CN113595802A - Upgrading method and device of distributed firewall - Google Patents
Upgrading method and device of distributed firewall Download PDFInfo
- Publication number
- CN113595802A CN113595802A CN202110910690.4A CN202110910690A CN113595802A CN 113595802 A CN113595802 A CN 113595802A CN 202110910690 A CN202110910690 A CN 202110910690A CN 113595802 A CN113595802 A CN 113595802A
- Authority
- CN
- China
- Prior art keywords
- board card
- control board
- mirror image
- local
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000012545 processing Methods 0.000 claims description 5
- 230000003993 interaction Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000008569 process Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/656—Updates while running
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
- H04L41/0836—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability to enhance reliability, e.g. reduce downtime
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Abstract
The invention discloses an upgrading method and device of a distributed firewall. The upgrading method comprises the following steps: the method comprises the steps that a mirror image control board card is synchronously configured according to configuration parameters based on a local control board card, and a mirror image service board card is synchronously configured according to the configuration parameters of the local service board card, wherein the mirror image control board card and the mirror image service board card are constructed in advance, then a preemption instruction is issued to the mirror image control board card by the local control board card, the preemption instruction is used for indicating the mirror image control board card to preempt a main control board card which becomes the distributed firewall, and then after the mirror image control board card preempts the main control board card which becomes the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over service flow of the distributed firewall so as to finish upgrading operation. The invention solves the technical problem that the service cannot be continuously protected when the virtualization distributed firewall is upgraded in the related technology.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to an upgrading method and device of a distributed firewall.
Background
In recent years, cloud computing is becoming a strategic focus of development of the information technology industry, and more cloud devices are provided, so that more and more application scenarios for performing security protection on the cloud devices by using a virtualized distributed firewall are provided.
In the related art, a virtualized distributed firewall architecture is shown in fig. 1, where a cloud management platform in the prior art: managing cloud equipment for a unified management platform of data center resources; managing and controlling the board card: the system is responsible for life cycle management of the whole distributed firewall and interaction with the cloud platform, and provides a uniform configuration entrance and configuration issue of the firewall; a service board card: is responsible for handling traffic on the various hosts based on policy. And all boards (control board and service board) exist in the form of virtual machines.
As shown in fig. 2, in the prior art, the step of upgrading the virtualized distributed firewall includes: starting upgrading; uploading the mirror image to a cloud platform; stopping drainage to the virtualized distributed firewall, and losing the protection of the firewall by the service virtual machine (corresponding to stopping drainage and stopping service protection in fig. 2); closing the old virtualized distributed firewall; creating a new virtualized distributed firewall; copying a data disk of the old firewall virtual machine to a new firewall; deleting the old virtualized distributed firewall; powering on the new virtualized distributed firewall (including powering back on all virtual machines of the new virtualized distributed firewall); and if any failure or abnormality occurs in the upgrading process, entering an upgrading failure rollback mode. As shown in fig. 3, before the distributed firewall is upgraded, the first virtual machine VM1 indicated by the old virtualized distributed firewall is connected to the physical network card 1 through the service board, and then is connected to the physical network card 2 through the switch to access the traffic of the second virtual machine VM2, where an access route is represented by a solid line; during the upgrade process of the distributed firewall, the VM1 is directly connected to the physical network card 1, and then is connected to the physical network card 2 through the switch to access the traffic of the VM2, where the access route is represented by a dotted line.
Therefore, when the existing virtualized distributed firewall is upgraded, drainage needs to be stopped temporarily, the firewall is closed, otherwise normal communication of the service is affected, so in the upgrading process, the service loses protection of the firewall and has the disadvantage of potential safety hazard, and meanwhile, if an alg (application Layer gateway) service, such as FTP (file Transfer protocol), exists in the environment protected by the firewall, when the upgraded firewall is on-line, the data channel of the FTP is interrupted. Therefore, for cloud equipment with uninterrupted service, an upgrade scheme is needed to make the virtualized distributed firewall smoother and more reliable during upgrade.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides an upgrading method and device of a distributed firewall, which are used for at least solving the technical problem that the service cannot be continuously protected when a virtualized distributed firewall is upgraded in the related technology.
According to an aspect of the embodiments of the present invention, there is provided a method for upgrading a distributed firewall, where the distributed firewall includes: the upgrading method comprises the following steps that a local control board card and a local service board card are used, the local control board card is responsible for life cycle management of the distributed firewall and interaction with a cloud platform, the local service board card is responsible for processing service flow on each host, and the upgrading method comprises the following steps: synchronously configuring a mirror image management and control board card based on the configuration parameters of the local management and control board card, and synchronously configuring a mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image management and control board card and the mirror image service board card are constructed in advance; the local control board card issues a preemption instruction to the mirror image control board card, wherein the preemption instruction is used for indicating the mirror image control board card to preempt to become a main control board card of the distributed firewall; and after the mirror image control board card is seized to become the main control board card of the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to finish upgrading operation.
Optionally, before synchronously configuring the mirror image management and control board card based on the configuration parameters of the local management and control board card and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, the upgrading method further includes: controlling the local control board card to enter an upgrading mode; checking whether a local control board card and the local service board card are both in a normal state; if the local control board card and the local service board card are confirmed to be in normal states, the local control board card selects a local available node; selecting a target available node corresponding to the local available node; adopting the target available node to construct a mirror image control board card corresponding to the local control board card; and constructing a mirror image service board card corresponding to the local service board card by adopting the target available node.
Optionally, after the target available node is adopted to construct a mirror service board corresponding to the local service board, the upgrade method further includes: copying all data of a data disk in a local control board card to a mirror image control board card; and after the copying is finished, starting the mirror image management and control board card.
Optionally, the configuration parameters of the local management and control board card include at least one of: a sub-interface, a security domain and a policy of the firewall; the configuration parameters of the local service board card include at least one of the following: session table, mac table, arp table.
Optionally, the step of preempting the mirror image management and control board card to become the master control board card of the distributed firewall includes: adjusting the available weight parameter of the mirror image control board card to a target weight value; controlling the local control board card to become a standby board card based on the target weight value; and based on the target weight value, controlling the mirror image control board card to preempt to become a main control board card of the distributed firewall.
Optionally, after the mirror image management and control board preempts to become the master control board of the distributed firewall, the upgrading method further includes: the mirror image management and control board card informs mirror image service board cards in all target available nodes to start flow interfaces; and the local control board card informs the local service board cards in all the local available nodes to close the flow interfaces.
Optionally, after the mirror image management and control board is used to control the mirror image service board to take over the service traffic of the distributed firewall, the upgrading method further includes: closing and deleting all local service board cards; updating the configuration related to the service of the local available node in the mirror image management and control board card to the board card of the target available node; and after the upgrading operation is completed, deleting the local management and control board card.
Optionally, the local management and control board corresponds to one or more local service boards.
Optionally, the local management and control board and the local service board both exist in the form of virtual machines.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for upgrading a distributed firewall, where the distributed firewall includes: local management and control integrated circuit board and local business integrated circuit board, local management and control integrated circuit board is responsible for distributed firewall's life cycle management and interacts with the cloud platform, the business flow on each host computer is responsible for handling to the local business integrated circuit board, the upgrading device includes: the synchronization unit is used for synchronously configuring the mirror image management and control board card based on the configuration parameters of the local management and control board card and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image management and control board card and the mirror image service board card are constructed in advance; a sending unit, configured to issue a preemption instruction to the mirror image control board by the local control board, where the preemption instruction is used to instruct the mirror image control board to preempt as a master control board of the distributed firewall; and the control unit is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to finish upgrading operation after the mirror image control board card occupies to become the master control board card of the distributed firewall.
Optionally, the upgrade apparatus further includes: the first control module is used for controlling the local control board card to enter an upgrading mode before the mirror image control board card is synchronously configured based on the configuration parameters of the local control board card and the mirror image service board card is synchronously configured based on the configuration parameters of the local service board card; the first checking module is used for checking whether the local control board card and the local service board card are in normal states; the first selection module is used for selecting a local available node by the local control board card if the local control board card and the local service board card are both confirmed to be in a normal state; the first selection module is used for selecting a target available node corresponding to the local available node; the first construction module is used for constructing a mirror image control board card corresponding to the local control board card by adopting the target available node; and the second construction module is used for constructing the mirror image service board card corresponding to the local service board card by adopting the target available node.
Optionally, the upgrade apparatus further includes: the first copy module is used for copying all data of a data disk in the local management and control board card to the mirror image management and control board card after the mirror image service board card corresponding to the local service board card is constructed by adopting the target available node; and the first starting module is used for starting the mirror image management and control board card after the copying is finished.
Optionally, the configuration parameters of the local management and control board card include at least one of: a sub-interface, a security domain and a policy of the firewall; the configuration parameters of the local service board card include at least one of the following: session table, mac table, arp table.
Optionally, the sending unit includes: the first adjusting module is used for adjusting the available weight parameter of the mirror image management and control board card to a target weight value; the second control module is used for controlling the local control board card to become a standby board card based on the target weight value; and the third control module is used for controlling the mirror image control board card to preempt to become the main control board card of the distributed firewall based on the target weight value.
Optionally, the upgrade apparatus further includes: the first notification module is used for notifying the mirror image management and control board cards of all target available nodes to start a flow interface after the mirror image management and control board cards seize to become a main control board card of the distributed firewall; and the second notification module is used for notifying the local service board card in all the local available nodes of closing the flow interface by the local control board card.
Optionally, the upgrade apparatus further includes: the first closing module is used for closing and deleting all local service board cards after the mirror image management and control board card is used for controlling the mirror image service board cards to take over the service flow of the distributed firewall; the first updating module is used for updating the configuration related to the service of the local available node in the mirror image management and control board card to the board card of the target available node; and the first deleting module is used for deleting the local management and control board card after the upgrading operation is completed.
Optionally, the local management and control board corresponds to one or more local service boards.
Optionally, the local management and control board and the local service board both exist in the form of virtual machines.
In the embodiment of the invention, the mirror image control board card is synchronously configured by adopting the configuration parameters based on the local control board card, and the mirror image service board card is synchronously configured by adopting the configuration parameters based on the local service board card, wherein the mirror image control board card and the mirror image service board card are constructed in advance, then the local control board card issues a preemption instruction to the mirror image control board card, the preemption instruction is used for indicating the mirror image control board card to preempt to be the main control board card of the distributed firewall, and then the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall after the mirror image control board card is preempted to be the main control board card of the distributed firewall so as to complete the upgrading operation. In the embodiment, by synchronizing the configuration parameters of the local board card and the mirror image board card, the mirror image board card takes over the service flow of the local board card, so that continuous safety protection is provided in the upgrading process of the virtualized distributed firewall, and the technical problem that the service cannot be continuously protected when the virtualized distributed firewall is upgraded in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a virtualized distributed firewall architecture of the prior art;
FIG. 2 is a flow chart of a method for upgrading a distributed firewall in the prior art;
FIG. 3 is a schematic diagram of a virtual machine flow of the prior art;
fig. 4 is a flowchart of an alternative method for upgrading a distributed firewall according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a virtualized distributed firewall upgrade architecture, according to an embodiment of the invention;
FIG. 6 is a diagrammatic representation of virtual machine traffic in accordance with an embodiment of the present invention;
fig. 7 is a flowchart of an alternative method for upgrading a distributed firewall according to an embodiment of the invention;
fig. 8 is a schematic diagram of an upgrade apparatus for a distributed firewall according to an embodiment of the present invention;
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be described below in a clear and complete manner by combining with the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
To facilitate understanding of the invention by those skilled in the art, some terms or nouns referred to in the embodiments of the invention are explained below:
cmp (cloud Management platform), a cloud Management platform, which is a unified Management platform for data center resources.
Alg (application Layer gateway), application Layer gateway, allows for the secure detection of legitimate application data through firewalls.
Ftp (file Transfer protocol), file Transfer protocol, is one of the protocols in the TCP/IP suite.
The embodiment of the invention can be applied to various distributed firewalls deployed on a data center, such as a distributed firewall deployed on a certain bank data center, a distributed firewall deployed on a certain hospital data center and the like which need to continuously protect data or a distributed firewall of which the service cannot be disturbed. The upgrading method of the distributed firewall without interrupting service protection provided by the embodiment of the invention can ensure that the firewall still protects the service of the client in the upgrading process, and the ALG service protected by the distributed firewall is not interrupted in the upgrading process of the firewall, so that the service of the client is disturbed to zero.
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for upgrading a distributed firewall, where the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions, and where a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that described herein.
The distributed firewall related in the embodiment of the present invention may include: the system comprises a local control board card and a local service board card, wherein the local control board card is responsible for life cycle management of the distributed firewall and interaction with the cloud platform, and the local service board card is responsible for processing service flow on each host. The local control board card can also provide a uniform configuration inlet and configuration issue of the firewall, all the board cards in the embodiment of the invention can exist in a virtual machine form, and the local control board card and the local service board card both exist in a virtual machine form.
Example one
Fig. 4 is a flowchart of an optional upgrading method for a distributed firewall according to an embodiment of the present invention, as shown in fig. 4, the method includes the following steps:
step S102, synchronously configuring a mirror image control board card based on the configuration parameters of the local control board card, and synchronously configuring a mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image control board card and the mirror image service board card are constructed in advance.
And step S104, the local control board card issues a preemption instruction to the mirror image control board card, wherein the preemption instruction is used for indicating the mirror image control board card to preempt to become a main control board card of the distributed firewall.
And step S106, after the mirror image control board card is preempted to become the main control board card of the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to complete the upgrading operation.
Through the steps, the mirror image control board card can be synchronously configured according to the configuration parameters based on the local control board card, the mirror image service board card is synchronously configured according to the configuration parameters based on the local service board card, wherein the mirror image control board card and the mirror image service board card are pre-constructed, then the local control board card issues a preemption instruction to the mirror image control board card, the preemption instruction is used for indicating the mirror image control board card to preempt a main control board card which becomes the distributed firewall, and then after the mirror image control board card preempts the main control board card which becomes the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to complete the upgrading operation. In the embodiment, by synchronizing the configuration parameters of the local board card and the mirror image board card, the mirror image board card takes over the service flow of the local board card, so that continuous safety protection is provided in the upgrading process of the virtualized distributed firewall, and the technical problem that the service cannot be continuously protected when the virtualized distributed firewall is upgraded in the related technology is solved.
The following describes embodiments of the present invention in detail with reference to the respective steps.
Step S102, synchronously configuring a mirror image control board card based on the configuration parameters of the local control board card, and synchronously configuring a mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image control board card and the mirror image service board card are constructed in advance.
In the embodiment of the present invention, as shown in fig. 5, the local board card may be divided into a management control board card _0 and a service board card _0, where the service board card _0 may have a plurality of, for example, service board cards _0_1, service board cards _0_2, and service board cards _0_ 3; the mirror image board card may be divided into a management and control board card _1 and a service board card _1, where the service board card _1 may have a plurality of, for example, the service board card _1_1, the service board card _1_2, and the service board card _1_ 3. The local board card and the pre-constructed mirror image board card can form an HA (High availability) and Active-Passive (Active-Passive, that is, the servers are consistent and stand-by with each other) working mode, the local board card is the main board card, and the mirror image board card is the standby board card.
As shown in fig. 6, before the distributed firewall is upgraded, the VM1 is connected to the physical network card 1 through the service board card _0_1, and then is connected to the physical network card 2 through the switch to access the flow of the VM2, where an access route is represented by a solid line; in the upgrading process of the distributed firewall, the VM1 is connected with the physical network card 1 through the service board card _1_1, then is connected with the physical network card 2 through the switch to access the traffic of the VM2, the access route is indicated by a dotted line, and the mirror image board card does not forward the traffic during the normal work of the local board card.
Optionally, before synchronously configuring the mirror image management and control board card based on the configuration parameters of the local management and control board card and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, the upgrading method further includes: controlling a local control board card to enter an upgrading mode; checking whether the local control board card and the local service board card are in normal states; if the local control board card and the local service board card are confirmed to be in normal states, the local control board card selects a local available node; selecting a target available node corresponding to the local available node; constructing a mirror image control board card corresponding to the local control board card by adopting the target available node; and constructing a mirror image service board card corresponding to the local service board card by adopting the target available node.
In the embodiment of the invention, when a local control board card enters an upgrade state, whether the local board card and a mirror image board card are in a normal state is checked, if the local control board card is in the normal state, the local control board card selects a high available node ID, and a new high available node ID is used to establish the control board card and the service board card, for example, the control board card _0 and the service board card _0 represent the high available node ID of an old board card, the control board card _1 and the service board card _1 represent the high available node ID of a new board card, the control board card _1 is used to establish the mirror image control board card corresponding to the local control board card, and the service board card _1 is used to establish the mirror image service board card corresponding to the local service board card.
Optionally, after the target available node is used to construct the mirror service board corresponding to the local service board, the upgrade method further includes: copying all data of a data disk in a local control board card to a mirror image control board card; and after the copying is finished, starting the mirror image management and control board card.
In the embodiment of the invention, the data disk of the control board card _0 is copied to the control board card _1, the control board card _1 is started, the configuration of the control board card cannot be changed in the upgrading process, after the control board card _1 is started, and after the control board card _1 and the control board card _0 negotiate to be standby, the configuration cold synchronization is started, including the sub-interface, the security domain, the policy and the like of the firewall, after the cold synchronization is completed, the configuration of the control board card _1 and the control board card _0 is consistent, during the cold synchronization of the control board card _1 and the control board card _0, the control board card _0 queries the cold synchronization state at regular time, after the cold synchronization is completed, the control board card _0 powers on one service board card _1 at intervals (for example, 5 seconds), waits for all the service card _1 to be started, and completes the cold synchronization (this step is performed continuously in real time, the synchronization content includes a session table, the MAC table (the physical address table of the board card through which the switch forwards the data frame, after receiving the data frame, the switch records the source MAC address in the data frame and the corresponding interface into the MAC table), and the arp table (records the corresponding relationship between the IP address and the MAC address of the host), etc. the MAC table is changed into a working state.
Optionally, the configuration parameter of the local management and control board card includes at least one of the following: a sub-interface, a security domain and a policy of the firewall; the configuration parameters of the local service board card comprise at least one of the following parameters: session table, mac table, arp table.
And step S104, the local control board card issues a preemption instruction to the mirror image control board card, wherein the preemption instruction is used for indicating the mirror image control board card to preempt to become a main control board card of the distributed firewall.
In the embodiment of the invention, the control board card _0 issues the preemption command to the control board card _1 to wait for the control board card _1 to complete the preemption action, and since the preemption occurs after all the cold synchronization is completed, the business of the user is not affected after the preemption.
Optionally, the step of preempting the mirror image management and control board card to become the master control board card of the distributed firewall includes: adjusting the available weight parameter of the mirror image control board card to a target weight value; controlling the local control board card to be a standby board card based on the target weight value; and based on the target weight value, controlling the mirror image management and control board card to preempt to become a main control board card of the distributed firewall.
In the embodiment of the present invention, a weight parameter (for example, the weight is 80) of the control board _1 is set, and the control board _1 is notified to start preemption, after the control board _1 is mainly preempted, the control board _1 notifies all the service board _1 to turn on interfaces, and meanwhile, when the control board _0 becomes standby, the control board _0 (main) notifies all the service board _0 to turn off the interfaces, so that preemption is completed.
And step S106, after the mirror image control board card is preempted to become the main control board card of the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to complete the upgrading operation.
In the embodiment of the present invention, after the management and control board card _1 completes the preemption action, the service board card _1 takes over the service traffic.
Optionally, after the mirror image management and control board seizes to become the master control board of the distributed firewall, the upgrading method further includes: the mirror image management and control board card informs mirror image service board cards in all target available nodes to start flow interfaces; and the local control board card informs the local service board cards in all the local available nodes to close the flow interfaces.
In the embodiment of the present invention, after the management and control board card _1 is mainly seized, the management and control board card _1 notifies all the service board cards _1 to turn on the interfaces, and meanwhile, after the management and control board card _0 becomes standby, the management and control board card _0 (main) notifies all the service board cards _0 to turn off the interfaces.
Optionally, after the mirror image management and control board is used to control the mirror image service board to take over the service traffic of the distributed firewall, the upgrading method further includes: closing and deleting all local service board cards; updating the configuration related to the service of the local available node in the mirror image management and control board card to the board card of the target available node; and after the upgrading operation is completed, deleting the local management and control board card.
In the embodiment of the present invention, after the service board card _1 takes over the service traffic, all the service board cards _0 are closed and deleted, the configurations related to the old board card in the control board card _1 are all updated to the new board card, and after the upgrade is completed, the control board card _0 is deleted.
Optionally, the local management and control board corresponds to one or more local service boards.
The upgrading method of the distributed firewall provided by the embodiment of the invention can ensure that the virtualized distributed firewall still protects the service of the client in the upgrading process, and simultaneously can ensure that the ALG service protected by the virtualized distributed firewall is not interrupted in the firewall upgrading process and the service of the client is disturbed to zero.
Example two
In this embodiment, a virtualization distributed firewall upgrade scheme is used to solve the existing disadvantages: when the virtualized distributed firewall is upgraded, drainage needs to be stopped temporarily, the firewall is closed, otherwise normal communication of the service is affected, so that during upgrading, the service loses protection of the firewall, potential safety hazards exist, and if an ALG service exists in an environment protected by the firewall, such as FTP, when a new firewall is on line, a data channel of the FTP is interrupted. Fig. 7 is a flowchart of another optional method for upgrading a distributed firewall according to an embodiment of the present invention, as shown in fig. 7, where the step of completing the cold synchronization is completed independently of other steps, and the specific steps are as follows:
starting upgrading: starting upgrading, and enabling the control board card to enter an upgrading state;
and (4) checking: checking whether the local board card and the mirror image board card are in a normal state;
preparing: selecting a high available node ID by a local control board card, establishing the control board card and a service board card by using a new high available node ID, for example, the control board card _0 and the service board card _0 represent the high available node ID of an old board card, the control board card _1 and the service board card _1 represent the high available node ID of a new board card, establishing a mirror image control board card corresponding to the local control board card by using the control board card _1, and establishing a mirror image service board card corresponding to the local service board card by using the service board card _1
Copying: copying a data disc of the control board card _0 to the control board card _1, starting the control board card _1, and in the upgrading process, not changing the configuration of the control board card;
cold synchronization: after the control board card _1 is started, after the control board card _1 and the control board card _0 negotiate to become standby, the configuration cold synchronization is started, meanwhile, the control board card _0 queries the cold synchronization state at regular time, and after the cold synchronization is found to be completed, the next stage is started;
electrifying: the control board card _0 is electrified with a service board card _1 every 5 seconds;
and (3) completing cold synchronization: waiting for all the service board cards _1 to be started and changing into a working state after cold synchronization is completed;
waiting for preemption: issuing a preemption command to a control board card _1 through a control board card _0, waiting for the control board card _1 to finish a preemption action, and taking over flow forwarding by a service board card _ 1;
and (3) deleting: closing and deleting all the service board cards _ 0;
updating the configuration: updating the configurations related to the old board card in the control board card _1 into a new board card;
termination or error: if the above steps are terminated or wrong, the upgrade fails to roll back, and the process is finished;
and (3) finishing upgrading: and after the upgrade is finished, deleting the management and control board card _ 0.
The upgrading scheme of the virtualized distributed firewall provided by the embodiment of the invention has the following beneficial effects:
(1) the virtualization distributed firewall can still protect the service of the client in the upgrading process;
(2) the method can ensure that the ALG service protected by the virtualized distributed firewall is not interrupted in the upgrading process of the firewall, and the service of a client is disturbed to zero.
The invention is illustrated below by means of a further alternative embodiment.
EXAMPLE III
The upgrade apparatus for a distributed firewall provided in this embodiment includes a plurality of implementation units, and each implementation unit corresponds to each implementation step in the first embodiment.
Fig. 8 is a schematic diagram of an upgrading apparatus of a distributed firewall according to an embodiment of the present invention, as shown in fig. 8, the upgrading apparatus may include: a synchronization unit 80, a transmission unit 82, a control unit 84, wherein,
a synchronization unit 80, configured to synchronously configure the mirror image management and control board card based on the configuration parameter of the local management and control board card, and configured to synchronously configure the mirror image service board card based on the configuration parameter of the local service board card, where the mirror image management and control board card and the mirror image service board card are pre-constructed;
the sending unit 82 is configured to issue a preemption instruction to the mirror image control board card by the local control board card, where the preemption instruction is used to instruct the mirror image control board card to preempt as a main control board card of the distributed firewall;
and the control unit 84 is configured to, after the mirror image management and control board seizes to become the main control board of the distributed firewall, control the mirror image service board to take over the service flow of the distributed firewall by using the mirror image management and control board, so as to complete the upgrade operation.
The upgrading device of the distributed firewall can be used for synchronously configuring the mirror image control board card based on the configuration parameters of the local control board card through the synchronization unit 80 and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image control board card and the mirror image service board card are pre-constructed, then the local control board card issues a preemption instruction to the mirror image control board card through the sending unit 82, the preemption instruction is used for indicating the mirror image control board card to preempt to be the main control board card of the distributed firewall, and then after the mirror image control board card is preempted to be the main control board card of the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall through the control unit 84 so as to complete upgrading operation. In the embodiment, by synchronizing the configuration parameters of the local board card and the mirror image board card, the mirror image board card takes over the service flow of the local board card, so that continuous safety protection is provided in the upgrading process of the virtualized distributed firewall, and the technical problem that the service cannot be continuously protected when the virtualized distributed firewall is upgraded in the related technology is solved.
Optionally, the upgrading apparatus further includes: the first control module is used for controlling the local control board card to enter an upgrading mode before the mirror image control board card is synchronously configured based on the configuration parameters of the local control board card and the mirror image service board card is synchronously configured based on the configuration parameters of the local service board card; the first checking module is used for checking whether the local control board card and the local service board card are in normal states; the first selection module is used for selecting a local available node by the local control board card if the local control board card and the local service board card are confirmed to be in normal states; the first selection module is used for selecting a target available node corresponding to the local available node; the first construction module is used for constructing a mirror image control board card corresponding to the local control board card by adopting the target available node; and the second construction module is used for constructing the mirror image service board card corresponding to the local service board card by adopting the target available node.
Optionally, the upgrading apparatus further includes: the first copy module is used for copying all data of a data disk in the local control board card to the mirror image control board card after the mirror image service board card corresponding to the local service board card is constructed by adopting the target available node; and the first starting module is used for starting the mirror image management and control board card after the copying is finished.
Optionally, the configuration parameter of the local management and control board card includes at least one of the following: a sub-interface, a security domain and a policy of the firewall; the configuration parameters of the local service board card comprise at least one of the following parameters: session table, mac table, arp table.
Optionally, the sending unit includes: the first adjusting module is used for adjusting the available weight parameter of the mirror image management and control board card to a target weight value; the second control module is used for controlling the local control board card to become a standby board card based on the target weight value; and the third control module is used for controlling the mirror image control board card to preempt to become the main control board card of the distributed firewall based on the target weight value.
Optionally, the upgrading apparatus further includes: the first notification module is used for notifying the mirror image management and control board cards of all target available nodes to start flow interfaces after the mirror image management and control board cards seize to become the main control board cards of the distributed firewall; and the second notification module is used for notifying the local service board card in all the local available nodes of closing the flow interface by the local control board card.
Optionally, the upgrading apparatus further includes: the first closing module is used for closing and deleting all local service board cards after the mirror image management and control board cards are used for controlling the mirror image service board cards to take over the service flow of the distributed firewall; the first updating module is used for updating the configuration related to the service of the local available node in the mirror image management and control board card to the board card of the target available node; and the first deleting module is used for deleting the local management and control board card after the upgrading operation is completed.
Optionally, the local management and control board corresponds to one or more local service boards.
Optionally, the local management and control board and the local service board both exist in the form of virtual machines.
The upgrading device of the distributed firewall further comprises a processor and a memory, wherein the synchronization unit 80, the sending unit 82, the control unit 84 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls a corresponding program unit from the memory. The kernel can be set to be one or more than one, and the kernel parameters are adjusted to control the mirror image service board to take over the service flow of the distributed firewall so as to complete the upgrading operation.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps that a mirror image control board card is synchronously configured based on configuration parameters of a local control board card, and a mirror image service board card is synchronously configured based on the configuration parameters of the local service board card, wherein the mirror image control board card and the mirror image service board card are constructed in advance, then a preemption instruction is issued to the mirror image control board card by the local control board card, the preemption instruction is used for indicating the mirror image control board card to preempt a main control board card which becomes the distributed firewall, and then after the mirror image control board card preempts the main control board card which becomes the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over service flow of the distributed firewall so as to finish upgrading operation.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A method for upgrading a distributed firewall, the distributed firewall comprising: the upgrading method comprises the following steps that a local control board card and a local service board card are used, the local control board card is responsible for life cycle management of the distributed firewall and interaction with a cloud platform, the local service board card is responsible for processing service flow on each host, and the upgrading method comprises the following steps:
synchronously configuring a mirror image management and control board card based on the configuration parameters of the local management and control board card, and synchronously configuring a mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image management and control board card and the mirror image service board card are constructed in advance;
the local control board card issues a preemption instruction to the mirror image control board card, wherein the preemption instruction is used for indicating the mirror image control board card to preempt to become a main control board card of the distributed firewall;
and after the mirror image control board card is seized to become the main control board card of the distributed firewall, the mirror image control board card is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to finish upgrading operation.
2. The upgrading method according to claim 1, wherein before synchronously configuring the mirror image management board card based on the configuration parameters of the local management board card and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, the upgrading method further comprises:
controlling the local control board card to enter an upgrading mode;
checking whether a local control board card and the local service board card are both in a normal state;
if the local control board card and the local service board card are confirmed to be in normal states, the local control board card selects a local available node;
selecting a target available node corresponding to the local available node;
adopting the target available node to construct a mirror image control board card corresponding to the local control board card;
and constructing a mirror image service board card corresponding to the local service board card by adopting the target available node.
3. The upgrade method according to claim 2, wherein after the target available node is used to construct a mirror service board corresponding to the local service board, the upgrade method further includes:
copying all data of a data disk in a local control board card to a mirror image control board card;
and after the copying is finished, starting the mirror image management and control board card.
4. The upgrading method according to claim 1, wherein the configuration parameters of the local management board card include at least one of: a sub-interface, a security domain and a policy of the firewall; the configuration parameters of the local service board card include at least one of the following: session table, mac table, arp table.
5. The upgrading method according to claim 1, wherein the step of preempting the mirror image management board card to become a master control board card of the distributed firewall includes:
adjusting the available weight parameter of the mirror image control board card to a target weight value;
controlling the local control board card to become a standby board card based on the target weight value;
and based on the target weight value, controlling the mirror image control board card to preempt to become a main control board card of the distributed firewall.
6. The upgrading method according to claim 1, wherein after the mirror image management board preempts to become a master control board of the distributed firewall, the upgrading method further comprises:
the mirror image management and control board card informs mirror image service board cards in all target available nodes to start flow interfaces;
and the local control board card informs the local service board cards in all the local available nodes to close the flow interfaces.
7. The upgrading method according to claim 1, wherein after the mirror image management and control board is used to control the mirror image service board to take over the service traffic of the distributed firewall, the upgrading method further includes:
closing and deleting all local service board cards;
updating the configuration related to the service of the local available node in the mirror image management and control board card to the board card of the target available node;
and after the upgrading operation is completed, deleting the local management and control board card.
8. The upgrading method according to claim 1, wherein the local management and control board corresponds to one or more local service boards.
9. The upgrading method according to claim 1, wherein the local management board card and the local service board card both exist in the form of virtual machines.
10. An upgrade apparatus for a distributed firewall, the distributed firewall comprising: local management and control integrated circuit board and local business integrated circuit board, local management and control integrated circuit board is responsible for distributed firewall's life cycle management and interacts with the cloud platform, the business flow on each host computer is responsible for handling to the local business integrated circuit board, the upgrading device includes:
the synchronization unit is used for synchronously configuring the mirror image management and control board card based on the configuration parameters of the local management and control board card and synchronously configuring the mirror image service board card based on the configuration parameters of the local service board card, wherein the mirror image management and control board card and the mirror image service board card are constructed in advance;
a sending unit, configured to issue a preemption instruction to the mirror image control board by the local control board, where the preemption instruction is used to instruct the mirror image control board to preempt as a master control board of the distributed firewall;
and the control unit is used for controlling the mirror image service board card to take over the service flow of the distributed firewall so as to finish upgrading operation after the mirror image control board card occupies to become the master control board card of the distributed firewall.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110910690.4A CN113595802A (en) | 2021-08-09 | 2021-08-09 | Upgrading method and device of distributed firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110910690.4A CN113595802A (en) | 2021-08-09 | 2021-08-09 | Upgrading method and device of distributed firewall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113595802A true CN113595802A (en) | 2021-11-02 |
Family
ID=78256544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110910690.4A Pending CN113595802A (en) | 2021-08-09 | 2021-08-09 | Upgrading method and device of distributed firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113595802A (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651680A (en) * | 2009-09-14 | 2010-02-17 | 杭州华三通信技术有限公司 | Network safety allocating method and network safety device |
| CN102404339A (en) * | 2011-12-16 | 2012-04-04 | 山石网科通信技术(北京)有限公司 | Fire wall system and data processing method based on fire wall system |
| WO2013078548A1 (en) * | 2011-12-02 | 2013-06-06 | Groupe Iweb Inc. | System and method for automatically configuring and updating a virtual server |
| US20140164619A1 (en) * | 2012-12-11 | 2014-06-12 | Zhongwen Zhu | Hybrid firewall for data center security |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| US20180131675A1 (en) * | 2016-11-07 | 2018-05-10 | Nicira, Inc. | Firewall rule creation in a virtualized computing environment |
| CN108023756A (en) * | 2016-10-28 | 2018-05-11 | 阿里巴巴集团控股有限公司 | The upgrade method and device of a kind of virtual switch |
| US20180241617A1 (en) * | 2017-02-22 | 2018-08-23 | Microsoft Technology Licensing, Llc | System upgrade management in distributed computing systems |
| US20180316559A1 (en) * | 2015-10-30 | 2018-11-01 | Hewlett Packard Enterprise Development Lp | Managing virtual network functions |
| CN109005066A (en) * | 2018-08-28 | 2018-12-14 | 福建星网智慧软件有限公司 | Based on Docker distributed server operation management method and computer readable storage medium |
| CN109587102A (en) * | 2017-09-29 | 2019-04-05 | 北京上元信安技术有限公司 | A kind of Web application firewall, guard system and access method |
| US20190171435A1 (en) * | 2017-12-06 | 2019-06-06 | Vmware, Inc. | Distributed upgrade in virtualized computing environments |
| WO2019148839A1 (en) * | 2018-01-31 | 2019-08-08 | 华为技术有限公司 | Firewall configuration and message sending method and device |
| CN111049682A (en) * | 2019-12-09 | 2020-04-21 | 迈普通信技术股份有限公司 | Method, system and central network equipment for realizing uninterrupted service upgrade |
| CN112084007A (en) * | 2020-09-10 | 2020-12-15 | 星辰天合(北京)数据科技有限公司 | NAS storage upgrading method and device based on virtual machine technology |
| CN112596757A (en) * | 2020-11-26 | 2021-04-02 | 新华三大数据技术有限公司 | Method and device for upgrading agent component of cloud desktop virtual machine and storage medium |
-
2021
- 2021-08-09 CN CN202110910690.4A patent/CN113595802A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651680A (en) * | 2009-09-14 | 2010-02-17 | 杭州华三通信技术有限公司 | Network safety allocating method and network safety device |
| WO2013078548A1 (en) * | 2011-12-02 | 2013-06-06 | Groupe Iweb Inc. | System and method for automatically configuring and updating a virtual server |
| CN102404339A (en) * | 2011-12-16 | 2012-04-04 | 山石网科通信技术(北京)有限公司 | Fire wall system and data processing method based on fire wall system |
| US20140164619A1 (en) * | 2012-12-11 | 2014-06-12 | Zhongwen Zhu | Hybrid firewall for data center security |
| CN105075212A (en) * | 2012-12-11 | 2015-11-18 | 瑞典爱立信有限公司 | Hybrid firewall for data center security |
| US20180316559A1 (en) * | 2015-10-30 | 2018-11-01 | Hewlett Packard Enterprise Development Lp | Managing virtual network functions |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| CN108023756A (en) * | 2016-10-28 | 2018-05-11 | 阿里巴巴集团控股有限公司 | The upgrade method and device of a kind of virtual switch |
| US20180131675A1 (en) * | 2016-11-07 | 2018-05-10 | Nicira, Inc. | Firewall rule creation in a virtualized computing environment |
| US20180241617A1 (en) * | 2017-02-22 | 2018-08-23 | Microsoft Technology Licensing, Llc | System upgrade management in distributed computing systems |
| CN110325968A (en) * | 2017-02-22 | 2019-10-11 | 微软技术许可有限责任公司 | System upgrade management in distributed computing system |
| CN109587102A (en) * | 2017-09-29 | 2019-04-05 | 北京上元信安技术有限公司 | A kind of Web application firewall, guard system and access method |
| US20190171435A1 (en) * | 2017-12-06 | 2019-06-06 | Vmware, Inc. | Distributed upgrade in virtualized computing environments |
| WO2019148839A1 (en) * | 2018-01-31 | 2019-08-08 | 华为技术有限公司 | Firewall configuration and message sending method and device |
| CN109005066A (en) * | 2018-08-28 | 2018-12-14 | 福建星网智慧软件有限公司 | Based on Docker distributed server operation management method and computer readable storage medium |
| CN111049682A (en) * | 2019-12-09 | 2020-04-21 | 迈普通信技术股份有限公司 | Method, system and central network equipment for realizing uninterrupted service upgrade |
| CN112084007A (en) * | 2020-09-10 | 2020-12-15 | 星辰天合(北京)数据科技有限公司 | NAS storage upgrading method and device based on virtual machine technology |
| CN112596757A (en) * | 2020-11-26 | 2021-04-02 | 新华三大数据技术有限公司 | Method and device for upgrading agent component of cloud desktop virtual machine and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110611588B (en) | Network creation method, server, computer readable storage medium and system | |
| US9846591B2 (en) | Method, device and system for migrating configuration information during live migration of virtual machine | |
| US8874749B1 (en) | Network fragmentation and virtual machine migration in a scalable cloud computing environment | |
| CN105323136B (en) | Information processing method and device | |
| EP3235186B1 (en) | Vlant tagging in a virtual environment | |
| US9928107B1 (en) | Fast IP migration in a hybrid network environment | |
| US20120131662A1 (en) | Virtual local area networks in a virtual machine environment | |
| CN109861839B (en) | Method for upgrading virtual switch without service interruption and related equipment | |
| JP2008533573A (en) | Disaster recovery architecture | |
| CN107005471A (en) | Universal Subscriber premises equipment | |
| CN112311646B (en) | Hybrid cloud based on super-fusion system and deployment method | |
| WO2022099936A1 (en) | Smooth upgrade method and system | |
| CN110855488B (en) | Virtual machine access method and device | |
| CN112491789B (en) | OpenStack framework-based virtual firewall construction method and storage medium | |
| CN109587286A (en) | A kind of equipment connection control method and device | |
| CN108337743A (en) | A kind of terminal device and its communication means of double card dual system | |
| EP3474501B1 (en) | Network device stacking | |
| EP3977279B1 (en) | Configurable memory device connected to a microprocessor | |
| CN113595802A (en) | Upgrading method and device of distributed firewall | |
| US10841163B2 (en) | Autoinitialization of clustered storage | |
| KR20150002426A (en) | Methods for supporting mobility of virtual machine in network input output virtualization environment and apparatus for performing the same | |
| US11921590B2 (en) | Application consistent network backup using three phase full quorum | |
| CN112995009B (en) | Method and device for enabling virtual machine to mirror image flow of local virtualization network | |
| CN105763661A (en) | Network protocol IP address obtaining method and communication equipment | |
| CN112130958B (en) | Virtual machine live migration method and system based on OVS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |