CN114301842B - Route searching method and device, storage medium, processor and network system - Google Patents
Route searching method and device, storage medium, processor and network system Download PDFInfo
- Publication number
- CN114301842B CN114301842B CN202111663281.5A CN202111663281A CN114301842B CN 114301842 B CN114301842 B CN 114301842B CN 202111663281 A CN202111663281 A CN 202111663281A CN 114301842 B CN114301842 B CN 114301842B
- Authority
- CN
- China
- Prior art keywords
- target
- firewall
- route
- session
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 90
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims description 57
- 230000008569 process Effects 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000006855 networking Effects 0.000 abstract description 17
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a route searching method and device, a storage medium, a processor and a network system. The method comprises the following steps: triggering a main firewall to send a backup request of a target session; backing up the target session on the main firewall to the standby firewall in response to the backup request; if the first target switch is started, the route is searched again for the target session on the standby firewall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session. According to the method and the device, the problem that in a networking scene of a nonstandard HA active-standby mode in the related art, after active-standby switching is carried out, the route of a session backed up to the standby fireproof wall is incorrect, and the flow of the session is interrupted is solved.
Description
Technical Field
The present invention relates to the field of network communications technologies, and in particular, to a route searching method and apparatus, a storage medium, a processor, and a network system.
Background
The scenario that the firewall performs networking in the HA (high availability) active/standby mode is shown in fig. 1, and fig. 1 includes a standard HA active/standby mode networking scenario and a non-standard HA active/standby mode networking scenario. In fig. 1, firewall FW01 is a main HA firewall, and firewall FW02 is a backup HA firewall.
As shown in fig. 1, the upper half is a standard HA master standby mode networking scenario. Wherein the two firewalls communicate with one IP address (1.1.1.1 for example in fig. 1) of the opposite server through the two-layer switch. And FW01 and FW02 are identical to each other in terms of external interfaces and IP addresses (the example interface in fig. 1 is eth0/1, and IP is 1.1.1.2). Therefore, as can be obtained from the above, when the HA switches between the active and standby, FW02 becomes the active firewall, and the next hop of the downstream route pointed in the Flow session in FW02 still points to the IP address of the layer 2 switch SW01, so that the problem that the downstream data traffic of the Flow session (the traffic of FW01/FW02 to SW 01) is interrupted after the active and standby HA switch in the standard active and standby HA mode networking scenario is not caused, that is, the problem is not caused in the standard active and standby HA mode networking method.
However, in the non-standard HA master-slave mode networking scenario in the lower half as shown in fig. 1, the Flow of the Flow session may be interrupted after the HA master-slave switching. The method comprises the following steps: the two firewalls in fig. 1 connect different IP addresses of the different two layer 3 switches (example in fig. 1: FW01 communicates with IP address 2.2.2.8 of SW02 and FW02 communicates with IP address 2.2.2.9 of SW 03). And the SW02 and the SW03 are not connected, do not stack, do not do VRRP (Virtual Router Redundancy Protocol ), are deployed for a single machine, and configure static routes. Thus, when the HA switches between active and standby, FW02 becomes the primary firewall, but the next hop of the downstream route pointed to in the Flow session in FW02 still points to the IP address of SW02 (from the FW01 synchronization session, 2.2.2.8 in the example of fig. 1), thus causing the problem that the downstream data traffic of the Flow session (the traffic of FW01/FW02 to SW02/SW 03) is interrupted after the HA switches between active and standby.
In summary, in a non-standard HA master-slave mode networking scenario, there is a problem that the existing flow session is interrupted after the HA master-slave is switched. That is, the service flow of the session will not be passed after the HA primary and secondary switch until the session is deleted (the session aging is deleted, the TCP RST/FIN message triggers deletion of the session, etc.).
In the related art, in the non-standard HA active-standby mode networking scenario, the interface IP addresses and MAC addresses of the two three-layer switches are configured to be the same, i.e. the IP addresses of SW02 and SW03 opposite to the firewall side are configured to be the same, and the MAC addresses of SW02 and SW03 opposite to the firewall side are also configured to be the same. Moreover, some network management systems will periodically check the configuration of all devices, consider this to be a nonstandard/wrong configuration, and automatically modify/restore to a different IP address and a different MAC address. Thus, this scheme may also fail for this scenario.
Aiming at the problem that in the networking scene of a nonstandard HA active-standby mode in the related art, after active-standby switching is carried out, the route of a session backed up to a standby firewall is incorrect, so that the flow of the session is interrupted, no effective solution is proposed at present.
Disclosure of Invention
The main purpose of the present application is to provide a route searching method and apparatus, a storage medium, a processor, and a network system, so as to solve the problem in the related art that in a non-standard HA active/standby mode networking scenario, after active/standby switching is performed, the route of a session backed up to a standby firewall is incorrect, resulting in interruption of the flow of the session.
To achieve the above object, according to one aspect of the present application, there is provided a network system. The system comprises: a main firewall; preparing a firewall; a first switch; a second switch; the main firewall is provided with a first target interface and a second target interface, the standby firewall is provided with the first target interface and the second target interface, the first target interface of the main firewall is connected with the first switch, the second target interface of the standby firewall is connected with the second switch, the second target interface of the main firewall is connected with the first target interface of the standby firewall in a wireless way, and IP network segments used by the first target interface of the main firewall and the second target interface of the standby firewall are different.
Further, the routing configuration of the primary firewall and the standby firewall is the same.
To achieve the above object, according to one aspect of the present application, there is provided a route searching method. The method comprises the following steps: triggering the main firewall to send a backup request of a target session; responding to the backup request, and backing up the target session on the main fireproof wall to the standby fireproof wall; and if the first target switch is started, the route is searched again for the target session on the standby fire wall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session.
Further, after re-routing the target session on the backup firewall, the method further comprises: if the route re-searched for the target session on the standby firewall is successful, replacing the route copied by the target session from the main firewall with the route re-searched by the target session on the standby firewall; if the route re-searching for the target session fails on the standby fireproof wall, first target information is recorded on the target session, wherein the first target information is used for marking the route corresponding to the target session to be continuously searched.
Further, after recording the first target information on the target session, the method further comprises: if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is performed on the first main firewall; if the first target message is matched with the target session, searching a route corresponding to the target session on the first main fireproof wall, wherein the first target message is a message transmitted on the first main fireproof wall.
Further, after searching for the route corresponding to the target session on the first main firewall, the method further comprises: if the route corresponding to the target session on the first main fireproof wall is found successfully, replacing the route copied by the target session from the main fireproof wall with the route found by the target session again on the first main fireproof wall, and recording second target information on the target session, wherein the second target information is used for marking the route corresponding to the target session which does not need to be continuously found in the follow-up process; and if the route corresponding to the target session on the first main fireproof wall fails to be found, discarding the first target message.
Further, after discarding the first target packet, the method further includes: selecting a preset processing mode according to preset requirements; if the selected preset processing mode is the preset processing mode I, deleting the target session; if the selected preset processing mode is a preset processing mode II, when a second target message is matched with the target session, searching a corresponding route on the first main fireproof wall for the target session according to preset times, wherein the second target message comprises a message transmitted on the first main fireproof wall except the first target message and a message obtained after the first target message is retransmitted; if the number of times of searching the corresponding route by the target session on the first main fireproof wall is not greater than the preset number of times, and the searching of the corresponding route by the target session on the first main fireproof wall fails, discarding the second target message; and if the number of times of searching the corresponding route on the first main fireproof wall by the target session is larger than the preset number of times, deleting the target session.
To achieve the above object, according to another aspect of the present application, there is provided a route search device. The device comprises: the first triggering unit is used for triggering the main firewall to send a backup request of the target session; the first response unit is used for responding to the backup request and backing up the target session on the main fireproof wall to the standby fireproof wall; and the first searching unit is used for searching the route for the target session on the standby fire wall according to the IP address of the target session if the first target switch is started, wherein the first target switch is used for indicating to search the route for the target session.
Further, the apparatus further comprises: the first replacing unit is used for replacing the route copied by the target session from the main fireproof wall with the route re-searched by the target session on the standby fireproof wall if the re-searching of the route for the target session on the standby fireproof wall is successful after the re-searching of the route for the target session on the standby fireproof wall; the first recording unit is configured to record first target information on the target session if the re-searching of the route for the target session fails on the standby firewall, where the first target information is used to identify a route that needs to be continuously searched for in a subsequent process.
Further, the apparatus further comprises: the first processing unit is used for after the first target information is recorded on the target session, if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is carried out on the first main firewall; and the second searching unit is used for searching a route corresponding to the target session on the first main fireproof wall if the first target message is matched with the target session, wherein the first target message is a message transmitted on the first main fireproof wall.
Further, the apparatus further comprises: the second processing unit is used for replacing the route copied by the target session from the main fireproof wall with the route re-searched by the target session on the first main fireproof wall after searching the route corresponding to the target session on the first main fireproof wall, and recording second target information on the target session, wherein the second target information is used for identifying that the route corresponding to the target session does not need to be continuously searched in the follow-up process; and the first discarding unit is used for discarding the first target message if the route corresponding to the target session on the first main fireproof wall is found to fail.
Further, the apparatus further comprises: after discarding the first target message, a first selecting unit is used for selecting a preset processing mode according to a preset requirement; the first deleting unit is used for deleting the target session if the selected preset processing mode is a first preset processing mode; a third searching unit, configured to search, if the selected preset processing manner is a preset processing manner two, for the target session for a corresponding route on the first primary firewall according to a preset number of times when a second target packet is matched with the target session, where the second target packet includes a packet transmitted on the first primary firewall and other than the first target packet, and a packet obtained after retransmitting the first target packet; the second discarding unit is configured to discard the second target packet if the number of times of searching the corresponding route on the first main firewall by the target session is not greater than the preset number of times, and the searching of the corresponding route on the first main firewall by the target session fails; and the second deleting unit is used for deleting the target session if the number of times of searching the corresponding route on the first main fireproof wall by the target session is larger than the preset number of times.
To achieve the above object, according to another aspect of the present application, there is provided a processor for executing a program, wherein the program executes any one of the route searching methods described above.
In order to achieve the above object, according to another aspect of the present application, there is provided a storage medium including a stored program, wherein the program performs the route searching method described in any one of the above.
Through the application, the following steps are adopted: triggering a main firewall to send a backup request of a target session; backing up the target session on the main firewall to the standby firewall in response to the backup request; if the first target switch is started, the route is searched again for the target session on the standby firewall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session, and the problem that in the related art, in a non-standard HA active-standby mode networking scene, after active-standby switching is carried out, the route of the session backed up on the standby firewall is incorrect, so that the flow of the session is interrupted is solved. By responding to the backup request of the target session, the target session on the main fireproof wall is backed up to the standby fireproof wall, and when the first target switch is started, the route is searched again for the target session on the standby fireproof wall according to the IP address of the target session, so that the route of the session backed up to the standby fireproof wall is correct, and the effect of ensuring that the flow of the session is not interrupted is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, illustrate and explain the application and are not to be construed as limiting the application. In the drawings:
fig. 1 is a schematic diagram of an HA master-slave mode networking scenario according to the prior art;
FIG. 2 is a schematic diagram of a network system provided in accordance with an embodiment of the present application;
FIG. 3 is a flow chart of a route lookup method provided in accordance with an embodiment of the present application;
fig. 4 is a schematic diagram of a route searching device according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an embodiment of the present application, a network system is provided.
Fig. 2 is a schematic diagram of a network system provided according to an embodiment of the present application. As shown in fig. 2, the system includes: a main firewall; preparing a firewall; a first switch; a second switch; the main firewall is provided with a first target interface and a second target interface, the standby firewall is provided with a first target interface and a second target interface, the first target interface of the main firewall is connected with the first switch, the second target interface of the standby firewall is connected with the second switch, the second target interface of the main firewall is connected with the first target interface of the standby firewall in a wireless way, and IP network segments used by the first target interface of the main firewall and the second target interface of the standby firewall are different.
For example, FW01 and FW02 operate in the HA active-standby mode, where FW01 is a primary firewall, FW02 is a standby firewall, the first switch may be SW02 in fig. 2, the second switch may be SW03 in fig. 2, the first target interface may be the eth0/2 interface in fig. 2, and the second target interface may be the eth0/3 interface in fig. 2. The interfaces of FW01 and FW02 are consistent, and the interfaces are respectively provided with an eth0/2 interface and an eth0/3 interface, but the wiring modes of the two firewalls are inconsistent, namely the firewalls and the switch are interconnected to use different interfaces and different Internet sections, and the method specifically comprises the following steps: FW01 connects SW02 using interface eth0/2 (IP segment 2.2.2.0/24), but interface eth0/3 of FW01 is not wired (not wired to ensure that the route to eth0/3 is not valid, cannot be queried); FW02 connects SW03 using interface eth0/3 (IP segment 3.3.3.0/24), but interface eth0/2 is not wired (not wired to ensure that the route to eth0/2 is not valid and cannot be queried).
By using the network system provided by the invention, the matched route can be accurately found on the backup fireproof wall under the non-standard HA active-standby mode networking scene and in the HA active-standby switching process or after the HA active-standby switching is completed, so that the flow of the session can be kept smooth without interruption.
Optionally, in the network system provided in the embodiment of the present application, the routing configurations of the primary firewall and the backup firewall are the same.
For example, the same route is configured on both the FW01 main firewall and the FW02 backup firewall, i.e., the static route to the eth0/2 interface and the eth0/3 interface, and the same configuration is performed on both the main firewall and the backup firewall.
Through the scheme, the main firewall and the standby firewall are guaranteed to have the same interfaces, and the routing configuration of the interfaces is the same, so that the session can be quickly backed up from the main firewall to the standby firewall.
Through the network system provided by the invention, the session can accurately find the matched route on the backup fireproof wall in the process of HA active/standby switching or after the HA active/standby switching is completed, so that the effect of ensuring that the flow of the session is not interrupted is achieved.
The present invention is described below in connection with preferred implementation steps, and fig. 3 is a flowchart of a route searching method according to an embodiment of the present application, as shown in fig. 3, where the method includes the following steps:
step S301, triggering the primary firewall to send a backup request of the target session.
For example, the main firewall FW01 sends a backup request requiring a backup flow session to the backup firewall FW 02.
In step S302, the target session on the primary firewall is backed up to the backup firewall in response to the backup request.
For example, when the backup firewall FW02 receives a backup request of a flow session sent from the main firewall FW01, the backup firewall FW02 backs up the flow session from the main firewall FW01 to the backup firewall FW 02.
Step S303, if the first target switch is turned on, the route is searched again for the target session on the standby firewall according to the IP address of the target session, wherein the first target switch is used for indicating that the route is searched for the target session.
For example, if the "ha session-request-route" configuration switch is found to be on, it is necessary to re-find the route and egress interfaces for this session according to the IP address of the session. In addition, the re-searched route may include either a forward route or a reverse route. Thus, the process of re-routing includes actually two lookup processes, i.e., a forward route/egress interface/next hop IP for a lookup session and a reverse route/egress interface/next hop IP for a lookup session.
Through the steps S301 to S303, the target session on the main firewall is backed up to the standby firewall by responding to the backup request of the target session, and when the first target switch is turned on, the route is searched again for the target session on the standby firewall according to the IP address of the target session, so that the route of the session backed up to the standby firewall is correct, and the effect of ensuring that the flow of the session is not interrupted is achieved.
Optionally, in the route searching method provided in the embodiment of the present application, after the route is searched again for the target session on the backup firewall, the method further includes: if the route re-found for the target session on the standby fireproof wall is successful, replacing the route copied from the main fireproof wall by the route re-found on the standby fireproof wall by the target session; if the route searching for the target session on the standby firewall fails, recording first target information on the target session, wherein the first target information is used for marking the route corresponding to the target session which needs to be continuously searched subsequently.
For example, if the corresponding route is successfully found for the session, then the new route and the new outgoing interface are found successfully, and the old route and the old outgoing interface backed up by the HA opposite terminal on the session are replaced. Such as: the outgoing interface of the session on FW01 is eth0/2, the next hop IP is 2.2.2.8, the outgoing interface after the session is backed up on FW02 is changed to eth0/3, and the next hop IP is changed to 3.3.3.8, so if the search is successful, the eth0/3 interface and the IP are used: 3.3.3.8 replaces eth0/2 interface and IP:2.2.2.8. if searching for the corresponding route for the session fails (the reason for the failure may be that the relevant route has not been ready yet), it is necessary to record "HA need session rematch" flag as TRUE on the session, so that when the subsequent service traffic message triggers the session again, it is necessary to re-search the route for the session, that is, when the service traffic message reaches the session, and when the session is hit by matching, it is necessary to re-search the route for the session.
Through the scheme, the session is established on the main firewall, and the standby firewall can search the corresponding route for the session in the process of establishing the session.
Optionally, in the route searching method provided in the embodiment of the present application, after the first target information is recorded on the target session, the method further includes: if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is performed on the first main firewall; if the first target message is matched with the target session, searching a corresponding route of the target session on the first main fireproof wall, wherein the first target message is a message transmitted on the first main fireproof wall.
For example, after the HA primary-backup is switched, FW02 becomes the primary firewall, and at this time, traffic flows on the FW02 firewall, and traffic messages can be transmitted on the FW02 firewall. If the session of the traffic message transmitted on the FW02 firewall is matched, that is, when the traffic message reaches the session, the session is hit by the matching, and the Flag of "HA need session rematch" on the session is True, the routing and egress interfaces need to be searched again for the session.
Through the scheme, after the primary and standby firewalls finish switching, when the session is matched and hit and the identifier of the route corresponding to the session is found to be continuously searched, the corresponding route can be continuously searched for the session again.
Optionally, in the route searching method provided in the embodiment of the present application, after searching a route corresponding to the target session on the first main firewall, the method further includes: if the route corresponding to the target session on the first main fireproof wall is found successfully, replacing the route which is found again by the target session and copied from the main fireproof wall by the route, and recording second target information on the target session, wherein the second target information is used for marking the route corresponding to the target session which does not need to be found continuously in the follow-up process; if the route corresponding to the target session on the first main fireproof wall fails to be found, the first target message is discarded.
For example, after the HA primary-standby is switched, that is, after the flow session on FW01 is synchronized to FW02, if the corresponding route is successfully found for the session, that is, the new correct outgoing interface and the next hop IP are found again, the new route and the new outgoing interface that are found again are replaced by the old route and the old outgoing interface backed up by the HA opposite end on the session, and the flag "HA need session rematch" is restored to FALSE on the session. If the corresponding route is failed for session searching, the current message is discarded.
Through the scheme, after the primary and the secondary firewalls complete the switching, when the corresponding routes are continuously searched for the session, corresponding measures can be taken according to the searching results, so that the problem that the session is not communicated after the primary and the secondary switching can be solved.
Optionally, in the route searching method provided in the embodiment of the present application, after discarding the first target packet, the method further includes: selecting a preset processing mode according to preset requirements; if the selected preset processing mode is the preset processing mode I, deleting the target session; if the selected preset processing mode is the preset processing mode II, when the second target message is matched with the target session, searching a corresponding route on the first main fireproof wall according to the target session with the preset times, wherein the second target message comprises messages transmitted on the first main fireproof wall except the first target message and messages obtained after the first target message is retransmitted; if the number of times of searching the corresponding route by the target session on the first main fireproof wall is not more than the preset number of times and the searching of the corresponding route by the target session on the first main fireproof wall fails, discarding the second target message; and if the number of times of searching the corresponding route on the first main fireproof wall by the target session is greater than the preset number of times, deleting the target session.
For example, after discarding the current message, when the subsequent message reaches the session, that is, when the session is hit by matching, the route may be found again for the session according to the preset times. And in the process of searching the route again for a plurality of times according to the session, if the condition of route searching failure is met, the current message is immediately discarded. After the current message is discarded, if the subsequent message hits the session, the route searching process is continued for the session, and the route searching process is repeated circularly. And finally, if the number of times of searching the route again for the session is judged to be larger than the preset number of times, and the current route still fails to be searched, deleting the current session and discarding the current message.
Through the scheme, after the primary and standby firewalls finish switching, and when the corresponding route searching for the session fails, the corresponding processing mode can be selected for processing.
In summary, in the route searching method provided by the embodiment of the present application, the primary firewall is triggered to send the backup request of the target session; backing up the target session on the main firewall to the standby firewall in response to the backup request; if the first target switch is started, the route is searched again for the target session on the standby firewall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session, and the problem that in the related art, in a non-standard HA active-standby mode networking scene, after active-standby switching is carried out, the route of the session backed up on the standby firewall is incorrect, so that the flow of the session is interrupted is solved. By responding to the backup request of the target session, the target session on the main fireproof wall is backed up to the standby fireproof wall, and when the first target switch is started, the route is searched again for the target session on the standby fireproof wall according to the IP address of the target session, so that the route of the session backed up to the standby fireproof wall is correct, and the effect of ensuring that the flow of the session is not interrupted is achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a route searching device, and it is to be noted that the route searching device of the embodiment of the application can be used for executing the route searching method provided by the embodiment of the application. The following describes a route searching device provided in an embodiment of the present application.
Fig. 4 is a schematic diagram of a route lookup device according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: a first trigger unit 401, a first response unit 402 and a first search unit 403.
Specifically, the first triggering unit 401 is configured to trigger the primary firewall to send a backup request of the target session;
a first response unit 402, configured to backup, in response to the backup request, the target session on the primary firewall to the backup firewall;
the first lookup unit 403 is configured to, if the first target switch is turned on, re-find the route for the target session on the firewall according to the IP address of the target session, where the first target switch is used to instruct to find the route for the target session.
In summary, in the route searching device provided in the embodiment of the present application, the first triggering unit 401 triggers the main firewall to send the backup request of the target session; the first response unit 402 responds to the backup request and backs up the target session on the main firewall to the backup firewall; the first lookup unit 403, if the first target switch is turned on, re-searches the route for the target session on the backup firewall according to the IP address of the target session, where the first target switch is used to instruct to search the route for the target session, which solves the problem in the related art that when the backup is performed in the non-standard HA master-backup mode networking scenario, the route of the session backed up on the backup firewall is incorrect, resulting in the interruption of the flow of the session.
Optionally, in the route searching device provided in the embodiment of the present application, the device further includes: the first replacing unit is used for replacing the route copied by the target session from the main fireproof wall with the route re-searched by the target session on the standby fireproof wall if the re-searching of the route is successful for the target session on the standby fireproof wall after the re-searching of the route for the target session on the standby fireproof wall; the first recording unit is used for recording first target information on the target session if the route searching for the target session on the standby firewall fails, wherein the first target information is used for marking the route corresponding to the target session which needs to be continuously searched for later.
Optionally, in the route searching device provided in the embodiment of the present application, the device further includes: the first processing unit is used for changing the standby firewall into a first main firewall after the main firewall and the standby firewall finish the main-standby switching after the first target information is recorded on the target session, and transmitting the message on the first main firewall; and the second searching unit is used for searching a route corresponding to the target session on the first main fireproof wall if the first target message is matched with the target session, wherein the first target message is a message transmitted on the first main fireproof wall.
Optionally, in the route searching device provided in the embodiment of the present application, the device further includes: the second processing unit is used for replacing the route which is copied from the main fireproof wall by the target session and is re-found on the first main fireproof wall by the target session if the route which is copied from the main fireproof wall by the target session is successful after the route which is corresponding to the target session on the first main fireproof wall is found, and recording second target information on the target session, wherein the second target information is used for marking the route which is not needed to be continuously found and corresponds to the target session subsequently; the first discarding unit is configured to discard the first target packet if the route corresponding to the target session on the first main firewall fails.
Optionally, in the route searching device provided in the embodiment of the present application, the device further includes: after discarding the first target message, a first selecting unit is used for selecting a preset processing mode according to a preset requirement; the first deleting unit is used for deleting the target session if the selected preset processing mode is a first preset processing mode; a third searching unit, configured to search, if the selected preset processing mode is a preset processing mode two, for a corresponding route on the first main firewall according to the target session with the preset number of times when the second target message is matched with the target session, where the second target message includes a message transmitted on the first main firewall except the first target message and a message obtained after retransmitting the first target message; the second discarding unit is configured to discard the second target packet if the number of times of searching the corresponding route by the target session on the first main firewall is not greater than a preset number of times, and the searching of the corresponding route by the target session on the first main firewall fails; and the second deleting unit is used for deleting the target session if the number of times of searching the corresponding route on the first main fireproof wall by the target session is greater than the preset number of times.
The route searching device comprises a processor and a memory, wherein the first triggering unit 401, the first responding unit 402, the first searching unit 403 and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the flow of the session is ensured not to be interrupted by adjusting the kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a storage medium, on which a program is stored, which when executed by a processor implements the route searching method.
The embodiment of the invention provides a processor which is used for running a program, wherein the route searching method is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program stored in the memory and capable of running on the processor, wherein the processor realizes the following steps when executing the program: triggering the main firewall to send a backup request of a target session; responding to the backup request, and backing up the target session on the main fireproof wall to the standby fireproof wall; and if the first target switch is started, the route is searched again for the target session on the standby fire wall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session.
The processor also realizes the following steps when executing the program: after re-routing the target session on the backup firewall, the method further comprises: if the route re-searched for the target session on the standby firewall is successful, replacing the route copied by the target session from the main firewall with the route re-searched by the target session on the standby firewall; if the route re-searching for the target session fails on the standby fireproof wall, first target information is recorded on the target session, wherein the first target information is used for marking the route corresponding to the target session to be continuously searched.
The processor also realizes the following steps when executing the program: after recording the first target information on the target session, the method further comprises: if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is performed on the first main firewall; if the first target message is matched with the target session, searching a route corresponding to the target session on the first main fireproof wall, wherein the first target message is a message transmitted on the first main fireproof wall.
The processor also realizes the following steps when executing the program: after searching for the route corresponding to the target session on the first main firewall, the method further comprises: if the route corresponding to the target session on the first main fireproof wall is found successfully, replacing the route copied by the target session from the main fireproof wall with the route found by the target session again on the first main fireproof wall, and recording second target information on the target session, wherein the second target information is used for marking the route corresponding to the target session which does not need to be continuously found in the follow-up process; and if the route corresponding to the target session on the first main fireproof wall fails to be found, discarding the first target message.
The processor also realizes the following steps when executing the program: after discarding the first target packet, the method further includes: selecting a preset processing mode according to preset requirements; if the selected preset processing mode is the preset processing mode I, deleting the target session; if the selected preset processing mode is a preset processing mode II, when a second target message is matched with the target session, searching a corresponding route on the first main fireproof wall for the target session according to preset times, wherein the second target message comprises a message transmitted on the first main fireproof wall except the first target message and a message obtained after the first target message is retransmitted; if the number of times of searching the corresponding route by the target session on the first main fireproof wall is not greater than the preset number of times, and the searching of the corresponding route by the target session on the first main fireproof wall fails, discarding the second target message; and if the number of times of searching the corresponding route on the first main fireproof wall by the target session is larger than the preset number of times, deleting the target session. The device herein may be a server, PC, PAD, cell phone, etc.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: triggering the main firewall to send a backup request of a target session; responding to the backup request, and backing up the target session on the main fireproof wall to the standby fireproof wall; and if the first target switch is started, the route is searched again for the target session on the standby fire wall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: after re-routing the target session on the backup firewall, the method further comprises: if the route re-searched for the target session on the standby firewall is successful, replacing the route copied by the target session from the main firewall with the route re-searched by the target session on the standby firewall; if the route re-searching for the target session fails on the standby fireproof wall, first target information is recorded on the target session, wherein the first target information is used for marking the route corresponding to the target session to be continuously searched.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: after recording the first target information on the target session, the method further comprises: if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is performed on the first main firewall; if the first target message is matched with the target session, searching a route corresponding to the target session on the first main fireproof wall, wherein the first target message is a message transmitted on the first main fireproof wall.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: after searching for the route corresponding to the target session on the first main firewall, the method further comprises: if the route corresponding to the target session on the first main fireproof wall is found successfully, replacing the route copied by the target session from the main fireproof wall with the route found by the target session again on the first main fireproof wall, and recording second target information on the target session, wherein the second target information is used for marking the route corresponding to the target session which does not need to be continuously found in the follow-up process; and if the route corresponding to the target session on the first main fireproof wall fails to be found, discarding the first target message.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: after discarding the first target packet, the method further includes: selecting a preset processing mode according to preset requirements; if the selected preset processing mode is the preset processing mode I, deleting the target session; if the selected preset processing mode is a preset processing mode II, when a second target message is matched with the target session, searching a corresponding route on the first main fireproof wall for the target session according to preset times, wherein the second target message comprises a message transmitted on the first main fireproof wall except the first target message and a message obtained after the first target message is retransmitted; if the number of times of searching the corresponding route by the target session on the first main fireproof wall is not greater than the preset number of times, and the searching of the corresponding route by the target session on the first main fireproof wall fails, discarding the second target message; and if the number of times of searching the corresponding route on the first main fireproof wall by the target session is larger than the preset number of times, deleting the target session.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (14)
1. A route searching method, wherein the method is applied in a network system, the network system comprising: the system comprises a main firewall, a standby firewall, a first switch and a second switch; the method comprises the following steps:
triggering the main firewall to send a backup request of a target session;
responding to the backup request, and backing up the target session on the main fireproof wall to the standby fireproof wall;
If a first target switch is started, a route is searched again for the target session on the standby firewall according to the IP address of the target session, wherein the first target switch is used for indicating to search the route for the target session;
the main firewall is provided with a first target interface and a second target interface, the standby firewall is provided with the first target interface and the second target interface, the first target interface of the main firewall is connected with the first switch, the second target interface of the standby firewall is connected with the second switch, the second target interface of the main firewall is connected with the first target interface of the standby firewall in a wireless way, and IP network segments used by the first target interface of the main firewall and the second target interface of the standby firewall are different; the first switch is connected with the second switch through a wireless path.
2. The method of claim 1, wherein after the backup firewall re-routes the target session, the method further comprises:
if the route re-searched for the target session on the standby firewall is successful, replacing the route copied by the target session from the main firewall with the route re-searched by the target session on the standby firewall;
If the route re-searching for the target session fails on the standby fireproof wall, first target information is recorded on the target session, wherein the first target information is used for marking the route corresponding to the target session to be continuously searched.
3. The method of claim 2, wherein after recording the first target information on the target session, the method further comprises:
if the main firewall and the standby firewall finish the main-standby switching, the standby firewall becomes a first main firewall, and message transmission is performed on the first main firewall;
if the first target message is matched with the target session, searching a route corresponding to the target session on the first main fireproof wall, wherein the first target message is a message transmitted on the first main fireproof wall.
4. A method according to claim 3, wherein after finding the corresponding route of the target session on the first primary firewall, the method further comprises:
if the route corresponding to the target session on the first main fireproof wall is found successfully, replacing the route copied by the target session from the main fireproof wall with the route found by the target session again on the first main fireproof wall, and recording second target information on the target session, wherein the second target information is used for marking the route corresponding to the target session which does not need to be continuously found in the follow-up process;
And if the route corresponding to the target session on the first main fireproof wall fails to be found, discarding the first target message.
5. The method of claim 4, wherein after discarding the first target message, the method further comprises:
selecting a preset processing mode according to preset requirements;
if the selected preset processing mode is the preset processing mode I, deleting the target session;
if the selected preset processing mode is a preset processing mode II, when a second target message is matched with the target session, searching a corresponding route on the first main fireproof wall for the target session according to preset times, wherein the second target message comprises a message transmitted on the first main fireproof wall except the first target message and a message obtained after the first target message is retransmitted;
if the number of times of searching the corresponding route by the target session on the first main fireproof wall is not greater than the preset number of times, and the searching of the corresponding route by the target session on the first main fireproof wall fails, discarding the second target message;
and if the number of times of searching the corresponding route on the first main fireproof wall by the target session is larger than the preset number of times, deleting the target session.
6. The method of any one of claims 1 to 5, wherein the routing configurations of the primary firewall and the backup firewall are the same.
7. A route lookup device, the device being for use in a network system, the network system comprising: the system comprises a main firewall, a standby firewall, a first switch and a second switch; the device comprises:
the first triggering unit is used for triggering the main firewall to send a backup request of the target session;
the first response unit is used for responding to the backup request and backing up the target session on the main fireproof wall to the standby fireproof wall;
the first searching unit is used for searching a route for the target session on the standby firewall according to the IP address of the target session if a first target switch is started, wherein the first target switch is used for indicating to search the route for the target session;
the main firewall is provided with a first target interface and a second target interface, the standby firewall is provided with the first target interface and the second target interface, the first target interface of the main firewall is connected with the first switch, the second target interface of the standby firewall is connected with the second switch, the second target interface of the main firewall is connected with the first target interface of the standby firewall in a wireless way, and IP network segments used by the first target interface of the main firewall and the second target interface of the standby firewall are different; the first switch is connected with the second switch through a wireless path.
8. The apparatus of claim 7, wherein the apparatus further comprises:
the first replacing unit is used for replacing the route copied by the target session from the main fireproof wall with the route re-searched by the target session on the standby fireproof wall if the re-searching of the route is successful for the target session on the standby fireproof wall after the re-searching of the route for the target session on the standby fireproof wall;
the first recording unit is used for recording first target information on the target session if the route searching for the target session on the standby firewall fails, wherein the first target information is used for marking the route corresponding to the target session which needs to be continuously searched for later.
9. The apparatus of claim 8, wherein the apparatus further comprises:
the first processing unit is used for changing the standby firewall into a first main firewall after the main firewall and the standby firewall finish the main-standby switching after the first target information is recorded on the target session, and transmitting the message on the first main firewall;
and the second searching unit is used for searching a route corresponding to the target session on the first main fireproof wall if the first target message is matched with the target session, wherein the first target message is a message transmitted on the first main fireproof wall.
10. The apparatus of claim 9, wherein the apparatus further comprises:
the second processing unit is used for replacing the route which is copied from the main fireproof wall by the target session and is re-found on the first main fireproof wall by the target session if the route which is copied from the main fireproof wall by the target session is successful after the route which is corresponding to the target session on the first main fireproof wall is found, and recording second target information on the target session, wherein the second target information is used for marking the route which is not needed to be continuously found and corresponds to the target session subsequently;
the first discarding unit is configured to discard the first target packet if the route corresponding to the target session on the first main firewall fails.
11. The apparatus of claim 10, wherein the apparatus further comprises:
the first selecting unit is used for selecting a preset processing mode according to a preset requirement after discarding the first target message;
the first deleting unit is used for deleting the target session if the selected preset processing mode is a first preset processing mode;
a third searching unit, configured to search, if the selected preset processing mode is a preset processing mode two, for a corresponding route on the first main firewall according to the target session with the preset number of times when the second target message is matched with the target session, where the second target message includes a message transmitted on the first main firewall except the first target message and a message obtained after retransmitting the first target message;
The second discarding unit is configured to discard the second target packet if the number of times of searching the corresponding route by the target session on the first main firewall is not greater than a preset number of times, and the searching of the corresponding route by the target session on the first main firewall fails;
and the second deleting unit is used for deleting the target session if the number of times of searching the corresponding route on the first main fireproof wall by the target session is greater than the preset number of times.
12. The apparatus according to any one of claims 7 to 11, wherein the routing configurations of the primary firewall and the backup firewall are the same.
13. A storage medium comprising a stored program, wherein the program, when executed by a processor, implements the route search method of any one of claims 1 to 6.
14. A processor for running a program, wherein the program, when executed by the processor, implements the route lookup method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111663281.5A CN114301842B (en) | 2021-12-30 | 2021-12-30 | Route searching method and device, storage medium, processor and network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111663281.5A CN114301842B (en) | 2021-12-30 | 2021-12-30 | Route searching method and device, storage medium, processor and network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301842A CN114301842A (en) | 2022-04-08 |
| CN114301842B true CN114301842B (en) | 2024-03-15 |
Family
ID=80974144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111663281.5A Active CN114301842B (en) | 2021-12-30 | 2021-12-30 | Route searching method and device, storage medium, processor and network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301842B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115225397B (en) * | 2022-07-22 | 2024-05-03 | 山石网科通信技术股份有限公司 | Control method, control device, firewall and computer readable storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257490A (en) * | 2008-02-03 | 2008-09-03 | 杭州华三通信技术有限公司 | Method and device for processing packet under fireproof wall side road mode |
| CN101848100A (en) * | 2009-03-23 | 2010-09-29 | 北京鼎信高科信息技术有限公司 | Fire wall dual-computer hot-standby system based on CONNTRACK synchronism |
| CN102420767A (en) * | 2011-12-15 | 2012-04-18 | 北京星网锐捷网络技术有限公司 | Method and device for switching forwarding paths, and network equipment |
| CN202261336U (en) * | 2011-09-30 | 2012-05-30 | 上海忆通广达信息技术有限公司 | Dual hot-backup firewall system |
| CN103841026A (en) * | 2014-02-21 | 2014-06-04 | 烽火通信科技股份有限公司 | VPN route managing system and method of router IP protocol stack |
| US9237125B1 (en) * | 2013-05-05 | 2016-01-12 | Applied Knight, LLC | System and associated methods for secure communications |
| CN105827623A (en) * | 2016-04-26 | 2016-08-03 | 山石网科通信技术有限公司 | Data center system |
| CN105915400A (en) * | 2016-06-28 | 2016-08-31 | 北京神州绿盟信息安全科技股份有限公司 | Data stream switching method and system |
| WO2016150307A1 (en) * | 2015-03-23 | 2016-09-29 | 中兴通讯股份有限公司 | Firewall dual-machine hot spare method, device and system |
| CN108092889A (en) * | 2017-12-27 | 2018-05-29 | 上海地面通信息网络股份有限公司 | A kind of end-to-end multilink multinode Full automatic redundant route stand-by system |
| CN109088818A (en) * | 2018-07-19 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of method and device of equipment linkage switching |
| CN109787824A (en) * | 2019-01-11 | 2019-05-21 | 上海凯岸信息科技有限公司 | A method of control three-layer network automatically switches |
| CN112994948A (en) * | 2021-03-31 | 2021-06-18 | 杭州迪普科技股份有限公司 | Silent dual-computer switching method, silent dual-computer switching device, silent dual-computer switching equipment and computer readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030117950A1 (en) * | 2001-12-26 | 2003-06-26 | Huang Gail G | Link redial for mesh protection |
| US20100005263A1 (en) * | 2008-07-04 | 2010-01-07 | Huawei Technologies Co., Ltd. | Information backup method, firewall and network system |
| CN110391988B (en) * | 2018-04-16 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Network flow control method, system and safety protection device |
| US11201854B2 (en) * | 2018-11-30 | 2021-12-14 | Cisco Technology, Inc. | Dynamic intent-based firewall |
-
2021
- 2021-12-30 CN CN202111663281.5A patent/CN114301842B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257490A (en) * | 2008-02-03 | 2008-09-03 | 杭州华三通信技术有限公司 | Method and device for processing packet under fireproof wall side road mode |
| CN101848100A (en) * | 2009-03-23 | 2010-09-29 | 北京鼎信高科信息技术有限公司 | Fire wall dual-computer hot-standby system based on CONNTRACK synchronism |
| CN202261336U (en) * | 2011-09-30 | 2012-05-30 | 上海忆通广达信息技术有限公司 | Dual hot-backup firewall system |
| CN102420767A (en) * | 2011-12-15 | 2012-04-18 | 北京星网锐捷网络技术有限公司 | Method and device for switching forwarding paths, and network equipment |
| US9237125B1 (en) * | 2013-05-05 | 2016-01-12 | Applied Knight, LLC | System and associated methods for secure communications |
| CN103841026A (en) * | 2014-02-21 | 2014-06-04 | 烽火通信科技股份有限公司 | VPN route managing system and method of router IP protocol stack |
| WO2016150307A1 (en) * | 2015-03-23 | 2016-09-29 | 中兴通讯股份有限公司 | Firewall dual-machine hot spare method, device and system |
| CN105827623A (en) * | 2016-04-26 | 2016-08-03 | 山石网科通信技术有限公司 | Data center system |
| CN105915400A (en) * | 2016-06-28 | 2016-08-31 | 北京神州绿盟信息安全科技股份有限公司 | Data stream switching method and system |
| CN108092889A (en) * | 2017-12-27 | 2018-05-29 | 上海地面通信息网络股份有限公司 | A kind of end-to-end multilink multinode Full automatic redundant route stand-by system |
| CN109088818A (en) * | 2018-07-19 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of method and device of equipment linkage switching |
| CN109787824A (en) * | 2019-01-11 | 2019-05-21 | 上海凯岸信息科技有限公司 | A method of control three-layer network automatically switches |
| CN112994948A (en) * | 2021-03-31 | 2021-06-18 | 杭州迪普科技股份有限公司 | Silent dual-computer switching method, silent dual-computer switching device, silent dual-computer switching equipment and computer readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 双机热备技术在防火墙中的应用;赵开新;孙新领;;河南机电高等专科学校学报(第02期);全文 * |
| 双机热备让电力网络更可靠;王一达;;信息化建设(第12期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301842A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111585800B (en) | Virtual private cloud-based network node configuration method, device and medium | |
| CN107846358B (en) | Data transmission method, device and network system | |
| EP2664105B1 (en) | Method for backing up link state advertisement | |
| US20220006868A1 (en) | N+1 Redundancy for Virtualized Services with Low Latency Fail-Over | |
| US8824275B2 (en) | Route calculating after switching occurs from a primary main control board to a standby main control board | |
| CN109495345B (en) | BFD processing method and network equipment | |
| CN110971698A (en) | Data forwarding system, method and device | |
| CN106878072B (en) | Message transmission method and device | |
| CN108600069B (en) | Link switching method and device | |
| CN110971872B (en) | Video image information acquisition method based on distributed cluster | |
| CN113328916B (en) | BFD detection mode switching method, device and equipment | |
| US9515872B2 (en) | Systems and methods for tunnel-free fast rerouting in internet protocol networks | |
| CN114301842B (en) | Route searching method and device, storage medium, processor and network system | |
| US11936762B2 (en) | Processing protocol packet | |
| CN113891358B (en) | Load balancing method, equipment and storage medium of cloud network | |
| CN115842765A (en) | Path adjusting method, routing device and storage medium | |
| CN102404339B (en) | Fire wall system and data processing method based on fire wall system | |
| CN111385195B (en) | Information processing method, device and storage medium | |
| CN111083160A (en) | Resource information recovery method and device | |
| CN111131545B (en) | ND Snooping binding table updating method, device and medium | |
| CN109067647B (en) | Routing information maintenance method and device | |
| US11757987B2 (en) | Load balancing systems and methods | |
| CN111835544B (en) | Monitoring method and system of virtual router based on user mode protocol stack | |
| CN105915455B (en) | Method and device for realizing position identification separation protocol multi-homing | |
| CN111224812A (en) | Network traffic forwarding method and device, electronic equipment and machine-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |