CN112910751A - Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment - Google Patents

Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment Download PDF

Info

Publication number
CN112910751A
CN112910751A CN202110345271.0A CN202110345271A CN112910751A CN 112910751 A CN112910751 A CN 112910751A CN 202110345271 A CN202110345271 A CN 202110345271A CN 112910751 A CN112910751 A CN 112910751A
Authority
CN
China
Prior art keywords
vpn
vpn device
master
recovery
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110345271.0A
Other languages
Chinese (zh)
Inventor
尚宁
焦小涛
王越
孙文华
王志威
张立强
郑家兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202110345271.0A priority Critical patent/CN112910751A/en
Publication of CN112910751A publication Critical patent/CN112910751A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an anomaly detection and recovery method and device for VPN equipment. The method comprises the following steps: and (3) an abnormality detection process: pre-configuring a master VPN device and a slave VPN device, and allocating corresponding WAN ports and master-slave IP addresses; connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal; when the main VPN device detects the self abnormality, the WAN port of the main VPN device is closed, the main IP address is released, the operation of upgrading the main VPN device to the auxiliary VPN device is informed to be executed, and meanwhile, the operation of degrading the main VPN device to the auxiliary VPN device is executed by the main VPN device; and (3) an exception recovery process: and detecting the states of the VPN equipment and the process in real time, if the states are abnormal, performing self abnormal recovery, otherwise, detecting the state of the opposite-end VPN equipment, and repairing the opposite-end VPN equipment when the state of the opposite-end VPN equipment is abnormal. The invention can quickly respond and timely recover the service request, realize non-inductive switching and ensure the reliability of the service.

Description

Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an anomaly detection and recovery method and apparatus for a VPN device.
Background
For enterprises or organizations, in order to complete internal communication and data access between headquarters, branches and personal networks and ensure data security, an internal local area network is usually built by using VPN equipment, and meanwhile, in order to ensure service reliability and stability, a dual-machine hot-standby scheme is generally used to prevent the problem that the VPN equipment cannot normally access and respond to the service due to an abnormal condition. However, in case that one VPN device is abnormal and cannot access a service request, the standby VPN device faces the problems of fast response, timely recovery of access to a related service request, and non-inductive switching.
Therefore, how to design an anomaly detection and recovery method for the VPN equipment, quickly responding and timely recovering the access of related service requests, realizing non-inductive switching, ensuring the reliability and stability of services, and automatically detecting and repairing the anomaly of the equipment is a problem which is urgently needed to be solved at present.
Disclosure of Invention
The invention provides an anomaly detection and recovery method and device for a VPN (virtual private network) device, aiming at the problem that a standby VPN device cannot quickly respond to related service request access in the traditional dual-machine hot standby scheme.
In one aspect, the present invention provides an anomaly detection and recovery method for a VPN device, including: an abnormality detection process and an abnormality recovery process;
the abnormality detection process includes:
pre-configuring a master VPN device and a slave VPN device, and allocating corresponding WAN ports and master-slave IP addresses;
connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal;
when the main VPN device detects the self abnormality, the WAN port of the main VPN device is closed, the main IP address is released, the auxiliary VPN device is informed to execute the operation of upgrading to the main VPN device, and meanwhile, the main VPN device executes the operation of degrading to the auxiliary VPN device;
the exception recovery process includes:
and detecting the state and the process state of the local-end VPN device in real time, if the local-end VPN device is abnormal, recovering the abnormal state of the local-end VPN device, and otherwise, detecting the state of the opposite-end VPN device, and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal.
Further, the abnormality detection process further includes:
after the slave VPN equipment is started, detecting whether the master VPN equipment is normal or not according to the heartbeat line information and the synchronization information, and if not, executing the operation of upgrading the slave VPN equipment to the master VPN equipment; if the information is normal, only the information synchronization operation is carried out.
Further, the abnormality detection process further includes: and when the master VPN device is detected to be down and the heartbeat line has no response, the slave VPN device is informed to directly seize the master IP address to execute the operation of upgrading the master VPN device.
Further, the real-time detection of the state and the process state of the home-end VPN device, and if there is an abnormality, performing self-abnormality recovery specifically include:
under the condition that network communication is normal, if the network card state of the local VPN equipment is detected to be abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the file integrity check of the local-end VPN equipment is detected to be abnormal, copying the related file through the opposite-end VPN equipment to perform self recovery;
the detecting the state of the opposite-end VPN device and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal specifically includes:
under the condition of abnormal network communication, if the home-end VPN device which normally operates detects that the state of the opposite-end VPN device is abnormal and the opposite-end VPN device cannot complete self abnormal recovery within the preset time, the opposite-end VPN device is restarted for recovery, and if the opposite-end VPN device cannot normally operate after repeated restarting, the abnormal recovery is carried out through a reinstallation system.
Further, the method further comprises: the master VPN device or the slave VPN device can directly reconnect the VPN tunnel and establish a safe communication strategy through the synchronous information, and reconnect and maintain the service session; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
In another aspect, the present invention provides an anomaly detection and recovery apparatus for a VPN device, including: the system comprises a configuration module, a synchronization module, an abnormality detection switching module and an abnormality detection recovery module;
the configuration module is used for pre-configuring the master VPN device and the slave VPN device and distributing corresponding WAN ports and master-slave IP addresses;
the synchronization module is used for connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal;
the abnormality detection switching module is used for closing a WAN port of the main VPN device and releasing a main IP address when the main VPN device detects the abnormality of the main VPN device, informing the auxiliary VPN device of executing the operation of upgrading the main VPN device, and simultaneously executing the operation of degrading the main VPN device into the auxiliary VPN device;
and the abnormality detection recovery module is used for detecting the states of the local-end VPN equipment and the process in real time, performing self abnormality recovery if the states of the local-end VPN equipment and the process are abnormal, otherwise, detecting the state of the opposite-end VPN equipment, and repairing the opposite-end VPN equipment when the state of the opposite-end VPN equipment is abnormal.
Further, the anomaly detection switching module is further configured to:
after the slave VPN equipment is started, detecting whether the master VPN equipment is normal or not according to the heartbeat line information and the synchronization information, and if not, executing the operation of upgrading the master VPN equipment to the master VPN equipment; if the information is normal, only the information synchronization operation is carried out.
Further, the anomaly detection switching module is further configured to:
and when the master VPN device is detected to be down and the heartbeat line has no response, the slave VPN device is informed to directly seize the master IP address to execute the operation of upgrading the master VPN device.
Further, the anomaly detection and recovery module is specifically configured to:
under the condition that network communication is normal, if the network card state of the local VPN equipment is detected to be abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the file integrity check of the local-end VPN equipment is detected to be abnormal, copying the related file through the opposite-end VPN equipment to perform self recovery;
under the condition of abnormal network communication, if the home-end VPN device which normally operates detects that the state of the opposite-end VPN device is abnormal and the opposite-end VPN device cannot complete self abnormal recovery within the preset time, the opposite-end VPN device is restarted for recovery, and if the opposite-end VPN device cannot normally operate after repeated restarting, the abnormal recovery is carried out through a reinstallation system.
Furthermore, the master VPN device or the slave VPN device can directly reconnect the VPN tunnel and establish a secure communication strategy through the synchronous information, and reconnect and maintain the service session; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
The invention has the beneficial effects that:
the invention can ensure quick response and timely recovery of related service request access after equipment switching through information synchronization of the master VPN equipment and the slave VPN equipment, upgrading or degrading switching operation when the abnormity of the VPN equipment is detected, and abnormal recovery of the VPN equipment, thereby realizing non-inductive switching, ensuring the reliability and stability of the service, and automatically detecting and repairing the abnormity of the equipment.
Drawings
Fig. 1 is a schematic flowchart of an anomaly detection and recovery method for VPN equipment according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an abnormality detection and recovery apparatus for VPN devices according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an anomaly detection and recovery method for a VPN device, including: an abnormality detection process and an abnormality recovery process;
the abnormality detection process includes:
pre-configuring a master VPN device and a slave VPN device, and allocating corresponding WAN ports and master-slave IP addresses;
connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal;
when the main VPN device detects the self abnormality, the WAN port of the main VPN device is closed, the main IP address is released, the auxiliary VPN device is informed to execute the operation of upgrading to the main VPN device, and meanwhile, the main VPN device executes the operation of degrading to the auxiliary VPN device;
specifically, in the embodiment of the present invention, whether the primary VPN device is abnormal is mainly detected by detecting the state of the primary VPN device.
The exception recovery process includes:
and detecting the state and the process state of the local-end VPN device in real time, if the local-end VPN device is abnormal, recovering the abnormal state of the local-end VPN device, and otherwise, detecting the state of the opposite-end VPN device, and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal.
On the basis of the above embodiment, the abnormality detection process further includes:
after the slave VPN equipment is started, detecting whether the master VPN equipment is normal or not according to the heartbeat line information and the synchronization information, and if not, executing the operation of upgrading the slave VPN equipment to the master VPN equipment; if the information is normal, only the information synchronization operation is carried out.
Specifically, in the embodiment of the present invention, whether the master VPN device is abnormal is mainly detected by detecting the state of the master VPN device connected to the slave VPN device.
On the basis of the foregoing embodiments, the anomaly detection process further includes: and when the master VPN device is detected to be down and the heartbeat line has no response, the slave VPN device is informed to directly seize the master IP address to execute the operation of upgrading the master VPN device.
On the basis of the foregoing embodiments, as an implementable manner, the detecting a state of the local VPN device and a state of the process in real time, and if there is an abnormality, performing self-abnormality recovery specifically includes:
under the condition that network communication is normal, if the network card state of the local VPN equipment is detected to be abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the file integrity check of the local-end VPN equipment is detected to be abnormal, copying the related file through the opposite-end VPN equipment to perform self recovery;
as an implementable embodiment, the detecting a state of the opposite-end VPN device, and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal specifically includes:
under the condition of abnormal network communication, if the home-end VPN device which normally operates detects that the state of the opposite-end VPN device is abnormal and the opposite-end VPN device cannot complete self abnormal recovery within the preset time, the opposite-end VPN device is restarted for recovery, and if the opposite-end VPN device cannot normally operate after repeated restarting, the abnormal recovery is carried out through a reinstallation system.
As an implementable manner, the master VPN device or the slave VPN device may directly reconnect the VPN tunnel and establish a secure communication policy through the synchronization information, and reconnect and maintain the service session at the same time; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
In practical applications, we typically configure the two VPN servers A, B to be divided into master and slave VPN devices, and the WAN ports of the master and slave VPN devices connected to the ethernet during operation are only started by default by the master VPN server, i.e. external access is only accessible to the internal lan through the master VPN device IP (1.1.1.6). The master VPN server and the slave VPN servers are connected through a physical port (the stability of the connection is ensured), whether the opposite-end VPN equipment normally operates can be known through the heartbeat of the connection and the equipment state interaction, and meanwhile synchronous backup of data can be carried out, wherein the synchronous backup comprises information such as each connection, a session key, a tunnel and the like, so that when the master VPN server is down or abnormal, the backup VPN server can timely take over a corresponding service request, the reliability of data connection is ensured, and meanwhile, the known fault is quickly detected and repaired.
It should be noted that, according to the information such as the key and the service session synchronized by the master and slave VPN devices, the VPN tunnel is immediately reconnected and the security policy rule establishes synchronous interaction, and meanwhile, the service session is reconnected and maintained.
As shown in fig. 2, an embodiment of the present invention further provides an anomaly detection and recovery apparatus for a VPN device, including: the system comprises a configuration module, a synchronization module, an abnormality detection switching module and an abnormality detection recovery module; wherein:
the configuration module is used for pre-configuring the master VPN device and the slave VPN device and distributing corresponding WAN ports and master-slave IP addresses; the synchronization module is used for connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal; the abnormality detection switching module is used for closing a WAN port of the main VPN device and releasing a main IP address when the main VPN device detects the abnormality of the main VPN device, informing the auxiliary VPN device of executing the operation of upgrading the main VPN device, and simultaneously executing the operation of degrading the main VPN device into the auxiliary VPN device; and the abnormality detection recovery module is used for detecting the states of the local-end VPN equipment and the process in real time, performing self abnormality recovery if the states of the local-end VPN equipment and the process are abnormal, otherwise, detecting the state of the opposite-end VPN equipment, and repairing the opposite-end VPN equipment when the state of the opposite-end VPN equipment is abnormal.
On the basis of the above embodiment, the anomaly detection switching module is further configured to detect whether the master VPN device is normal according to heartbeat line information and synchronization information after the slave VPN device is started, and if not, perform an operation of upgrading the master VPN device to a master VPN device; if the information is normal, only the information synchronization operation is carried out.
And the slave VPN equipment is also used for notifying the slave VPN equipment to directly seize the main IP address to execute the operation of upgrading to the main VPN equipment when the downtime of the main VPN equipment is detected and the heartbeat line does not respond.
On the basis of the foregoing embodiments, the anomaly detection recovery module is configured to control the home-end VPN device to perform self-anomaly recovery, and specifically includes:
under the condition that network communication is normal, if the abnormality detection recovery module detects that the network card state of the local VPN equipment is abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the integrity check of the VPN equipment file is detected to be abnormal, copying the related file through opposite equipment to perform self recovery;
the abnormal detection and recovery module is used for recovering the abnormal state of the opposite-end VPN equipment if the abnormal state of the opposite-end VPN equipment is detected through the normally running home-end VPN equipment and the abnormal recovery of the opposite-end VPN equipment cannot be completed within preset time under the condition that network communication is abnormal, and recovering the abnormal state through restarting the opposite-end VPN equipment if the normal running of the opposite-end VPN equipment cannot be completed even after repeated restarting, and recovering the abnormal state through a reinstallation system.
On the basis of the above embodiments, the master VPN device or the slave VPN device may directly reconnect the VPN tunnel and establish a secure communication policy through the synchronization information, and reconnect and maintain the service session at the same time; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An anomaly detection and recovery method for a VPN device, comprising: an abnormality detection process and an abnormality recovery process;
the abnormality detection process includes:
pre-configuring a master VPN device and a slave VPN device, and allocating corresponding WAN ports and master-slave IP addresses;
connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal;
when the main VPN device detects the self abnormality, the WAN port of the main VPN device is closed, the main IP address is released, the auxiliary VPN device is informed to execute the operation of upgrading to the main VPN device, and meanwhile, the main VPN device executes the operation of degrading to the auxiliary VPN device;
the exception recovery process includes:
and detecting the state and the process state of the local-end VPN device in real time, if the local-end VPN device is abnormal, recovering the abnormal state of the local-end VPN device, and otherwise, detecting the state of the opposite-end VPN device, and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal.
2. The anomaly detection and recovery method according to claim 1, wherein said anomaly detection process further comprises:
after the slave VPN equipment is started, detecting whether the master VPN equipment is normal or not according to the heartbeat line information and the synchronization information, and if not, executing the operation of upgrading the slave VPN equipment to the master VPN equipment; if the information is normal, only the information synchronization operation is carried out.
3. The anomaly detection and recovery method according to claim 1, wherein said anomaly detection process further comprises: and when the master VPN device is detected to be down and the heartbeat line has no response, the slave VPN device is informed to directly seize the master IP address to execute the operation of upgrading the master VPN device.
4. The anomaly detection and recovery method according to claim 1, wherein the real-time detection of the state of the local VPN device and the state of the process, and if there is an anomaly, the self-anomaly recovery is performed, specifically including:
under the condition that network communication is normal, if the network card state of the local VPN equipment is detected to be abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the file integrity check of the local-end VPN equipment is detected to be abnormal, copying the related file through the opposite-end VPN equipment to perform self recovery;
the detecting the state of the opposite-end VPN device and repairing the opposite-end VPN device when the state of the opposite-end VPN device is abnormal specifically includes:
under the condition of abnormal network communication, if the home-end VPN device which normally operates detects that the state of the opposite-end VPN device is abnormal and the opposite-end VPN device cannot complete self abnormal recovery within the preset time, the opposite-end VPN device is restarted for recovery, and if the opposite-end VPN device cannot normally operate after repeated restarting, the abnormal recovery is carried out through a reinstallation system.
5. The anomaly detection and recovery method according to claim 1, further comprising: the master VPN device or the slave VPN device can directly reconnect the VPN tunnel and establish a safe communication strategy through the synchronous information, and reconnect and maintain the service session; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
6. An anomaly detection and recovery apparatus for a VPN device, comprising: the system comprises a configuration module, a synchronization module, an abnormality detection switching module and an abnormality detection recovery module;
the configuration module is used for pre-configuring the master VPN device and the slave VPN device and distributing corresponding WAN ports and master-slave IP addresses;
the synchronization module is used for connecting the master VPN device and the slave VPN device through a physical port, and synchronizing information to the slave VPN device through heartbeat lines when the self-checking of the master VPN device is normal;
the abnormality detection switching module is used for closing a WAN port of the main VPN device and releasing a main IP address when the main VPN device detects the abnormality of the main VPN device, informing the auxiliary VPN device of executing the operation of upgrading the main VPN device, and simultaneously executing the operation of degrading the main VPN device into the auxiliary VPN device;
and the abnormality detection recovery module is used for detecting the states of the local-end VPN equipment and the process in real time, performing self abnormality recovery if the states of the local-end VPN equipment and the process are abnormal, otherwise, detecting the state of the opposite-end VPN equipment, and repairing the opposite-end VPN equipment when the state of the opposite-end VPN equipment is abnormal.
7. The apparatus for detecting and recovering from abnormality according to claim 6, wherein said abnormality detection switching module is further configured to:
after the slave VPN equipment is started, detecting whether the master VPN equipment is normal or not according to the heartbeat line information and the synchronization information, and if not, executing the operation of upgrading the master VPN equipment to the master VPN equipment; if the information is normal, only the information synchronization operation is carried out.
8. The apparatus for detecting and recovering from abnormality according to claim 6, wherein said abnormality detection switching module is further configured to:
and when the master VPN device is detected to be down and the heartbeat line has no response, the slave VPN device is informed to directly seize the master IP address to execute the operation of upgrading the master VPN device.
9. The apparatus for anomaly detection and recovery as claimed in claim 6, wherein said anomaly detection and recovery module is specifically configured to:
under the condition that network communication is normal, if the network card state of the local VPN equipment is detected to be abnormal, the equipment self-recovery is carried out by restarting the network card; if the process state is detected to be abnormal, self recovery is carried out by restarting the VPN equipment or reinstalling the system; if the file integrity check of the local-end VPN equipment is detected to be abnormal, copying the related file through the opposite-end VPN equipment to perform self recovery;
under the condition of abnormal network communication, if the home-end VPN device which normally operates detects that the state of the opposite-end VPN device is abnormal and the opposite-end VPN device cannot complete self abnormal recovery within the preset time, the opposite-end VPN device is restarted for recovery, and if the opposite-end VPN device cannot normally operate after repeated restarting, the abnormal recovery is carried out through a reinstallation system.
10. The anomaly detection and recovery apparatus of claim 6, wherein said master or slave VPN device can directly reconnect VPN tunnels and establish secure communication policies through synchronization information while reconnecting and maintaining traffic sessions; wherein, the synchronization information between the master VPN device and the slave VPN device includes key information, service session information and device information;
after the master VPN device is recovered abnormally, if the normal running state of the slave VPN device is detected through heartbeat lines, the service session of the slave VPN device is continuously maintained, and the device upgrading or degrading operation is not executed any more.
CN202110345271.0A 2021-03-31 2021-03-31 Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment Withdrawn CN112910751A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110345271.0A CN112910751A (en) 2021-03-31 2021-03-31 Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110345271.0A CN112910751A (en) 2021-03-31 2021-03-31 Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment

Publications (1)

Publication Number Publication Date
CN112910751A true CN112910751A (en) 2021-06-04

Family

ID=76109662

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110345271.0A Withdrawn CN112910751A (en) 2021-03-31 2021-03-31 Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment

Country Status (1)

Country Link
CN (1) CN112910751A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114750774A (en) * 2021-12-20 2022-07-15 广州汽车集团股份有限公司 Safety monitoring method and automobile
CN116915838A (en) * 2023-09-14 2023-10-20 深圳市智慧城市科技发展集团有限公司 State maintenance method for virtual private network, terminal equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114750774A (en) * 2021-12-20 2022-07-15 广州汽车集团股份有限公司 Safety monitoring method and automobile
CN116915838A (en) * 2023-09-14 2023-10-20 深圳市智慧城市科技发展集团有限公司 State maintenance method for virtual private network, terminal equipment and storage medium
CN116915838B (en) * 2023-09-14 2024-01-05 深圳市智慧城市科技发展集团有限公司 State maintenance method for virtual private network, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
US11323307B2 (en) Method and system of a dynamic high-availability mode based on current wide area network connectivity
US9684574B2 (en) Method and system for implementing remote disaster recovery switching of service delivery platform
CN112181660A (en) High-availability method based on server cluster
EP2426827A1 (en) Method and network system for implementing user port orientation in multi-machine backup scenario of broadband remote access server
CN112910751A (en) Method and device for detecting and recovering abnormity of VPN (virtual private network) equipment
WO2016058307A1 (en) Fault handling method and apparatus for resource
CN103532753B (en) A kind of double hot standby method of synchronization of skipping based on internal memory
CN111385107B (en) Main/standby switching processing method and device for server
CN104980524A (en) Method for monitoring failure of weblogic connection pool
CN105550012A (en) Method for custom recovery of malfunctioning virtual machine
CN101873223A (en) N+M service backup mechanism based on IP switching
CN104113428A (en) Apparatus management device and method
CN103490914A (en) Switching system and switching method for multi-machine hot standby of network application equipment
CN104079442A (en) Real-time Ethernet based redundancy control device, as well as device redundancy system and method
CN104484243A (en) High-reliability system device and method combining virtual machine fault-tolerant technique and high-availability cluster technique
US8935564B2 (en) Method for backing up user information and apparatus in standby service node for backing up user information
CN112650620B (en) Dual-computer cold backup autonomous redundancy method with master-slave relation
CN117240694A (en) Method, device and system for switching active and standby hot standby based on keepaled
CN103297279A (en) Switching method of main and backup single disks of software control in multi-software process system
CN117435405A (en) Dual hot standby and failover system and method
US8176526B1 (en) Configurable redundant security device failover
CN105049238A (en) Redundancy backup method and equipment for LTE (Long Term Evolution) gateway equipment exchange subsystem
JP5285044B2 (en) Cluster system recovery method, server, and program
US10645163B2 (en) Site-aware cluster management
CN114840495A (en) Database cluster split-brain prevention method, storage medium and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210604

WW01 Invention patent application withdrawn after publication