[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111064826A - Information processing method, apparatus, electronic device, and medium executed by firewall - Google Patents

Information processing method, apparatus, electronic device, and medium executed by firewall Download PDF

Info

Publication number
CN111064826A
CN111064826A CN201911424654.6A CN201911424654A CN111064826A CN 111064826 A CN111064826 A CN 111064826A CN 201911424654 A CN201911424654 A CN 201911424654A CN 111064826 A CN111064826 A CN 111064826A
Authority
CN
China
Prior art keywords
firewall
address information
information
data plane
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911424654.6A
Other languages
Chinese (zh)
Other versions
CN111064826B (en
Inventor
李杨
胡松
孙宝良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qax Technology Group Inc
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qax Technology Group Inc, Secworld Information Technology Beijing Co Ltd filed Critical Qax Technology Group Inc
Priority to CN201911424654.6A priority Critical patent/CN111064826B/en
Publication of CN111064826A publication Critical patent/CN111064826A/en
Application granted granted Critical
Publication of CN111064826B publication Critical patent/CN111064826B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5046Resolving address allocation conflicts; Testing of addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides an information processing method, including: if the firewall is the master firewall, acquiring first configuration information, wherein the first configuration information comprises first address information; sending the first address information to a first data plane of the firewall so that the firewall can communicate using the first address information; sending synchronization information to the standby firewall based on the first configuration information, wherein the synchronization information comprises first address information, so that the standby firewall stores the first address information in a second control plane of the standby firewall; and if the firewall is a standby firewall, acquiring first address information, storing the first address information in a second control plane of the firewall and not sending the first address information to a second data plane of the firewall, wherein the first address information is sent to the first data plane by other active firewalls.

Description

Information processing method, apparatus, electronic device, and medium executed by firewall
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to an information processing method and apparatus, an electronic device, and a medium executed by a firewall.
Background
High Availability (HA) technology is a technology that ensures stable operation of a network. Generally, 2 or more than 2 devices form a cluster, and 1 device is used as an active device to perform network forwarding, service processing and other operations. And the other equipment is used as standby equipment for taking over the work of the main equipment when the main equipment is abnormal so as to ensure that the network can stably run.
For the active-standby switching of the firewall, the configuration (internet interconnection addresses and the like) synchronization and the dynamic information (including session, NAT, IPsec connection and the like) synchronization of the active firewall and the standby firewall need to be satisfied. However, the internetworking address used for forwarding and traffic processing has uniqueness on the link, and if the active firewall and the standby firewall are configured with the same internetworking address, address conflict occurs, and network communication is affected.
Disclosure of Invention
In view of the above, the present disclosure provides an information processing method, apparatus, electronic device, and medium performed by a firewall.
One aspect of the present disclosure provides an information processing method performed by a firewall, including: if the firewall is a master firewall, acquiring first configuration information, wherein the first configuration information comprises first address information; sending the first address information to a first data plane of the firewall so that the firewall can communicate using the first address information; sending synchronization information to a backup firewall based on the first configuration information, wherein the synchronization information comprises the first address information, so that the backup firewall stores the first address information in a second control plane of the backup firewall; and if the firewall is a standby firewall, acquiring first address information, and storing the first address information in a second control plane of the firewall without sending the first address information to a second data plane of the firewall, wherein the first address information is sent to the first data plane by the other active firewalls.
According to the embodiment of the present disclosure, in a case that the firewall is a master firewall, in response to obtaining a switching message, deleting the first address information from the first data plane, where the switching message is used to indicate that the firewall is switched to a standby firewall; and sending the switch message to the backup firewall, such that the backup firewall reads the first address information from the second control plane in response to the switch message and sends the first address information to a second data plane of the backup firewall for communication by the backup firewall using the first address information.
According to the embodiment of the disclosure, the method further comprises determining second address information from the first configuration information under the condition that the firewall is the primary firewall; and sending the second address information to the first data plane such that the firewall uses the second address information for communication if the firewall is switched to a backup firewall.
According to an embodiment of the present disclosure, the method further includes performing a repetitive address detection after the first address information of the firewall is transmitted to the first data plane; in the case where it is determined that the first address information conflicts by performing repetitive address detection, the first address information is deleted from the firewall.
According to an embodiment of the present disclosure, the method further includes reading first configuration information from a configuration file of the firewall and storing the first address information to a first control plane of the firewall in a case where the firewall is restarted; negotiating with another firewall to re-determine the active firewall and the standby firewall; in the case that the firewall is redetermined as a standby firewall, keeping the first address information in the first control plane; or sending the first address information to the first data plane under the condition that the firewall is redetermined as the active firewall.
According to the embodiment of the disclosure, the method further comprises the step of determining the firewall to be the main firewall under the condition that the heartbeat packets from other firewalls are not received within the preset time after the firewall is started; and determining the firewall to be a standby firewall under the condition that heartbeat packets from other firewalls are received within the preset time after the firewall is started.
According to the embodiment of the disclosure, the method further comprises comparing the priority of the firewall with the priority of other firewalls under the condition that heartbeat packets from other firewalls are received within the preset time after the firewall is started; if the priority of the firewall is higher than the priorities of other firewalls, determining that the firewall becomes the main firewall, and sending heartbeat packets to other equipment; if the priority of the firewall is lower than the priorities of other firewalls, the firewall is determined to be a standby firewall; and determining the firewall to be the main firewall under the condition that heartbeat packets from other firewalls are not received within the preset time after the firewall is started.
Another aspect of the present disclosure provides an information processing method performed by a firewall, including: under the condition that the firewall is a standby firewall, acquiring second configuration information, wherein the second configuration information comprises third address information; sending the third address information to the second data plane to cause the firewall to communicate using the third address information; receiving synchronization information from other active firewalls, the synchronization information including first address information,
the first address information is sent to a first data plane by other main firewalls; storing the first address information in a second control plane of the firewall; and in response to receiving the handoff message from the active firewall, reading the first address information from the second control plane and sending the first address information to the second data plane to enable the firewall to communicate using the first address information.
Another aspect of the present disclosure provides an information processing apparatus including: a first obtaining module, configured to obtain first configuration information if the firewall is a master firewall, where the first configuration information includes first address information; a first sending module, configured to send the first address information to a first data plane of the firewall, so that the firewall can perform communication using the first address information; a second sending module, configured to send, based on the first configuration information, synchronization information to a backup firewall, where the synchronization information includes the first address information, so that the backup firewall stores the first address information in a second control plane of the backup firewall; and the second obtaining module is used for obtaining first address information if the firewall is a standby firewall, storing the first address information in a second control plane of the firewall and not sending the first address information to a second data plane of the firewall, wherein the first address information is sent to the first data plane by the other active firewalls.
Another aspect of the present disclosure provides an information processing apparatus including: a third obtaining module, configured to obtain second configuration information when the firewall is a standby firewall, where the second configuration information includes third address information; a third sending module, configured to send the third address information to the second data plane, so that the firewall communicates using the third address information; the receiving module is used for receiving synchronous information from other active firewalls, wherein the synchronous information comprises first address information, and the first address information is sent to a first data plane by the other active firewalls; the storage module is used for storing the first address information in a second control plane of the firewall; and the switching module is used for reading the first address information from the second control plane in response to receiving a switching message from the active firewall and sending the first address information to the second data plane so that the firewall can use the first address information for communication.
Another aspect of the present disclosure provides an electronic device including: one or more processors; a storage device for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described method.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, the problem of internet interconnection address conflict during the primary and secondary switching of the firewall can be at least partially solved, so that the internet interconnection address conflict during the primary and secondary switching of the firewall can be at least partially avoided, and the technical effect of high availability of the firewall is realized.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture of an information processing method that may be performed by a firewall in accordance with an embodiment of the present disclosure;
fig. 2A and 2B schematically illustrate a flow chart of an information processing method performed by a firewall according to an embodiment of the present disclosure;
fig. 2C schematically illustrates a flow chart of an information processing method performed by a firewall according to another embodiment of the present disclosure;
FIG. 3 schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure;
FIG. 4 schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure;
FIG. 5A schematically illustrates a flow diagram of an information processing method according to another embodiment of the present disclosure;
FIG. 5B is a flow chart that schematically illustrates a method for processing information after a firewall reboot, in accordance with an embodiment of the present disclosure;
fig. 6 is a schematic diagram illustrating an information processing method for switching between main and standby firewalls according to an embodiment of the disclosure;
FIG. 7 schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure;
fig. 8 schematically illustrates an information processing method performed by a firewall according to an embodiment of the present disclosure;
fig. 9 schematically shows a block diagram of an information processing apparatus according to an embodiment of the present disclosure;
fig. 10 schematically shows a block diagram of an information processing apparatus according to an embodiment of the present disclosure; and
FIG. 11 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Embodiments of the present disclosure provide an information processing method, which may be performed by a primary firewall. The method can comprise the following steps: acquiring first configuration information, wherein the first configuration information comprises first address information; the first address information is sent to a first data plane of the firewall such that the firewall can communicate using the first address information. Next, based on the first configuration information, sending synchronization information to the backup firewall, the synchronization information including the first address information, so that the backup firewall stores the first address information in a second control plane of the backup firewall. Next, in response to obtaining the switch message, deleting the first address information from the first data plane, wherein the switch message is used for indicating that the firewall is switched to the standby firewall, and sending the switch message to the standby firewall, so that the standby firewall reads the first address information from the second control plane in response to the switch message and sends the first address information to the second data plane of the standby firewall for communication by the standby firewall by using the first address information.
Fig. 1 schematically illustrates an exemplary system architecture 100 of an information processing method that may be performed by a firewall according to an embodiment of the disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include switches 101 and 102, firewalls 103 and 104. Firewall 103 may be, for example, an active firewall, and firewall 104 may be a standby firewall. Switch 101 may be in communication with firewalls 103 and 104.
According to the embodiment of the disclosure, in order to enable the standby firewall 104 to work in place of the active firewall 103 in the case of an abnormal active firewall 103, the configuration information (for example, IPv6 address and the like) and the dynamic information (including session, NAT, IPsec connection and the like) of the active firewall 103 and the standby firewall 104 may be synchronized.
In order to avoid internet address collision caused by the synchronization of the configurations of the active firewall 103 and the standby firewall 104, the active firewall 103 may perform the information processing method according to the embodiment of the present disclosure.
It should be understood that the interaction of switches 101 and 102 with the active firewall 103 and the interaction of switches 101 and 102 with the standby firewall 104 in fig. 1 are merely illustrative. Switches 101 and 102 may also be other network devices, and the number of network devices interacting with the active firewall and the standby firewall may be any, as desired for the implementation.
Fig. 2A and 2B schematically show a flow chart of an information processing method performed by a firewall according to an embodiment of the present disclosure.
Fig. 2A is a flowchart of a method executed by a firewall when the firewall is the active firewall. Fig. 2B is a flowchart of a method performed by the firewall when the firewall is a backup firewall.
As shown in fig. 2A, the method includes operations S201 to S203.
In operation S201, if the firewall is the active firewall, first configuration information is obtained, where the first configuration information includes first address information.
The first configuration information may be generated, for example, according to an input operation by a user. The first address information may be, for example, an Ipv6 address.
The first configuration information may include, for example, a plurality of address information and address types of the plurality of address information.
According to embodiments of the present disclosure, internetworking addresses may be divided into floating type addresses and static type addresses. The floating type address may be, for example, an address configured by the active firewall and the standby firewall together, and the static type address may be an address of each of the active firewall and the standby firewall. According to embodiments of the present disclosure, the first address information may be a floating type address, which may be synchronized to the backup firewall.
In operation S202, the first address information is transmitted to a first data plane of the firewall so that the firewall can perform communication using the first address information.
According to embodiments of the present disclosure, a network device, such as a firewall, may generally include a data plane and a control plane. The data plane is used for executing tasks such as data processing and forwarding, and specific execution processes of various functions such as multicast and security protection belong to the task category of the data forwarding plane. In particular, the data plane may include, for example, various interfaces. The control plane may be used to control and manage the operation of all network protocols. In particular, the control plane may comprise, for example, a database.
According to an embodiment of the present disclosure, in operation S202, the Ipv6 address may be sent to the first data plane and the kernel. When the first address information, which may be, for example, an Ipv6 address, is arranged in the first data plane and the kernel, the firewall can perform communication using the first address information. For example, other network devices may access the firewall by accessing the Ipv6 address.
In operation S203, synchronization information is sent to the standby firewall based on the first configuration information, the synchronization information including the first address information, so that the standby firewall stores the first address information in a second control plane of the standby firewall.
The synchronization information may include, for example, first configuration information and dynamic information. The backup firewall may store the first address information in its own database, for example, upon receiving the synchronization information.
According to the embodiment of the disclosure, the configuration synchronization from the active firewall to the standby firewall is divided into real-time synchronization and batch synchronization, and the real-time synchronization can be that if a user configures an IP address on an interface of the active firewall, the user immediately synchronizes to the standby firewall. The bulk synchronization may refer to that after the standby firewall is restarted, the active firewall synchronizes all the configurations to the standby firewall at one time.
As shown in fig. 2B, the method includes operations S204 to S205.
In operation S204, if the firewall is a backup firewall, first address information is acquired.
According to an embodiment of the present disclosure, the first address information may be included in synchronization information from another firewall, or may be described in a configuration file of the firewall, for example. Accordingly, the obtaining of the first address information may be receiving synchronization information from another firewall, obtaining the first address information from the synchronization information, or determining the first address information from a self-configuration file.
In operation S205, the first address information is stored in the own second control plane without being transmitted to the own second data plane. The first address information may be stored in a database, for example.
According to the embodiment of the disclosure, the information processing method configures the first address of the active firewall to the first data plane, and stores the first address information of the standby firewall to the control plane, thereby at least partially avoiding internet interconnection address conflict caused by synchronization of configuration of the active firewall and the standby firewall.
Fig. 2C schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure.
As shown in fig. 2C, the information processing method may further include operations S206 and S207 on the basis of the aforementioned operations S201 to S203 and operations SS204 to S205.
In operation S206, in a case that the firewall is the active firewall, in response to obtaining a switch message, the first address information is deleted from the first data plane, where the switch message is used to indicate that the firewall is switched to the standby firewall.
According to the embodiment of the present disclosure, acquiring the switching message may be, for example, receiving a switching instruction from the client device, or may also be detecting that a certain interface is down, or may also be that the highly available functions of the firewall are enabled or disabled.
In operation S207, a switching message is sent to the backup firewall, such that the backup firewall reads the first address information from the second control plane in response to the switching message and sends the first address information to the second data plane of the backup firewall for communication by the backup firewall using the first address information.
For example, the first address information may be read from a database, configured on its own data plane, and sent to the kernel, so that the standby firewall can communicate using the first address information. For example, to cause the switch to access the backup firewall via the first address information.
According to the embodiment of the disclosure, the method can conveniently realize the switching between the main firewall and the standby firewall, and when the standby firewall needs to be switched to the main firewall, the first address information is sent to the data plane of the standby firewall, so that the standby firewall is switched to the main firewall.
Fig. 3 schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure.
As shown in fig. 3, the information processing method may further include operation S301 and operation S302 on the basis of the embodiment shown in fig. 2, for example, described above. Operations S301 and S302 may be performed, for example, before operation S201.
In operation S301, in the case where the firewall is the active firewall, the second address information is determined from the first configuration information.
According to embodiments of the present disclosure, the second address information may be a static type address, which refers to an address that is not synchronized to the backup firewall.
In operation S302, the second address information is transmitted to the first data plane so that the firewall performs communication using the second address information in a case where the firewall is switched to a backup firewall.
According to the embodiment of the disclosure, in the case that the active firewall is switched to the standby firewall, the first address information, i.e., the floating type address, in the active firewall is deleted. Therefore, the firewall cannot continue to communicate with other network devices using the first address information, but the second address information of the firewall is configured on the first data plane, and the firewall can communicate with other network devices using the second address information. For example, an administrator can manage the firewall through the second address information.
According to the embodiment of the disclosure, the method can enable the firewall to be accessed or managed through the second address information in the case that the first address information is deleted from the firewall.
Fig. 4 schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure.
As shown in fig. 4, the information processing method may further include operations S401 and S402 on the basis of the foregoing embodiment. Operations S401 and S402 may be performed, for example, after operation S202 and before operation S203.
In operation S401, after the first address information of the firewall is transmitted to the first data plane, repetitive address detection is performed.
In operation S402, in case that it is determined that the first address information conflicts by performing repetitive address detection, the first address information is deleted from the firewall.
According to an embodiment of the disclosure, after the first Address information is configured by the firewall in the first data plane, the firewall may perform Duplicate Address Detection (DAD). And if the first address information is determined not to have uniqueness, deleting the first address information from the firewall. If the first address information is determined to be unique, the first address information may be used.
Fig. 5A schematically shows a flow chart of an information processing method according to another embodiment of the present disclosure.
As shown in fig. 5A, the information processing method may further include operations S501 to S504 on the basis of the foregoing embodiment. Operations S501 to S504 may be performed after operation S205, for example.
In operation S501, in case that the firewall is restarted, first configuration information is read from a configuration file of the firewall and the first address information is stored to a first control plane of the firewall.
According to the embodiment of the disclosure, after the upgrade operation is performed on the active firewall and the standby firewall, the firewalls need to be restarted. Before restarting, the firewall saves the upgraded configuration to generate a configuration file.
In the event that the firewall is restarted, the first configuration information is read from the configuration file. The first configuration information may include first address information of a floating type, and the first address information is stored in a first control plane of the firewall.
In operation S502, a negotiation is made with another firewall to redetermine the active firewall and the standby firewall.
According to embodiments of the present disclosure, the negotiation with the backup firewall may be, for example, a preemptive negotiation. That is, after the firewall is started, the firewall waits for a predetermined time length, and if the heartbeat packet from the other device is not received within the predetermined time length, the firewall may be determined as the active firewall again, and the heartbeat packet may be sent to the other device. If a heartbeat packet from other equipment is received, the firewall can be determined as a standby firewall again, and the firewall determined as the standby firewall does not send the heartbeat packet to other equipment.
According to embodiments of the present disclosure, the negotiation with the backup firewall may be, for example, a non-preemptive negotiation. That is, after the firewall is started, the firewall waits for a predetermined time length, and if the heartbeat packet from the other device is not received within the predetermined time length, the firewall may be determined as the active firewall again, and the heartbeat packet may be sent to the other device. If heartbeat packets from other devices are received, the priority of the firewall is compared with the priority of the other devices. And if the priority of the firewall is higher than the priorities of other equipment, the firewall is determined as the main firewall again, and if the priority of the firewall is lower than the priorities of the other equipment, the firewall is determined as the standby firewall again. Among other things, the priority of the firewall and other devices may be determined based on the user's configuration.
In operation S503, in case that the firewall is re-determined as a backup firewall, the first address information is maintained at the first control plane.
In operation S504, the first address information is sent to the first data plane when the firewall is determined to be the active firewall again.
According to the embodiment of the disclosure, the first address information is simultaneously sent to the kernel, so that the firewall communicates with other devices through the first address information.
Fig. 5B schematically shows a flowchart of an information processing method after a firewall is restarted according to an embodiment of the disclosure.
As shown in fig. 5B, the method may include operations S510 to S590 and operation S511.
In operation S510, the firewall is restarted, and first configuration information is read from a configuration file of the firewall. For example, the firewall may be restarted after the active/standby firewall is upgraded.
In operation S520, it is determined whether the firewall has opened the high availability function. If the firewall turns on the high availability function, operation S530 may be performed. If the firewall does not turn on the high-available function, operation S590 may be directly performed.
In operation S530, the firewall is initialized to a standby firewall state. For example, address information may be read from the configuration information.
In operation S540, it is determined whether floating type address information exists in the first configuration information. If it is determined that floating type address information exists, operation S550 may be performed. If it is determined that floating type address information does not exist, operation S590 may be directly performed.
In operation S550, the floating type address is stored in the database without transmitting the floating type address to the data plane and the kernel of the firewall. And the firewall waits for the primary and standby elections, namely the primary firewall and the standby firewall are determined again. For example, operation S501 described above with reference to fig. 5A may be performed.
In operation S560, the other firewall is restarted successfully, for example, the active firewall and the standby firewall may be re-determined according to the preemptive negotiation policy or the non-preemptive negotiation policy. For example, operation S502 described above with reference to fig. 5A may be performed.
In operation S570, it is determined whether the firewall is re-determined to be the active firewall. If the firewall is determined as the active firewall again, operation S580 may be performed. If the firewall is re-determined to be a backup firewall, operation S511 may be performed.
In operation S580, address information, which may be, for example, an Ipv6 address, is read from the database, and the Ipv6 address is sent to the data plane and the kernel. For example, operation S504 described above with reference to fig. 5A may be performed.
In operation S590, DAD detection is performed.
In operation S511, the state of the firewall is kept unchanged, and DAD detection is not performed. For example, operation S503 described above with reference to fig. 5A may be performed.
Fig. 6 schematically shows an information processing method for firewall primary/standby switching according to an embodiment of the present disclosure.
As shown in fig. 6, for example, when the activation state of the high-availability function changes, a primary/secondary switching instruction is received, or a high-availability packet is changed, the primary firewall may generate a primary/secondary switching notification. The enabled state of the high availability function changes, which may be, for example, the high availability function of the firewall switching from disabled to enabled. The receiving of the primary/standby switching instruction may be, for example, receiving a switching instruction from a client. The high availability packet change may be, for example, a change from a firewall and a first firewall forming a high availability group to a firewall and a second firewall forming a high availability group. In the high availability group of the firewall and the first firewall, the firewall may be, for example, an active firewall, and in the high availability group of the firewall and the second firewall, the firewall may be, for example, a standby firewall.
The main firewall generates a main-standby switching notice and sends the main-standby switching notice to the standby firewall.
If the firewall is switched from the standby firewall to the active firewall, reading the Ipv6 address from the database and sending the Ipv6 address to the data plane and the kernel. Next, DAD detection may be performed.
If the firewall is switched from the active firewall to the standby firewall, then the removal of the Ipv6 address from the data plane and kernel may be performed without opening DAD detection.
According to another embodiment of the present disclosure, the information processing method performed by the firewall may further include determining whether the firewall is a standby firewall or an active firewall.
According to an embodiment of the present disclosure, determining whether the firewall is a standby firewall or an active firewall may include: determining the firewall to be a main firewall under the condition that heartbeat packets from other firewalls are not received within preset time after the firewall is started; and determining the firewall to be a standby firewall under the condition that heartbeat packets from other firewalls are received within the preset time after the firewall is started.
According to an embodiment of the present disclosure, determining whether the firewall is a standby firewall or an active firewall may include: comparing the priority of the firewall with the priority of other firewalls under the condition that heartbeat packets from other firewalls are received within the preset time after the firewall is started; if the priority of the firewall is higher than the priorities of other firewalls, determining that the firewall becomes the main firewall, and sending heartbeat packets to other equipment; if the priority of the firewall is lower than the priorities of other firewalls, the firewall is determined to be a standby firewall; and determining the firewall to be the main firewall under the condition that heartbeat packets from other firewalls are not received within the preset time after the firewall is started.
Fig. 7 schematically shows a flowchart of an information processing method according to another embodiment of the present disclosure. The information processing method may be performed by a backup apparatus.
As shown in fig. 7, the method may include operations S701 to S705.
In operation S701, in the case where the firewall is a backup firewall, second configuration information is acquired, the second configuration information including third address information.
The second configuration information may be, for example, information entered and configured by a user for the backup firewall. The third address information may be a static type address.
In operation S702, the third address information is transmitted to the second data plane to cause the firewall to communicate using the third address information.
And sending a third address of the static type to the own data plane so that the standby firewall can communicate by using the third address information. For example, the administrator can manage the firewall through the third address information.
In operation S703, synchronization information from the other active firewalls is received, where the synchronization information includes first address information, and the first address information is sent to the first data plane by the other active firewalls.
The synchronization information may include, for example, first configuration information and dynamic information. The backup firewall may store the first address information in its own database, for example, upon receiving the synchronization information.
The first address information may be, for example, a floating type Ipv6 address.
In operation S704, the first address information is stored in a second control plane of the firewall. The second control plane may be, for example, a database of the standby firewall.
In operation S705, in response to receiving the handover message from the active firewall, the first address information is read from the second control plane and sent to the second data plane, so that the firewall can perform communication using the first address information.
According to an embodiment of the present disclosure, fourth address information may be included in the second configuration information, and the fourth address information may be address information of a static type. The fourth address information is issued from the control plane to the data plane so that the standby firewall can communicate with other devices through the fourth address information. The terminal device such as an administrator can manage the backup firewall by the fourth address information.
Fig. 8 schematically illustrates an information processing method performed by a firewall according to an embodiment of the present disclosure.
The information processing method may include operations S801 to S806.
In operation S801, for example, after the firewall is started, it may be determined whether the firewall is the active firewall. If the firewall is the active firewall, operation S802 may be performed. If the firewall is a backup firewall, operation S805 may be performed.
In operation S802, it is determined whether the active firewall is configured with a floating Ipv6 address. If it is determined that the floating type Ipv6 address is configured, operation S803 may be performed. If it is determined that the floating type Ipv6 address is not configured, operation S804 may be performed.
In operation S803, the configuration information and the dynamic information are synchronized to the standby firewall and the configuration is issued to the data plane and the kernel, wherein the configuration includes a floating Ipv6 address and a static address for the active firewall.
In operation S804, the backup firewall is not synchronized, i.e., the configuration information and the dynamic information are not sent to the backup firewall.
In operation S805, static type address information configured for the standby firewall is determined according to the configuration information for the standby firewall, and synchronization information from the active firewall is received.
In operation S806, the static type address information is sent to the data plane, and the configuration is completed according to the synchronization information.
Fig. 9 schematically shows a block diagram of an information processing apparatus 900 according to an embodiment of the present disclosure.
As shown in fig. 9, the information processing apparatus 900 includes a first obtaining module 910, a first sending module 920, a second sending module 930, and a second obtaining module 940.
The first obtaining module 910, for example, may perform operation S201 described above with reference to fig. 2, and is configured to obtain first configuration information if the firewall is an active firewall, where the first configuration information includes first address information.
The first sending module 920, for example, may perform operation S202 described above with reference to fig. 2, for sending the first address information to the first data plane of the firewall so that the firewall can use the first address information for communication.
The second sending module 930, for example, may perform operation S203 described above with reference to fig. 2, to send, based on the first configuration information, synchronization information to the standby firewall, where the synchronization information includes the first address information, so that the standby firewall stores the first address information in a second control plane of the standby firewall.
The second obtaining module 940, for example, may perform operation S204 described above with reference to fig. 2, and is configured to obtain first address information if the firewall is a standby firewall, and store the first address information in the second control plane of itself without sending the first address information to the second data plane of itself, where the first address information is sent to the first data plane by the other active firewalls.
Fig. 10 schematically shows a block diagram of an information processing apparatus 1000 according to an embodiment of the present disclosure.
As shown in fig. 10, the information processing apparatus 1000 includes a third obtaining module 1010, a third transmitting module 1020, a receiving module 1030, a storing module 1040, and a switching module 1050.
The third obtaining module 1010, for example, may perform operation S701 described above with reference to fig. 7, to obtain second configuration information in a case that the firewall is a backup firewall, where the second configuration information includes third address information.
The third sending module 1020, for example, may perform operation S702 described above with reference to fig. 7, for sending the third address information to the second data plane, so that the firewall communicates using the third address information.
The receiving module 1030, for example, may perform operation S703 described above with reference to fig. 7, to receive synchronization information from the other active firewall, where the synchronization information includes first address information, and the first address information is sent to the first data plane by the other active firewall.
The storing module 1040, for example, may perform operation S704 described above with reference to fig. 7, for storing the first address information in the second control plane of the firewall.
The switching module 1050, for example, may perform operation S705 described above with reference to fig. 7, and is configured to, in response to receiving a switching message from the active firewall, read the first address information from the second control plane and send the first address information to the second data plane, so that the firewall can perform communication using the first address information.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the first obtaining module 910, the first sending module 920, the second sending module 930, and the second obtaining module 940 may be combined into one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 910, the first sending module 920, the second sending module 930, and the second obtaining module 940 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or implemented by a suitable combination of any several of them. Or at least one of the first acquiring module 910, the first transmitting module 920, the second transmitting module 930, and the second acquiring module 940 may be at least partially implemented as a computer program module, which may perform a corresponding function when executed.
FIG. 11 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 11 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 11, an electronic device 1100 according to an embodiment of the present disclosure includes a processor 1101, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.
In the RAM1103, various programs and data necessary for the operation of the electronic device 1100 are stored. The processor 1101, the ROM 1102, and the RAM1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or the RAM 1103. It is noted that the programs may also be stored in one or more memories other than the ROM 1102 and RAM 1103. The processor 1101 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 1100 may also include input/output (I/O) interface 1105, input/output (I/O) interface 1105 also connected to bus 1104, according to an embodiment of the disclosure. Electronic device 1100 may also include one or more of the following components connected to I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The computer program, when executed by the processor 1101, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 1102 and/or the RAM1103 and/or one or more memories other than the ROM 1102 and the RAM1103 described above.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (13)

1. An information processing method performed by a firewall, comprising:
if the firewall is a master firewall, acquiring first configuration information, wherein the first configuration information comprises first address information;
sending the first address information to a first data plane of the firewall so that the firewall can communicate using the first address information;
sending synchronization information to a backup firewall based on the first configuration information, wherein the synchronization information comprises the first address information, so that the backup firewall stores the first address information in a second control plane of the backup firewall;
and if the firewall is a standby firewall, acquiring first address information, and storing the first address information in a second control plane of the firewall without sending the first address information to a second data plane of the firewall, wherein the first address information is sent to the first data plane by the other active firewalls.
2. The method of claim 1, further comprising:
when the firewall is the master firewall, in response to obtaining a switching message, deleting the first address information from the first data plane, wherein the switching message is used for indicating that the firewall is switched to a standby firewall; and
sending the switch message to the backup firewall, such that the backup firewall reads the first address information from the second control plane in response to the switch message and sends the first address information to a second data plane of the backup firewall for communication by the backup firewall using the first address information.
3. The method of claim 1, further comprising:
determining second address information from the first configuration information under the condition that the firewall is a primary firewall; and
sending the second address information to the first data plane such that the firewall communicates using the second address information if the firewall is switched to a backup firewall.
4. The method of claim 1, further comprising:
performing a repetitive address detection after the first address information of the firewall is sent to the first data plane;
deleting the first address information from the firewall in the event that the first address information conflicts as determined by performing the repetitive address detection.
5. The method of claim 1, further comprising:
under the condition that the firewall is restarted, reading the first configuration information from a configuration file of the firewall and storing the first address information to a first control plane of the firewall;
negotiating with the other firewall to re-determine the active firewall and the standby firewall;
maintaining the first address information at the first control plane in the event that the firewall is redetermined as a backup firewall; or
And sending the first address information to the first data plane under the condition that the firewall is redetermined as the active firewall.
6. The method of claim 1, further comprising:
determining the firewall to be a main firewall under the condition that heartbeat packets from other firewalls are not received within preset time after the firewall is started;
and under the condition that the heartbeat packets from the other firewalls are received within the preset time after the firewall is started, determining that the firewall is a standby firewall.
7. The method of claim 1, further comprising:
comparing the priority of the firewall with the priority of other firewalls under the condition that heartbeat packets from other firewalls are received within preset time after the firewall is started;
if the priority of the firewall is higher than the priorities of the other firewalls, determining that the firewall becomes a main firewall, and sending a heartbeat packet to the other equipment;
if the priority of the firewall is lower than the priorities of the other firewalls, determining the firewall to be a standby firewall;
and determining the firewall to be the main firewall under the condition that the heartbeat packets from the other firewalls are not received within the preset time after the firewall is started.
8. An information processing method performed by a firewall, comprising:
under the condition that the firewall is a standby firewall, second configuration information is obtained, wherein the second configuration information comprises third address information;
sending the third address information to the second data plane to cause the firewall to communicate using the third address information;
receiving synchronous information from other active firewalls, wherein the synchronous information comprises first address information, and the first address information is sent to a first data plane by the other active firewalls;
storing the first address information in a second control plane of the firewall; and
and responding to the received switching message from the active firewall, reading the first address information from the second control plane, and sending the first address information to the second data plane so that the firewall can use the first address information for communication.
9. An information processing apparatus comprising:
a first obtaining module, configured to obtain first configuration information if the firewall is a master firewall, where the first configuration information includes first address information;
a first sending module, configured to send the first address information to a first data plane of the firewall, so that the firewall can perform communication using the first address information;
a second sending module, configured to send, based on the first configuration information, synchronization information to a backup firewall, where the synchronization information includes the first address information, so that the backup firewall stores the first address information in a second control plane of the backup firewall;
and the second obtaining module is used for obtaining first address information if the firewall is a standby firewall, storing the first address information in a second control plane of the firewall and not sending the first address information to a second data plane of the firewall, wherein the first address information is sent to the first data plane by the other active firewalls.
10. An information processing apparatus comprising:
a third obtaining module, configured to obtain second configuration information when the firewall is a standby firewall, where the second configuration information includes third address information;
a third sending module, configured to send the third address information to the second data plane, so that the firewall communicates using the third address information;
the receiving module is used for receiving synchronous information from other active firewalls, wherein the synchronous information comprises first address information, and the first address information is sent to a first data plane by the other active firewalls;
the storage module is used for storing the first address information in a second control plane of the firewall; and
and the switching module is used for reading the first address information from the second control plane in response to receiving a switching message from the active firewall and sending the first address information to the second data plane so that the firewall can use the first address information for communication.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 8.
13. A computer program product comprising computer executable instructions for implementing a method according to any one of claims 1 to 8 when executed.
CN201911424654.6A 2019-12-31 2019-12-31 Information processing method, apparatus, electronic device, and medium executed by firewall Active CN111064826B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911424654.6A CN111064826B (en) 2019-12-31 2019-12-31 Information processing method, apparatus, electronic device, and medium executed by firewall

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911424654.6A CN111064826B (en) 2019-12-31 2019-12-31 Information processing method, apparatus, electronic device, and medium executed by firewall

Publications (2)

Publication Number Publication Date
CN111064826A true CN111064826A (en) 2020-04-24
CN111064826B CN111064826B (en) 2022-06-21

Family

ID=70306238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911424654.6A Active CN111064826B (en) 2019-12-31 2019-12-31 Information processing method, apparatus, electronic device, and medium executed by firewall

Country Status (1)

Country Link
CN (1) CN111064826B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055391A (en) * 2021-03-25 2021-06-29 建信金融科技有限责任公司 Method and device for policy configuration conversion during firewall replacement
CN114338358A (en) * 2021-12-28 2022-04-12 深圳市英维克信息技术有限公司 Data interaction method, data interaction equipment, storage medium and PLC

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070061876A1 (en) * 2005-09-14 2007-03-15 Sbc Knowledge Ventures, L.P. System and method for reducing data stream interruption during failure of a firewall device
CN103441987A (en) * 2013-07-30 2013-12-11 曙光信息产业(北京)有限公司 Method and device for managing dual-computer firewall system
CN104618148A (en) * 2015-01-07 2015-05-13 杭州华三通信技术有限公司 Firewall device and backup method thereof
CN110138656A (en) * 2019-05-28 2019-08-16 新华三技术有限公司 Method for processing business and device
CN110336793A (en) * 2019-06-10 2019-10-15 平安科技(深圳)有限公司 A kind of Intranet access method and relevant apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070061876A1 (en) * 2005-09-14 2007-03-15 Sbc Knowledge Ventures, L.P. System and method for reducing data stream interruption during failure of a firewall device
CN103441987A (en) * 2013-07-30 2013-12-11 曙光信息产业(北京)有限公司 Method and device for managing dual-computer firewall system
CN104618148A (en) * 2015-01-07 2015-05-13 杭州华三通信技术有限公司 Firewall device and backup method thereof
CN110138656A (en) * 2019-05-28 2019-08-16 新华三技术有限公司 Method for processing business and device
CN110336793A (en) * 2019-06-10 2019-10-15 平安科技(深圳)有限公司 A kind of Intranet access method and relevant apparatus

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113055391A (en) * 2021-03-25 2021-06-29 建信金融科技有限责任公司 Method and device for policy configuration conversion during firewall replacement
CN114338358A (en) * 2021-12-28 2022-04-12 深圳市英维克信息技术有限公司 Data interaction method, data interaction equipment, storage medium and PLC
CN114338358B (en) * 2021-12-28 2024-05-14 深圳市英维克信息技术有限公司 Data interaction method, device, storage medium and PLC

Also Published As

Publication number Publication date
CN111064826B (en) 2022-06-21

Similar Documents

Publication Publication Date Title
US10761949B2 (en) Live partition mobility with I/O migration
CN110750393B (en) Method, device, medium and equipment for avoiding network service double-machine hot standby brain cracking
US10579437B2 (en) Migrating a logical partition with a native logical port
US9992058B2 (en) Redundant storage solution
US11201836B2 (en) Method and device for managing stateful application on server
CN111064826B (en) Information processing method, apparatus, electronic device, and medium executed by firewall
US9769186B2 (en) Determining a reputation through network characteristics
EP2157511A1 (en) Method for directly routing an interrupt signal to a virtual processing unit in a system with one or several physical processing units
US9973574B2 (en) Packet forwarding optimization without an intervening load balancing node
US10771564B2 (en) Sharing system managed HTTP client sessions across processes
US20150256446A1 (en) Method and apparatus for relaying commands
US7587723B2 (en) Restarting a shared virtual resource
US8346996B2 (en) Information processing system
US9563388B2 (en) Sharing a hosted device in a computer network
CN111130953B (en) VNF availability monitoring method, device and medium
US9239809B2 (en) Message broadcast in a 1-wire system
US11182187B2 (en) Dynamic network connectivity verification in distributed virtual environments
CN116074309B (en) Access method of operating system in cross-platform container and related equipment
US11775328B2 (en) Virtual bond for efficient networking of virtual machines
CN115664842B (en) Communication link setting method, device, equipment and storage medium
US8755268B2 (en) Communicating information in an information handling system
CN118158084A (en) Method, device, system and storage medium for updating configuration information
US10044771B2 (en) Apparatus, method, and computer program for streaming media peripheral address and capability configuration
CN108519912B (en) Data cleaning method and device, computer readable storage medium and electronic equipment
EP3345352B1 (en) Routing device with independent service subsystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant before: QAX Technology Group Inc.

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant