Data packet processing method and device

A processing method and data packet technology, applied in the field of communication, can solve problems such as abnormal network egress, and achieve the effect of improving flexibility

Active Publication Date: 2019-06-14
奇安信网神信息技术(北京)股份有限公司 +1
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The main purpose of the present invention is to provide a data packet processing solution to solve the problem of abnormal network egress when the designated link for transmitting data packets is blocked by ordinary routers or other security devices in the related art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data packet processing method and device
  • Data packet processing method and device
  • Data packet processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] Figure 4 It is a schematic diagram of an enterprise connecting an internal network with an external network through a router according to Embodiment 1 of the present invention, as shown in Figure 4 As shown in the figure, an enterprise link is a multi-export and multi-routing load scenario, and the egress is divided into two types of lines: Telecom and China Netcom. Figure 4 The telecom server and China Netcom server are used to simulate two server addresses respectively. The user requests that the line going to China Netcom should first use China Netcom, and the line going to China Telecom should first use China Telecom, but for some sensitive service traffic (such as HTTP or ICMP service) must use China Netcom line; when there is a problem with the link on one side, it can automatically switch to other lines, with the priority of the same line; for example, if a line of Netcom is interrupted, other Netcom lines of Netcom will be switched first; if there is no other...

Embodiment 2

[0069] In this embodiment, a method for implementing flexible policy routing loads by using labels in security rules is provided. By expanding the security rule table and routing table of the security gateway, a routing table with table identification is added to the network system, and the security The routing identification index (ID) can be configured in the advanced options of the rule. When a data packet is querying a rule, after matching a specific rule, it needs to query the identification index (ID) of the rule. If the identification index (ID) is not configured in the rule, the routing search will be performed according to the conventional routing search method. If the rule is configured If the specific identification index (ID) is specified, the SKB (Socket Buffer)→MARK field of the data packet is assigned to the corresponding identification index (ID). After the security rule module is processed, it enters the routing module, and the routing module MARK value to the...

Embodiment 3

[0087] This embodiment provides a method for implementing flexible policy routing loads by using labels in security rules. In the implementation process, it is divided into two stages: the network administrator configures the firewall device and firewall security rules, and the data processing flow of the routing load module.

[0088] Phase 1: The network administrator configures the firewall. Specifically, the configuration method of label-based advanced intelligent policy routing load may include:

[0089] Step 1, pre-define the destination address resources in the network system, define a telecom address resource addr_wt, the IP addresses are 124.127.118.26, 124.127.118.26, 124.127.118.26; define a Netcom address resource addr_dx, the IP address is 220.161.5.100 , 220.161.5.101, 220.161.5.102;

[0090] Step 2: Define a labeled routing load table item in the network system, add two policy routing table items respectively, the serial numbers are 1 and 2, and the identificat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data packet processing method and device, wherein, the method includes: after receiving an outgoing data packet, determining that a predetermined routing identifier is configured in a security rule matching the data packet; corresponding routing table entry, and perform routing load balancing processing on the data packet according to the preset network egress address resource corresponding to the found routing table entry. The present invention solves the problem in the related art that common routers or other security devices will have abnormal network exits when the designated link for transmitting data packets is unreachable, satisfies various business needs of users in a multi-network exit environment, and improves routing flexibility.

Description

technical field [0001] The present invention relates to the field of communications, in particular to a data packet processing method and device. Background technique [0002] A router is a computer system with multiple network interfaces. It receives data packets from the network, searches the routing table according to the source and destination addresses of the data packets, and forwards the successful data packets. General routers support policy routing. In addition to routing lookups based on source and destination addresses, advanced routing lookups can also be performed through services or protocols. Routers also have access control list (Access Control List, referred to as ACL) control modules, but , the rule ACL control module is independent of the routing module, and the specified rule cannot be associated with the routing table item. [0003] Enterprises and governments now have multiple network outlets, and different outlets are connected to different network op...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/803H04L12/741H04L45/74
Inventor 任献永高伟王斌
Owner 奇安信网神信息技术(北京)股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap