CN115484149A - Network switching method, network switching device, electronic device and storage medium - Google Patents

Network switching method, network switching device, electronic device and storage medium Download PDF

Info

Publication number
CN115484149A
CN115484149A CN202211110074.1A CN202211110074A CN115484149A CN 115484149 A CN115484149 A CN 115484149A CN 202211110074 A CN202211110074 A CN 202211110074A CN 115484149 A CN115484149 A CN 115484149A
Authority
CN
China
Prior art keywords
domain name
firewall
name server
target
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211110074.1A
Other languages
Chinese (zh)
Other versions
CN115484149B (en
Inventor
王文勃
孟朝雄
张展程
赵琪
许天一
陈永浩
易卫华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202211110074.1A priority Critical patent/CN115484149B/en
Publication of CN115484149A publication Critical patent/CN115484149A/en
Application granted granted Critical
Publication of CN115484149B publication Critical patent/CN115484149B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • H04L41/083Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed

Abstract

The present disclosure provides a network switching method, which can be applied to the technical field of network security management or finance. The method comprises the following steps: acquiring scheme configuration information aiming at the network equipment to be switched; under the condition that the target firewall switching task is not generated, aiming at the firewall equipment, generating a first pre-execution strategy according to scheme configuration information of the firewall equipment and first pre-execution switching task association information; under the condition that the generation of the switching task of the target domain name server is determined, aiming at the domain name server, generating a second pre-execution strategy according to the scheme configuration information of the domain name server and the second pre-execution switching task correlation information; and under the condition of concurrently executing the target firewall switching task and the target domain name server switching task, executing the target firewall switching task based on the first pre-execution strategy, and executing the target domain name server switching task based on the second pre-execution strategy. The present disclosure also provides a network switching apparatus, a device, a medium, and a program product.

Description

Network switching method, network switching device, electronic device and storage medium
Technical Field
The present disclosure relates to the field of network security management or financial technology, and in particular, to a network switching method, a network switching apparatus, an electronic device, a storage medium, and a program product.
Background
When disaster Recovery backup switching is performed in the financial industry, due to supervision requirements and business continuity requirements, the requirement on RTO (Recovery Time Objective) is extremely high. The network field requires that the switching time is controlled within the second requirement.
However, in the process of implementing the present disclosure, it is found that firewall devices involved in network switching are devices of different manufacturers and different models, and domain names and IPs involved in switching are hundreds of thousands, and when the firewall devices and a domain name server (DNS server) concurrently perform switching, both firewall devices and the DNS server have performance bottlenecks, and there are time-consuming steps of acquiring device configurations, generating instructions, and executing instructions in the switching process, and a conventional network switching manner cannot meet the requirement of RTO.
Disclosure of Invention
In view of the above, the present disclosure provides a network switching method, a network switching apparatus, an electronic device, a storage medium, and a program product.
According to a first aspect of the present disclosure, there is provided a network handover method, including:
acquiring scheme configuration information aiming at network equipment to be switched, wherein the network equipment to be switched comprises firewall equipment and a domain name server;
under the condition that the target firewall switching task is not generated, aiming at the firewall equipment, generating a first pre-execution strategy according to scheme configuration information of the firewall equipment and first pre-execution switching task association information;
under the condition that the generation of the switching task of the target domain name server is determined, aiming at the domain name server, generating a second pre-execution strategy according to the scheme configuration information of the domain name server and the second pre-execution switching task correlation information; and
and under the condition of concurrently executing the target firewall switching task and the target domain name server switching task, executing the target firewall switching task based on the first pre-execution strategy, and executing the target domain name server switching task based on the second pre-execution strategy.
According to the embodiment of the disclosure, acquiring scheme configuration information for a network device to be switched includes:
using identification information corresponding to systems to be switched of different applications to perform scheme configuration on firewall equipment to obtain scheme configuration information of the firewall equipment; and
and performing scheme configuration on the domain name server by utilizing domain name information and domain name server identification information of different domain name servers in a scene to be switched to obtain scheme configuration information of the domain name server.
According to the embodiment of the disclosure, scheme configuration is performed on firewall equipment by using identification information corresponding to systems to be switched of different applications, so as to obtain scheme configuration information of the firewall equipment, and the method comprises the following steps:
mapping the identification information to corresponding firewall equipment, wherein each firewall equipment at least corresponds to the identification information corresponding to the systems to be switched of the two applications;
for each firewall device, according to the application, aggregating the identification information to obtain aggregated identification information; and
and determining the scheme configuration information of the firewall equipment according to the aggregated identification information.
According to an embodiment of the present disclosure, the first pre-execution switching task association information includes: the method comprises the following steps of obtaining attribute information, application information and identification information of a system to be switched of firewall equipment;
under the condition that the target firewall switching task is determined not to be generated, aiming at the firewall equipment, generating a first pre-execution strategy according to the scheme configuration information of the firewall equipment and the first pre-execution switching task association information, wherein the method comprises the following steps:
under the condition that a target firewall switching task is determined not to be generated, acquiring corresponding scheme configuration information from the scheme configuration information of the firewall equipment according to the attribute information of the firewall equipment to obtain first target scheme configuration information; and
and generating a first pre-execution strategy according to the configuration information, the application information and the identification information of the system to be switched of the first target scheme.
