the same name when it is determined that the second ACL rule having the same name as the deleted first ACL rule exists in the second ACL.
17. The method of claim 13,
the configuration unit is configured to modify at least one of a name, a content, and an action of a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured to determine whether a name of a second ACL rule in the second ACL is the same as a name of the modified first ACL rule before the modification and a name of the modified first ACL rule after the modification, and determine that the second ACL rule having the same name as the name of the modified first ACL rule does not exist in the second ACL and add the modified first ACL rule to the second ACL as a new second ACL rule when it is determined that the name of the second ACL rule is not the same as the name of the modified first ACL rule before the modification and the name of the modified first ACL rule after the modification.
18. The method of claim 17,
the synchronization unit is configured to, when it is determined that the name of the second ACL rule is identical to one of the pre-modification name and the post-modification name of the modified first ACL rule, determine that there is a second ACL rule in the second ACL having the same name as the modified first ACL rule, and modify the second ACL rule having the same name to be identical to the modified first ACL rule.
19. The method of claim 13,
the configuration unit is configured to modify an ID of a first ACL rule in the first ACL at the time of configuration;
the synchronization unit is configured to, upon determining that a name of a second ACL rule in the second ACL is identical to a name of the modified first ACL rule, modify an ID of the second ACL rule identical in name to be identical to an ID of the modified first ACL rule.
20. The method of claim 13,
the configuration unit is configured to modify an ID of a first ACL rule in the first ACL based on a reference first ACL rule in the first ACL when creating a new first ACL rule;
the synchronization unit is configured to, when it is determined that there is no second ACL rule having the same name as that of the new first ACL rule in the second ACL and it is determined that there is no second ACL rule having the same name as that of the reference first ACL rule in the second ACL, add the reference first ACL rule to the second ACL as the reference second ACL rule and assign the ID of the reference second ACL rule to be the same as the ID of the reference first ACL rule.
21. The method of claim 20,
the synchronization unit is configured to modify an ID of a second ACL rule in the second ACL, the ID of the second ACL rule having the same ID as the ID of the reference second ACL rule and an ID of the second ACL rule having an ID ordered after the ID of the reference second ACL rule, to reorder the second ACL rule having the same ID as the ID of the reference second ACL rule and the second ACL rule having an ID ordered after the ID of the reference second ACL rule, and to add the new first ACL rule to the second ACL as a new second ACL rule.
22. The method of claim 20,
the synchronization unit is configured to, when it is determined that a second ACL rule having the same name as that of the new first ACL rule does not exist in the second ACL and it is determined that the second ACL rule having the same name as that of the reference first ACL rule exists, determine whether an ID of the second ACL rule having the same name is the same as that of the reference first ACL rule, and modify the ID of the second ACL rule having the same name to be the same as that of the reference first ACL rule and serve as the reference second ACL rule when it is determined that the ID of the second ACL rule having the same name is different from that of the reference first ACL rule.
23. The method of claim 13, further comprising:
a checking unit configured to determine whether there is a first ACL rule having a name different from that of a second ACL rule in the second ACL in the first ACL,
wherein, when the check unit determines that there is a first ACL rule having a name different from that of a second ACL rule in the second ACL in the first ACL, the synchronization unit adds the first ACL rule having the different name to the second ACL as a new second ACL rule, and assigns an ID of the new second ACL rule to be the same as an ID of the new first ACL rule.
24. An electronic device, characterized in that the electronic device comprises:
at least one processor;
a memory coupled to the at least one processor, the memory storing instructions that, when executed by the at least one processor, cause the electronic device to perform the method of any of claims 13-23.
25. A non-transitory machine-readable medium having stored thereon computer-executable instructions that, when executed, cause at least one processor to perform the method of any one of claims 13 to 23.
26. A computer program product comprising computer executable instructions that when executed cause at least one processor to perform the method of any one of claims 13 to 23.
CN202010079210.XA 2020-02-03 2020-02-03 Synchronization device, method and server system Active CN111342995B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010079210.XA CN111342995B (en) 2020-02-03 2020-02-03 Synchronization device, method and server system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010079210.XA CN111342995B (en) 2020-02-03 2020-02-03 Synchronization device, method and server system

Publications (2)

Publication Number Publication Date
CN111342995A CN111342995A (en) 2020-06-26
CN111342995B true CN111342995B (en) 2023-01-24

Family

ID=71186790

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010079210.XA Active CN111342995B (en) 2020-02-03 2020-02-03 Synchronization device, method and server system

Country Status (1)

Country Link
CN (1) CN111342995B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363074B (en) * 2022-01-07 2024-04-16 杭州安恒信息技术股份有限公司 Access control implementation method, device, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5565014B2 (en) * 2010-03-17 2014-08-06 株式会社リコー Database access management system, management method and program
CN104009917B (en) * 2013-02-21 2017-06-16 北京华为数字技术有限公司 The method and apparatus for configuring acl rule
US10083200B2 (en) * 2013-03-14 2018-09-25 Cavium, Inc. Batch incremental update
CN108429628A (en) * 2017-02-13 2018-08-21 中兴通讯股份有限公司 A kind of wireless network configuration method and device
CN107896169B (en) * 2017-12-28 2021-12-24 杭州迪普科技股份有限公司 ACL management method and device

Also Published As

Publication number Publication date
CN111342995A (en) 2020-06-26

Similar Documents

Publication Publication Date Title
KR101838845B1 (en) Techniques for remapping sessions for a multi-threaded application
US10003649B2 (en) Systems and methods to improve read/write performance in object storage applications
US20170293540A1 (en) Failover of application services
CN108964948A (en) Principal and subordinate's service system, host node fault recovery method and device
CN104468521B (en) Online moving method, device and system
US9063905B2 (en) System and method for virtualized shared use environment with dynamic IP address injection
CN101807985B (en) Datacenter centralization control switching method and system
JP2017534133A (en) Distributed storage and replication system and method
US20100299447A1 (en) Data Replication
CN108319618B (en) Data distribution control method, system and device of distributed storage system
CN106919473A (en) A kind of data disaster recovery and backup systems and method for processing business
EP3442201A1 (en) Cloud platform construction method and cloud platform
CN201584980U (en) Data centre centralized control switching system
US9875059B2 (en) Storage system
CN106250228A (en) The method and device that virtual machine entity thermophoresis networking takes over seamlessly
CN106330786A (en) MAC address synchronization method, apparatus and system
US20200228440A1 (en) Information processing method and related device
CN111342995B (en) Synchronization device, method and server system
US8990619B1 (en) Method and systems to perform a rolling stack upgrade
RU2721235C2 (en) Method and system for routing and execution of transactions
CN111400285A (en) MySQ L data fragment processing method, apparatus, computer device and readable storage medium
JP4806382B2 (en) Redundant system
CN114390052B (en) Method and device for realizing ETCD double-node high availability based on VRRP protocol
US20200042393A1 (en) Efficient transfer of copy-on-write snapshots
CN112202601A (en) Application method of two physical node mongo clusters operated in duplicate set mode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant