防火墙双机热备系统的设计与实现
发布时间:2018-08-02 18:27
【摘要】:网络设备的一个重要的特点是能够长期、可靠的运行。这一要求对于连接内部网络和外部网络的防火墙来说更加至关重要。专门针对防火墙的双机热备系统是能够保证防火墙稳定的有效手段。同路由器和交换机不同,侧重于安全防护的防火墙会在设备上保存每个连接的会话表信息,并记录了连接所进行的相关业务。采用一般的路由器双机热备系统,只备份配置和路由表等数据,在防火墙发生主备倒换之后会造成连接中断的情况。本课题设计了一种专门针对防火墙的双机热备系统,针对防火墙的具体业务会备份不同的数据。论文研究了双机热备系统的发展历史和华三安全产品的业务流程,针对现有的防火墙设备设计了防火墙双机热备系统。本论文的主要研究内容分为了四大模块,热备系统控制模块、热备系统数据同步模块、热备系统板间通信模块和相关业务处理模块。控制模块通过备份组实现了主备倒换和链路控制的功能。数据同步模块通过调用会话业务对会话表的数据进行了封装和发送,实现了两种备份方式。板间通信模块设计了一种队列模式,此种队列可以有效的减少丢包率和时延。相关业务处理模块供其他业务模块使用,使其他业务模块能够维护对端设备上的业务数据。测试部分模拟了实际的防火墙工作环境,通过对防火墙双机热备系统的功能测试和非功能测试。测试结果表明本系统能够满足对防火墙进行热备的需求。在发生主备倒换时,不会出现连接中断的情况。
[Abstract]:An important feature of network equipment is its long-term, reliable operation. This requirement is even more critical for firewalls that connect internal and external networks. The two-machine hot standby system is an effective way to ensure the stability of firewall. Unlike routers and switches, the firewall, which focuses on security, holds the session table information for each connection on the device and records the related business done by the connection. Using the general router dual-machine hot standby system, only the data such as configuration and routing table are backed up, and the connection will be interrupted after the firewall switch. In this paper, a dual-computer hot standby system is designed for firewall, and different data are backed up according to the specific business of firewall. This paper studies the development history of dual-machine hot standby system and the business process of Huasang security product, and designs a dual-machine firewall hot standby system for the existing firewall equipment. The main research content of this paper is divided into four modules, the hot standby system control module, the hot standby system data synchronization module, the hot standby system inter-board communication module and the related business processing module. The control module realizes the functions of main and backup switching and link control through backup group. The data synchronization module encapsulates and sends the data of the session table by calling the session service and realizes two backup modes. A queue mode is designed in the inter-panel communication module, which can effectively reduce packet loss rate and delay. The related service processing module is used by other service modules, which enables other service modules to maintain service data on the end-to-end equipment. The test part simulates the actual firewall working environment, through the function test and the non-function test of the firewall dual computer hot standby system. The test results show that the system can meet the need of firewall hot standby. There will be no connection interruptions when the main standby switch occurs.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.05
本文编号:2160319
[Abstract]:An important feature of network equipment is its long-term, reliable operation. This requirement is even more critical for firewalls that connect internal and external networks. The two-machine hot standby system is an effective way to ensure the stability of firewall. Unlike routers and switches, the firewall, which focuses on security, holds the session table information for each connection on the device and records the related business done by the connection. Using the general router dual-machine hot standby system, only the data such as configuration and routing table are backed up, and the connection will be interrupted after the firewall switch. In this paper, a dual-computer hot standby system is designed for firewall, and different data are backed up according to the specific business of firewall. This paper studies the development history of dual-machine hot standby system and the business process of Huasang security product, and designs a dual-machine firewall hot standby system for the existing firewall equipment. The main research content of this paper is divided into four modules, the hot standby system control module, the hot standby system data synchronization module, the hot standby system inter-board communication module and the related business processing module. The control module realizes the functions of main and backup switching and link control through backup group. The data synchronization module encapsulates and sends the data of the session table by calling the session service and realizes two backup modes. A queue mode is designed in the inter-panel communication module, which can effectively reduce packet loss rate and delay. The related service processing module is used by other service modules, which enables other service modules to maintain service data on the end-to-end equipment. The test part simulates the actual firewall working environment, through the function test and the non-function test of the firewall dual computer hot standby system. The test results show that the system can meet the need of firewall hot standby. There will be no connection interruptions when the main standby switch occurs.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.05
【参考文献】
相关期刊论文 前10条
1 谭宇;姚亚峰;陈登;霍兴华;;基于FPGA主备倒换的电路设计与实现[J];电视技术;2014年11期
2 李洪亮;;防火墙双机热备的设计与实现[J];电子技术与软件工程;2013年22期
3 李洁;黄婷熙;潘涛涛;;高可靠性通信设备主备倒换软件实现方法[J];电视技术;2013年11期
4 李一兵;王爽;叶方;;软件实现主备倒换的设计[J];微计算机信息;2011年06期
5 沈浩;;基于双机热备的控制计算机系统研究与实现[J];工业控制计算机;2011年04期
6 张国波;;交换机主控单元热备份设计与实现[J];信息安全与通信保密;2010年12期
7 史文路;胡平;;双机热备份系统的研究与改进[J];微处理机;2008年03期
8 韩明军;;软件性能测试过程[J];信息技术与标准化;2007年11期
9 尚艳玲;张云锋;;软件可靠性测试方法研究[J];现代计算机(专业版);2007年06期
10 刘晓洁;黄永佳;;基于Linux的双机热备系统的实现技术[J];计算机应用研究;2007年04期
相关硕士学位论文 前2条
1 黄山松;统一通信平台设计与业务实现[D];复旦大学;2008年
2 曹琼;高端路由交换机中的路由热备份技术应用研究[D];西南交通大学;2005年
,本文编号:2160319
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2160319.html