According to the embodiment of the disclosure, the second pre-execution switching task association information comprises attribute information of the domain name server and identification information of the domain name server to be switched;
under the condition that the generation of the switching task of the target domain name server is determined, aiming at the domain name server, generating a second pre-execution strategy according to the scheme configuration information of the domain name server and the associated information of the second pre-execution switching task, wherein the method comprises the following steps:
acquiring corresponding scheme configuration information from the scheme configuration information of the domain name server according to the attribute information of the domain name server to obtain second target scheme configuration information; and
and generating a second pre-execution strategy according to the second target scheme configuration information and the identification information of the domain name server to be switched.
According to an embodiment of the present disclosure, executing a target firewall switching task based on a first pre-execution policy includes:
issuing the first pre-execution strategy to firewall equipment; and
and under the condition that the target firewall switching task needs to be executed, calling a first pre-execution strategy from the firewall equipment, and executing the target firewall switching task.
According to the embodiment of the disclosure, based on the second pre-execution strategy, the target domain name server switches the task, including:
storing the second pre-execution strategy to a strategy pool;
under the condition that the target domain name server switching task needs to be executed, determining a second pre-execution strategy matched with the target domain name server switching task from the strategy pool; and
and executing the target domain name server switching task under the condition that the matching is determined to be successful.
A second aspect of the present disclosure provides a network switching apparatus, including:
the system comprises an acquisition module, a switching module and a switching module, wherein the acquisition module is used for acquiring scheme configuration information aiming at the network equipment to be switched, and the network equipment to be switched comprises firewall equipment and a domain name server;
the first generation module is used for generating a first pre-execution strategy for the firewall equipment according to the scheme configuration information of the firewall equipment and the first pre-execution switching task association information under the condition that the target firewall switching task is determined not to be generated;
the second generation module is used for generating a second pre-execution strategy aiming at the domain name server according to the scheme configuration information of the domain name server and the second pre-execution switching task association information under the condition of determining the generation of the target domain name server switching task; and
and the execution module is used for executing the target firewall switching task based on the first pre-execution strategy and executing the target domain name server switching task based on the second pre-execution strategy under the condition of concurrently executing the target firewall switching task and the target domain name server switching task.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described network handover method.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described network handover method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the network switching method described above.
According to the embodiment of the disclosure, after scheme configuration information for network equipment to be switched is acquired, for firewall switching, the action of generating a strategy is performed before a task instance is generated; for switching of the domain name server, the action of generating the strategy is preposed when the task instance is generated, the strategy which can be directly used is ensured to be possessed when the task is scheduled, and the time loss of obtaining configuration and strategy generation in the switching process of the network firewall and the domain name server is saved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, taken in conjunction with the accompanying drawings of which:
fig. 1 schematically illustrates an application scenario diagram of a network switching method, a network switching apparatus, an electronic device, a storage medium, and a program product according to an embodiment of the present disclosure;
fig. 2 schematically shows a flow chart of a network handover method according to an embodiment of the present disclosure;
fig. 3 schematically illustrates that, according to the embodiment of the present disclosure, the firewall device is configured according to a scheme by using identification information corresponding to systems to be switched of different applications, so as to obtain scheme configuration information of the firewall device;
fig. 4 schematically illustrates a firewall switching diagram in a disaster recovery switching scenario according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a domain name server switching diagram in a disaster recovery switching scenario according to an embodiment of the present disclosure;
fig. 6 schematically shows a block diagram of a network switching device according to an embodiment of the present disclosure; and
fig. 7 schematically shows a block diagram of an electronic device adapted to implement a network handover method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
In those instances where a convention analogous to "at least one of A, B, and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B, and C" would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.).
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
In the technical scheme of the embodiment of the disclosure, before the personal information of the user is obtained or collected, the authorization or the consent of the user is obtained.
In the process of implementing the present disclosure, it is found that firewall devices involved in network switching are devices of different manufacturers and different models, and domain names and IPs involved in switching are hundreds of thousands, and when the firewall devices and a domain name server (DNS server) concurrently perform switching, both performance bottlenecks exist, and time-consuming steps of obtaining device configurations, generating instructions, and executing instructions exist in the switching process, and a conventional network switching manner cannot meet the requirements of RTO. Although the network switching method can improve a certain switching efficiency in an automatic manner, the above problem cannot be solved.
The embodiment of the disclosure provides a network switching method, which includes: acquiring scheme configuration information aiming at network equipment to be switched, wherein the network equipment to be switched comprises firewall equipment and a domain name server; under the condition that the target firewall switching task is determined not to be generated, aiming at the firewall equipment, generating a first pre-execution strategy according to scheme configuration information of the firewall equipment and first pre-execution switching task association information; under the condition that the generation of the switching task of the target domain name server is determined, aiming at the domain name server, generating a second pre-execution strategy according to the scheme configuration information of the domain name server and the second pre-execution switching task correlation information; and under the condition of concurrently executing the target firewall switching task and the target domain name server switching task, executing the target firewall switching task based on the first pre-execution strategy, and executing the target domain name server switching task based on the second pre-execution strategy.
Fig. 1 schematically shows an application scenario diagram of a network switching method, a network switching apparatus, an electronic device, a storage medium, and a program product according to embodiments of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The backend management server may analyze and process the received data such as the user request, and feed back a processing result (for example, a web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the network handover method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the network switching device provided by the embodiment of the present disclosure may be generally disposed in the server 105. The network switching method provided by the embodiment of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the network switching device provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
The network switching method provided by the embodiment of the present disclosure may also be executed by the terminal devices 101, 102, 103. Accordingly, the network switching device provided in the embodiments of the present disclosure may also be disposed in the terminal devices 101, 102, and 103. The network switching method provided by the embodiment of the present disclosure may also be executed by other terminals different from the terminal devices 101, 102, and 103. Accordingly, the network switching device provided by the embodiment of the present disclosure may also be disposed in other terminals different from the terminal devices 101, 102, and 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for an implementation.
The network handover method of the disclosed embodiment will be described in detail below with fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a network handover method according to an embodiment of the present disclosure.
As shown in fig. 2, the network switching method 200 of this embodiment includes operations S201 to S204.
In operation S201, scheme configuration information for a network device to be switched is obtained, where the network device to be switched includes a firewall device and a domain name server.
According to the embodiment of the disclosure, the scheme configuration information of the firewall device and the scheme configuration information of the domain name server can be respectively obtained. The scheme configuration information of the firewall device can represent the mapping relation between the identification information corresponding to the system to be switched and the firewall device. The scheme configuration information of the domain name server can represent the total domain name and the identification information of the domain name server under a certain class of domain name server switching scene. Firewall devices may include Huacheng firewalls, mountain stone firewalls, and the like.
For example, in a disaster recovery switching scenario, the scheme configuration information for the network device to be switched may be obtained by configuring identification information corresponding to the system to be switched, a domain name of the domain name server to be switched, and domain name server identification information.
In operation S202, in a case where it is determined that the target firewall switching task is not generated, a first pre-execution policy is generated for the firewall device according to the scheme configuration information of the firewall device and the first pre-execution switching task association information.
According to the embodiment of the disclosure, before the target firewall switching task is not generated, after the scheme configuration information of the firewall device is acquired by going to the network device to be switched, a first pre-execution strategy is generated together with the first pre-execution switching task association information.
It should be noted that, when the first pre-execution policy is generated, the switching task is not automatically executed, and may be issued to the firewall device in the form of a pre-execution policy ID, so as to be called after the target firewall switching task is generated and the instruction for executing the task is issued. The method comprises the steps that 2 pre-execution strategy IDs can be automatically allocated to each application and correspond to an inbound ID and an outbound ID respectively, and the same application maintains the same pre-execution strategy ID for different firewall equipment.
According to the embodiment of the disclosure, the first pre-execution switching task related information may include attribute information of the firewall device, application information, and identification information of the system to be switched.
For example, the attribute information of the firewall device may include information of a firewall device name, a management IP, a model, a vendor, and the like. The application information may include an application name and a code. The identification information of the system to be switched can comprise IP information of the system to be switched. The first pre-execution policy may include a pre-execution policy ID.
In operation S203, in a case where it is determined that the target domain name server switching task is generated, a second pre-execution policy is generated for the domain name server according to the scheme configuration information of the domain name server and the second pre-execution switching task association information.
According to the embodiment of the disclosure, when the switching task of the target domain name server is generated, after the scheme configuration information of the domain name server is acquired by going to the network device to be switched, a second pre-execution strategy is generated together with the associated information of the second pre-execution switching task.
It should be noted that, when the second pre-execution policy is generated, the automatic execution switching task is not directly performed, and the second pre-execution policy may be first stored in the policy pool, so that matching is performed after an instruction for executing the task is issued.
According to the embodiment of the present disclosure, the second pre-execution switching task association information may include attribute information of the domain name server and identification information of the domain name server to be switched.
For example, the attribute information of the domain name server may include source domain name information, target domain name information, and the like. The identifier information of the domain name server to be switched may include target IP information and the like. The second pre-execution switching task association information may further include source IP information.
In operation S204, in a case where the target firewall switching task and the target domain name server switching task are concurrently executed, the target firewall switching task is executed based on the first pre-execution policy, and the target domain name server switching task is executed based on the second pre-execution policy.
According to the embodiment of the disclosure, when the target firewall switching task is executed and an instruction for executing the target firewall switching task is received, the policy for the target firewall switching task can be called according to the generated first pre-execution policy, and the target firewall switching task is completed. When an instruction for executing the target domain name server switching task is received, the instruction can be matched with the generated second pre-execution strategy. If the matching is unsuccessful, prompting that no execution condition is met, allowing the user to execute forcibly, wherein the forcible execution can be executed according to the conventional domain name server switching logic; and if the matching is successful, directly transmitting the matched second pre-execution strategy to an instruction execution interface of the automation platform, and issuing the matched second pre-execution strategy to a target domain name server to complete the execution.
It should be noted that, for firewall switching, a pre-execution policy needs to be generated before a target firewall switching task is not generated; for domain name server switching, when a target domain name server switching task is generated, a pre-execution strategy is generated, because the switching information of the firewall is solidified and single from a disaster recovery switching scene; the switching information of the domain name server is non-fixed and can not be exhausted, the actually switched domain name and IP can be any combination of switching configuration of the domain name server, and only when the task instance is generated, the pre-processing is carried out before the task instance is executed.
According to the embodiment of the disclosure, after scheme configuration information for the network equipment to be switched is acquired, for firewall switching, the action of generating the strategy is performed before the task instance is generated; for switching of the domain name server, the action of generating the strategy is preposed when the task instance is generated, the strategy which can be directly used is ensured to be provided when the task is scheduled, and the time loss of obtaining configuration and generating the strategy in the switching processes of the network firewall and the domain name server is saved.
According to the embodiment of the disclosure, acquiring scheme configuration information for a network device to be switched includes:
using identification information corresponding to systems to be switched of different applications to perform scheme configuration on firewall equipment to obtain scheme configuration information of the firewall equipment; and carrying out scheme configuration on the domain name server by utilizing the domain name information and the domain name server identification information of different domain name servers in the scene to be switched to obtain the scheme configuration information of the domain name server.
According to the embodiment of the disclosure, the identification information corresponding to the systems to be switched of different applications can be mapped with the firewall equipment to obtain the mapping relation between the identification information corresponding to the systems to be switched and the firewall equipment. And obtaining the scheme configuration information of the firewall equipment under the application dimension based on the mapping relation. The configuration of the full domain name and the identification information of the domain name server under a certain class of domain name server switching scene can be carried out on the domain name server, and the scheme configuration information of the domain name server is obtained.
According to the embodiment of the disclosure, under the condition that the identification information corresponding to the systems to be switched of different applications is detected to be updated, the scheme configuration information of the firewall equipment is updated correspondingly. And correspondingly updating the scheme configuration information of the domain name server under the condition of detecting that the total domain name and the identification information of the domain name server are updated under the switching scene of a certain class of domain name servers.
According to the embodiment of the disclosure, by acquiring the scheme configuration information of the firewall device and the scheme configuration information of the domain name server, the switching task can be pre-executed to generate the pre-execution strategy, and when a large number of systems with different applications execute switching simultaneously, the same network device to be switched does not need to receive multiple switching instructions for the systems with different applications, and only needs to receive one switching instruction, so that the problem of concurrency pressure of the switching instructions issued by the systems with different applications to the network device to be switched is solved.
According to the embodiment of the disclosure, scheme configuration is performed on firewall equipment by using identification information corresponding to systems to be switched of different applications, so as to obtain scheme configuration information of the firewall equipment, and the method comprises the following steps:
mapping the identification information to corresponding firewall equipment, wherein each firewall equipment at least corresponds to the identification information corresponding to the systems to be switched of the two applications; for each firewall device, according to the application, aggregating the identification information to obtain aggregated identification information; and determining the scheme configuration information of the firewall equipment according to the aggregated identification information.
According to an embodiment of the present disclosure, the identification information may include address information.
According to the embodiment of the disclosure, the obtained identification information corresponding to the systems to be switched of a plurality of different applications can be mapped to the corresponding firewall equipment, so that a plurality of identification information under the dimensionality of the firewall equipment can be obtained. And aggregating the multiple identification information under the application dimension aiming at the multiple identification information under each firewall equipment dimension, and aggregating the multiple identification information corresponding to the same application together to obtain the aggregated identification information. And taking the aggregated identification information as scheme configuration information of the firewall equipment.
Fig. 3 schematically shows a schematic diagram that a firewall device is configured according to a scheme by using identification information corresponding to systems to be switched of different applications to obtain scheme configuration information of the firewall device according to an embodiment of the present disclosure.
For example, as shown in fig. 3, the identification information 11.110.1.1, 11.110.1.2, 11.110.1.4, \ 8230'; 11.110.3.4 in fig. 3 may be mapped to the firewall devices, respectively, and may be mapped to the firewall device 1, the firewall device 2, and the firewall device 3, respectively, and then the identification information in the firewall device 1, the firewall device 2, and the firewall device 3 is aggregated based on the application, that is, the identification information belonging to the same application is aggregated.
According to the embodiment of the disclosure, when the same firewall device is switched, the system does not need to receive the switching instruction for multiple times for different application systems, and only needs to receive the switching instruction once, so that the problem of concurrence pressure of the systems of different applications for sending the switching instruction to the same firewall device is solved.
According to an embodiment of the present disclosure, the first pre-execution switching task association information includes: the firewall equipment comprises attribute information, application information and identification information of a system to be switched.
Under the condition that the target firewall switching task is determined not to be generated, aiming at the firewall equipment, generating a first pre-execution strategy according to the scheme configuration information of the firewall equipment and the first pre-execution switching task association information, wherein the method comprises the following steps:
under the condition that a target firewall switching task is determined not to be generated, acquiring corresponding scheme configuration information from the scheme configuration information of the firewall equipment according to the attribute information of the firewall equipment to obtain first target scheme configuration information; and generating a first pre-execution strategy according to the configuration information of the first target scheme, the application information and the identification information of the system to be switched.
According to an embodiment of the present disclosure, the attribute information of the firewall device may include information of a firewall device name, a management IP, a model, a vendor, and the like. The application information may include an application name and a code. The identification information of the system to be switched can comprise IP information of the system to be switched. The first target solution configuration information may characterize a solution configuration required for the target firewall switch task. The first pre-execution policy may include a pre-execution policy ID of the pre-execution target firewall switch task.
For example, the first target solution configuration information may be obtained by acquiring corresponding solution configuration information from solution configuration information of the firewall device according to information such as a name, a management IP, a model, and a manufacturer of the firewall device. And generating a first pre-execution strategy which can be used for executing a target firewall switching task according to the first target scheme configuration information, the application name and the code and the IP information of the system to be switched.
According to the embodiment of the disclosure, under the condition that the scheme configuration information of the firewall device is detected to be updated, the first pre-execution policy is correspondingly updated.
According to the embodiment of the disclosure, the action of generating the strategy is preposed before the target firewall switching task instance is generated, so that the first pre-execution strategy which can be directly used is ensured to be provided when the target firewall switching task is scheduled, and the time loss of obtaining configuration and strategy generation in firewall switching is saved.
According to the embodiment of the disclosure, the second pre-execution switching task association information includes attribute information of the domain name server and identification information of the domain name server to be switched.
Under the condition that the generation of the switching task of the target domain name server is determined, aiming at the domain name server, generating a second pre-execution strategy according to the scheme configuration information of the domain name server and the associated information of the second pre-execution switching task, wherein the method comprises the following steps:
acquiring corresponding scheme configuration information from the scheme configuration information of the domain name server according to the attribute information of the domain name server to obtain second target scheme configuration information; and generating a second pre-execution strategy according to the second target scheme configuration information and the identification information of the domain name server to be switched.
According to an embodiment of the present disclosure, the attribute information of the domain name server may include source domain name information, target domain name information, and the like. The identifier information of the domain name server to be switched may include target IP information and the like. The second target scheme configuration information may characterize a scheme configuration required for the target domain name server switching task. The second pre-execution switching task association information may further include source IP information.
For example, the second target scheme configuration information may be obtained by obtaining the scheme configuration required by the switching task of the target domain name server from the scheme configuration information of the domain name server according to the source domain name information, the target IP information, and the source IP information. And generating a second pre-execution strategy which can be used for executing the switching task of the target domain name server according to the second target scheme configuration information and the target IP information.
According to the embodiment of the disclosure, the second pre-execution policy is correspondingly updated under the condition that the scheme configuration information of the domain name server is detected to be updated.
According to the embodiment of the disclosure, when the action of generating the strategy is preposed to the generation of the target domain name server switching task instance, the second pre-execution strategy which can be directly matched is ensured to be provided when the target domain name server switching task is scheduled, and the time loss of obtaining configuration and strategy generation in the domain name server switching is saved.
According to an embodiment of the present disclosure, executing a target firewall switching task based on a first pre-execution policy includes:
issuing the first pre-execution strategy to firewall equipment; and under the condition that the target firewall switching task needs to be executed, calling a first pre-execution strategy from the firewall equipment, and executing the target firewall switching task.
According to the embodiment of the disclosure, under the condition that the target firewall switching task and the target domain name server switching task are executed concurrently, if an instruction that the target firewall switching task needs to be executed is received, a first pre-execution policy can be called from firewall equipment, and the target firewall switching task is executed.
According to the embodiment of the disclosure, the first pre-execution strategy is issued to the firewall device and used as the standby strategy of the firewall switching task, so that the standby strategy can be directly called when the firewall switching task is executed.
According to the embodiment of the disclosure, based on the second pre-execution strategy, the target domain name server switches the task, including:
storing the second pre-execution strategy to a strategy pool; under the condition that the target domain name server switching task needs to be executed, determining a second pre-execution strategy matched with the target domain name server switching task from the strategy pool; and executing the target domain name server switching task under the condition that the matching is determined to be successful.
According to an embodiment of the present disclosure, the policy pool may store the policy in a key value manner, where the key may be a unique key generated according to the domain name server information, the source domain name, the target domain name, the source IP, and the target IP information; the value may be a policy.
According to the embodiment of the disclosure, under the condition that the target firewall switching task and the target domain name server switching task are concurrently executed, if an instruction that the target domain name server switching task needs to be executed is received, the second pre-execution strategy can be directly matched from the strategy pool, and the target domain name server switching task is executed.
According to the embodiment of the disclosure, in the case of determining that the matching fails, the target domain name server switching task may be forcibly executed according to conventional domain name server switching logic.
According to the embodiment of the disclosure, the second pre-execution strategy is stored in the strategy pool and used as a standby strategy which can be directly matched when the domain name server switching task is executed, so that the standby strategy which can be directly matched when the domain name server switching task is executed is facilitated.
Fig. 4 schematically illustrates a firewall switching diagram in a disaster recovery switching scenario according to an embodiment of the present disclosure.
As shown in fig. 4, in the disaster recovery switching scenario of this embodiment, firewall switching may be performed by first performing scheme configuration on the firewall device in the disaster recovery management and control system, and generating a policy on the automation platform after performing scheme pre-execution before generating a task, and issuing the policy to the firewall device. When the task of switching the firewall is executed, the automatic platform generates an execution instruction and sends the instruction to the firewall equipment, and the firewall equipment completes the execution of the instruction.
According to the embodiment of the disclosure, the scheme configuration of the firewall device is performed in the disaster backup management and control system, and the scheme configuration of the firewall device can be performed by using the identification information corresponding to the systems to be switched of different applications, so as to obtain the scheme configuration information of the firewall device.
According to the embodiment of the disclosure, the acquired identification information corresponding to the systems to be switched of a plurality of different applications can be mapped to the corresponding firewall equipment, so that a plurality of identification information under the dimensionality of the firewall equipment can be obtained. And aggregating the plurality of identification information under the application dimension aiming at the plurality of identification information under each firewall equipment dimension, and aggregating the plurality of identification information corresponding to the same application together to obtain the aggregated identification information. And taking the aggregated identification information as scheme configuration information of the firewall equipment.
Fig. 5 schematically shows a domain name server switching diagram in a disaster recovery switching scenario according to an embodiment of the present disclosure.
As shown in fig. 5, in the disaster recovery and backup switching scenario of this embodiment, the domain name server switching may be performed by first performing scheme configuration of the domain name server in the disaster recovery and backup management and control system, selecting from the scheme configuration of the domain name server when a task is generated, then performing asynchronous pre-execution, generating a policy on the automation platform, and storing the policy in the policy pool of the disaster recovery and backup management and control system. When the task switched by the domain name server is executed, the automatic platform automatically matches with the strategy pool, generates an execution instruction and sends the instruction to the domain name server, and the domain name server completes the execution of the instruction.
According to the embodiment of the disclosure, the scheme configuration of the domain name server is performed in the disaster recovery backup control system, and the scheme configuration of the domain name server can be performed by using the domain name information and the domain name server identification information of different domain name servers in the scene to be switched, so as to obtain the scheme configuration information of the domain name server.
It should be noted that the network switching method disclosed by the present disclosure may be applied to network switching of a multi-active deployment system in a disaster recovery switching scenario. Other types of disaster recovery switching steps, such as application start-stop, security switching, database switching, and storage switching, are components of the entire disaster recovery switching process, and can be applied to switching of the active/standby deployed system in the disaster recovery switching scenario. The processing for switching between different networks in the network switching method of the present disclosure may also be applied to other types of disaster recovery switching steps through reasonable adjustment, which is not specifically limited herein.
Based on the network switching method, the disclosure also provides a network switching device. The apparatus will be described in detail below with reference to fig. 6.
Fig. 6 schematically shows a block diagram of a network switching device according to an embodiment of the present disclosure.
As shown in fig. 6, the network switching apparatus 600 of this embodiment includes an obtaining module 610, a first generating module 620, a second generating module 630, and an executing module 640.
The obtaining module 610 is configured to obtain scheme configuration information for a network device to be switched, where the network device to be switched includes a firewall device and a domain name server. In an embodiment, the obtaining module 610 may be configured to perform the operation S201 described above, which is not described herein again.
The first generating module 620 is configured to, when it is determined that the target firewall switching task is not generated, generate, for the firewall device, a first pre-execution policy according to the scheme configuration information of the firewall device and the first pre-execution switching task association information. In an embodiment, the first generating module 620 may be configured to perform the operation S202 described above, and is not described herein again.
The second generating module 630 is configured to, in a case that it is determined that the target domain name server switching task is generated, generate, for the domain name server, a second pre-execution policy according to the scheme configuration information of the domain name server and the second pre-execution switching task association information. In an embodiment, the second generating module 630 may be configured to perform the operation S203 described above, which is not described herein again.
The executing module 640 is configured to, under the condition that the target firewall switching task and the target domain name server switching task are concurrently executed, execute the target firewall switching task based on the first pre-execution policy, and execute the target domain name server switching task based on the second pre-execution policy. In an embodiment, the first executing module 640 may be configured to execute the operation S204 described above, and is not described herein again.
According to the embodiment of the present disclosure, any plurality of the obtaining module 610, the first generating module 620, the second generating module 630, and the executing module 640 may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 610, the first generating module 620, the second generating module 630, and the executing module 640 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or implemented by a suitable combination of any of them. Alternatively, at least one of the obtaining module 610, the first generating module 620, the second generating module 630 and the executing module 640 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 7 schematically shows a block diagram of an electronic device adapted to implement a network handover method according to an embodiment of the present disclosure.
As shown in fig. 7, an electronic device 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are stored. The processor 701, the ROM702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 700 may also include input/output (I/O) interface 705, which input/output (I/O) interface 705 is also connected to bus 704, according to an embodiment of the present disclosure. The electronic device 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that the computer program read out therefrom is mounted in the storage section 708 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM702 and/or the RAM 703 and/or one or more memories other than the ROM702 and the RAM 703 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated by the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 701. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, and the like. In another embodiment, the computer program may also be transmitted in the form of a signal over a network medium, distributed, and downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by the processor 701, performs the above-described functions defined in the system of the embodiment of the present disclosure. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments of the present disclosure and/or the claims may be made without departing from the spirit and teachings of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. A network handover method, comprising:
acquiring scheme configuration information aiming at network equipment to be switched, wherein the network equipment to be switched comprises firewall equipment and a domain name server;
under the condition that a target firewall switching task is determined not to be generated, aiming at the firewall equipment, generating a first pre-execution strategy according to scheme configuration information of the firewall equipment and first pre-execution switching task association information;
under the condition that the generation of a target domain name server switching task is determined, aiming at the domain name server, generating a second pre-execution strategy according to scheme configuration information of the domain name server and second pre-execution switching task association information; and
and under the condition of concurrently executing the target firewall switching task and the target domain name server switching task, executing the target firewall switching task based on the first pre-execution strategy, and executing the target domain name server switching task based on the second pre-execution strategy.
2. The method according to claim 1, wherein the obtaining of the scheme configuration information for the network device to be switched comprises:
using identification information corresponding to systems to be switched of different applications to perform scheme configuration on the firewall equipment to obtain scheme configuration information of the firewall equipment; and
and carrying out scheme configuration on the domain name server by utilizing domain name information and domain name server identification information of different domain name servers in a scene to be switched to obtain scheme configuration information of the domain name server.
3. The method according to claim 2, wherein the performing scheme configuration on the firewall device by using identification information corresponding to systems to be switched of different applications to obtain scheme configuration information of the firewall device includes:
mapping the identification information to the corresponding firewall equipment, wherein each firewall equipment at least corresponds to the identification information corresponding to the systems to be switched of the two applications;
for each firewall device, according to the application, aggregating the identification information to obtain aggregated identification information; and
and determining the scheme configuration information of the firewall equipment according to the aggregated identification information.
4. The method according to any one of claims 1 to 3, wherein the first pre-execution switching task association information comprises: attribute information, application information and to-be-switched system identification information of the firewall equipment;
the generating, for the firewall device, a first pre-execution policy according to the scheme configuration information of the firewall device and the first pre-execution switching task association information under the condition that it is determined that the target firewall switching task is not generated, includes:
under the condition that the target firewall switching task is determined not to be generated, acquiring corresponding scheme configuration information from the scheme configuration information of the firewall equipment according to the attribute information of the firewall equipment to obtain first target scheme configuration information; and
and generating the first pre-execution strategy according to the first target scheme configuration information, the application information and the identification information of the system to be switched.
5. The method according to any one of claims 1 to 3, wherein the second pre-execution switching task association information includes attribute information of the domain name server and identification information of the domain name server to be switched;
the generating, for the domain name server, a second pre-execution policy according to the scheme configuration information of the domain name server and second pre-execution switching task association information under the condition that the generation of the target domain name server switching task is determined includes:
acquiring corresponding scheme configuration information from the scheme configuration information of the domain name server according to the attribute information of the domain name server to obtain second target scheme configuration information; and
and generating the second pre-execution strategy according to the second target scheme configuration information and the identification information of the domain name server to be switched.
6. The method of any of claims 1-3, wherein said performing the target firewall switch task based on the first pre-execution policy comprises:
sending the first pre-execution strategy to the firewall equipment; and
and under the condition that the target firewall switching task needs to be executed, calling the first pre-execution strategy from the firewall equipment, and executing the target firewall switching task.
7. The method according to any one of claims 1 to 3, wherein the performing the target domain name server switching task based on the second pre-enforcement policy comprises:
storing the second pre-execution strategy to a strategy pool;
under the condition that the target domain name server switching task needs to be executed, determining a second pre-execution strategy matched with the target domain name server switching task from the strategy pool; and
and executing the target domain name server switching task under the condition that the matching is determined to be successful.
8. A network switching apparatus comprising:
the system comprises an acquisition module, a switching module and a switching module, wherein the acquisition module is used for acquiring scheme configuration information aiming at the network equipment to be switched, and the network equipment to be switched comprises firewall equipment and a domain name server;
the first generation module is used for generating a first pre-execution strategy for the firewall equipment according to the scheme configuration information of the firewall equipment and the first pre-execution switching task association information under the condition that a target firewall switching task is determined not to be generated;
the second generation module is used for generating a second pre-execution strategy aiming at the domain name server according to the scheme configuration information of the domain name server and the second pre-execution switching task association information under the condition of determining the generation of the target domain name server switching task; and
and the execution module is used for executing the target firewall switching task based on the first pre-execution strategy and executing the target domain name server switching task based on the second pre-execution strategy under the condition of concurrently executing the target firewall switching task and the target domain name server switching task.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN202211110074.1A 2022-09-13 2022-09-13 Network switching method, network switching device, electronic equipment and storage medium Active CN115484149B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211110074.1A CN115484149B (en) 2022-09-13 2022-09-13 Network switching method, network switching device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211110074.1A CN115484149B (en) 2022-09-13 2022-09-13 Network switching method, network switching device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115484149A true CN115484149A (en) 2022-12-16
CN115484149B CN115484149B (en) 2024-04-02

Family

ID=84392897

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211110074.1A Active CN115484149B (en) 2022-09-13 2022-09-13 Network switching method, network switching device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115484149B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635759A (en) * 2009-08-26 2010-01-27 深圳华为通信技术有限公司 Method and device for realizing mobile terminal firewall
US20140359693A1 (en) * 2013-06-03 2014-12-04 International Business Machines Corporation Coordinated network security management
CN106254312A (en) * 2016-07-15 2016-12-21 浙江宇视科技有限公司 A kind of method and device being realized server attack protection by virtual machine isomery
CN110633174A (en) * 2018-06-22 2019-12-31 中兴通讯股份有限公司 Disaster recovery switching method, device and computer readable storage medium
CN111132253A (en) * 2019-12-31 2020-05-08 北京邮电大学 Joint mobility management method for communication switching and service migration
CN112463451A (en) * 2020-12-02 2021-03-09 中国工商银行股份有限公司 Cache disaster recovery cluster switching method and soft load balancing cluster device
US20210075767A1 (en) * 2019-09-05 2021-03-11 Cisco Technology, Inc. Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635759A (en) * 2009-08-26 2010-01-27 深圳华为通信技术有限公司 Method and device for realizing mobile terminal firewall
US20140359693A1 (en) * 2013-06-03 2014-12-04 International Business Machines Corporation Coordinated network security management
CN106254312A (en) * 2016-07-15 2016-12-21 浙江宇视科技有限公司 A kind of method and device being realized server attack protection by virtual machine isomery
CN110633174A (en) * 2018-06-22 2019-12-31 中兴通讯股份有限公司 Disaster recovery switching method, device and computer readable storage medium
US20210075767A1 (en) * 2019-09-05 2021-03-11 Cisco Technology, Inc. Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall
CN111132253A (en) * 2019-12-31 2020-05-08 北京邮电大学 Joint mobility management method for communication switching and service migration
CN112463451A (en) * 2020-12-02 2021-03-09 中国工商银行股份有限公司 Cache disaster recovery cluster switching method and soft load balancing cluster device

Also Published As

Publication number Publication date
CN115484149B (en) 2024-04-02

Similar Documents

Publication Publication Date Title
CN109154968B (en) System and method for secure and efficient communication within an organization
US20170024396A1 (en) Determining application deployment recommendations
US20200293310A1 (en) Software development tool integration and monitoring
CN115357761A (en) Link tracking method and device, electronic equipment and storage medium
CN113191889A (en) Wind control configuration method, configuration system, electronic device and readable storage medium
CN110489392A (en) Data access method, device, system, storage medium and equipment between multi-tenant
CN114237765B (en) Functional component processing method, device, electronic equipment and medium
CN113132400B (en) Business processing method, device, computer system and storage medium
CN115567596A (en) Cloud service resource deployment method, device, equipment and storage medium
CN112506781B (en) Test monitoring method, device, electronic equipment, storage medium and program product
CN113296911B (en) Cluster calling method, cluster calling device, electronic equipment and readable storage medium
CN114925066A (en) Data processing method and device, electronic equipment and storage medium
CN115904527A (en) Data processing method, device, equipment and medium
CN114237821A (en) Self-discovery method and device for Kubernetes container cluster, electronic device and storage medium
CN115484149B (en) Network switching method, network switching device, electronic equipment and storage medium
CN114201508A (en) Data processing method, data processing apparatus, electronic device, and storage medium
CN115291973A (en) Method and device for connecting database by application on cloud, electronic equipment and storage medium
CN114168607A (en) Global serial number generation method, device, equipment, medium and product
CN115190008B (en) Fault processing method, fault processing device, electronic equipment and storage medium
CN110262756B (en) Method and device for caching data
CN115987782B (en) Cloud hostname generation method, device, equipment, storage medium and program product
CN114268558B (en) Method, device, equipment and medium for generating monitoring graph
US11016874B2 (en) Updating taint tags based on runtime behavior profiles
CN114490891A (en) Data processing method, apparatus, device, medium, and program product
CN114625347A (en) Storage system SDK docking method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant