CN116170488A - Message forwarding method, device, system, electronic equipment and medium - Google Patents
Message forwarding method, device, system, electronic equipment and mediumDownload PDFInfo
- Publication number
- CN116170488A CN116170488ACN202211650929.XACN202211650929ACN116170488ACN 116170488 ACN116170488 ACN 116170488ACN 202211650929 ACN202211650929 ACN 202211650929ACN 116170488 ACN116170488 ACN 116170488A
- Authority
- CN
- China
- Prior art keywords
- message
- forwarded
- connection
- forwarding
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription69
- 238000004590computer programMethods0.000claimsdescription7
- 230000008569processEffects0.000description17
- 230000006870functionEffects0.000description7
- 238000012545processingMethods0.000description5
- 238000010586diagramMethods0.000description4
- 230000000977initiatory effectEffects0.000description2
- 238000012986modificationMethods0.000description2
- 230000004048modificationEffects0.000description2
- 238000012544monitoring processMethods0.000description2
- 238000006467substitution reactionMethods0.000description2
- 230000002159abnormal effectEffects0.000description1
- 230000005856abnormalityEffects0.000description1
- 238000004891communicationMethods0.000description1
- 238000005111flow chemistry techniqueMethods0.000description1
- 230000006872improvementEffects0.000description1
- 238000011084recoveryMethods0.000description1
- 238000012546transferMethods0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Technical Field
The embodiment of the application relates to the field of network security, in particular to a method, a device, a system, electronic equipment and a medium for forwarding a message.
Background
In the related art, in a transparent proxy program based on a linux kernel, after a crash occurs in the proxy program, before a process is restarted, a newly-entered transparent proxy connection cannot be connected with a proxy address, and service interruption occurs. Some agent initiation processes can be time consuming, during which policy access to the business is affected.
Therefore, how to ensure that traffic in the network security device is not interrupted becomes a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a method, a device, a system, electronic equipment and a medium for forwarding a message, which can continuously forward the message at least after the agent program of a kernel crashes through some embodiments of the application, thereby preventing service interruption.
In a first aspect, the present application provides a method for forwarding a message, applied to a network security device, where the method includes: searching a forwarding record corresponding to a message to be forwarded in a connection table, wherein the connection table is used for storing the corresponding relation between the message to be forwarded and the forwarding record; confirming that the forwarding record does not exist, and searching for second connection information corresponding to the message to be forwarded in a state information record table, wherein the state information record table is used for storing the corresponding relation between the message to be forwarded and the second connection information; confirming that the second connection information does not exist, and establishing a connection item for the message to be forwarded in the connection table; and forwarding the message to be forwarded based on the connection item.
Therefore, the embodiment of the application can determine whether the message to be forwarded needs bypass operation or is forwarded to the local kernel according to the connection table and the state information record table by searching the connection table and the state information record table for the message to be forwarded, so that the message can be continuously forwarded after the agent program of the kernel crashes, and service interruption is prevented.
With reference to the first aspect, in an implementation manner of the present application, before the establishing a connection item in the connection table for the to-be-forwarded packet, the method further includes: and confirming that the forwarding request of the message to be forwarded is a newly-built connection request.
Therefore, by confirming that the message to be forwarded is the newly-built connection request, the embodiment of the application can ensure that the service of the newly-built connection request is not interrupted after the agent program of the kernel crashes.
With reference to the first aspect, in an implementation manner of the present application, before the establishing a connection item in the connection table for the to-be-forwarded packet, the method further includes: and confirming that the forwarding request of the message to be forwarded is not a newly established connection request, and discarding the message to be forwarded.
Therefore, the embodiment of the application can reduce the consumption of the memory by discarding the message which is not the newly-built connection request, thereby accelerating the message processing speed.
With reference to the first aspect, in an implementation manner of the present application, after the confirming that the forwarding record does not exist, the method further includes: and confirming the message to be forwarded as a transparent proxy message.
Therefore, the embodiment of the application can reduce the memory consumption of the network security equipment by confirming that the message to be forwarded is the transparent proxy message.
With reference to the first aspect, in an implementation manner of the present application, after the searching, in the state information record table, the second connection information corresponding to the to-be-forwarded packet, the method further includes: confirming that the second connection information exists, marking the message to be forwarded with a mark, and obtaining a mark message to be forwarded; storing the identification to-be-forwarded message Wen Bao in a kernel of the network security device; searching a policy route of the message to be forwarded based on the identification in the kernel; and forwarding the message to be forwarded based on the policy route.
Therefore, the embodiment of the application can find the corresponding policy route in the kernel by marking the mark for the message to be forwarded, thereby improving the efficiency of forwarding the message.
With reference to the first aspect, in an implementation manner of the present application, after the establishing a connection item in the bypass connection table for the to-be-forwarded packet, the method further includes: and recording the connection state of the message to be forwarded.
In a second aspect, the present application provides an apparatus for forwarding a packet, applied to a network security device, where the apparatus includes: the first searching module is configured to search a forwarding record corresponding to a message to be forwarded in a bypass connection table, wherein the bypass connection table is used for storing the corresponding relation between the message to be forwarded and the forwarding record; the second searching module is configured to confirm that the forwarding record does not exist, and search second connection information corresponding to the message to be forwarded in a state information record table, wherein the state information record table is used for storing the corresponding relation between the message to be forwarded and the second connection information; the table item establishing module is configured to confirm that the second connection information does not exist, and establish a connection item for the message to be forwarded in the bypass connection table; and the message forwarding module is configured to forward the message to be forwarded based on the connection item.
With reference to the second aspect, in an embodiment of the present application, the table entry creation module is further configured to: and confirming that the forwarding request of the message to be forwarded is a newly-built connection request.
With reference to the second aspect, in an embodiment of the present application, the table entry creation module is further configured to: and confirming that the forwarding request of the message to be forwarded is not a newly established connection request, and discarding the message to be forwarded.
With reference to the second aspect, in an embodiment of the present application, the second search module is further configured to: and confirming the message to be forwarded as a transparent proxy message.
With reference to the second aspect, in an embodiment of the present application, the second search module is further configured to: confirming that the second connection information exists, marking the message to be forwarded with a mark, and obtaining a mark message to be forwarded; storing the identification to-be-forwarded message Wen Bao in a kernel of the network security device; searching a policy route of the message to be forwarded based on the identification in the kernel; and forwarding the message to be forwarded based on the policy route.
With reference to the second aspect, in an embodiment of the present application, the packet forwarding module is further configured to: and recording the connection state of the message to be forwarded.
In a third aspect, the present application provides a system for forwarding a packet, where the system includes: the client is configured to send a message to be forwarded; the network security device is configured to receive the message to be forwarded, and execute the method according to any embodiment of the first aspect according to the message to be forwarded to forward the message to be forwarded.
In a fourth aspect, the present application provides an electronic device, including: a processor, a memory, and a bus; the processor is connected to the memory via the bus, the memory storing a computer program which, when executed by the processor, performs the method according to any embodiment of the first aspect.
In a fifth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed, performs a method according to any embodiment of the first aspect.
Drawings
Fig. 1 is a schematic diagram of a system composition for forwarding a message according to an embodiment of the present application;
FIG. 2 is one of the flow charts of a message forwarding method according to the embodiments of the present application;
FIG. 3 is a second flowchart of a method for forwarding a message according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of an apparatus for forwarding a message according to an embodiment of the present application;
fig. 5 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application based on the embodiments of the present application.
In order to solve the problems in the background art, in some embodiments of the present application, a transparent proxy message passing through a network security device is searched by a kernel in a manner of establishing a TCP connection table, and if a current transparent proxy message does not exist in the TCP connection table, whether the current transparent proxy message needs bypass or is forwarded to the kernel is determined according to a kernel socket search result.
The method steps in the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 provides a block diagram of a system for message forwarding in some embodiments of the present application, including aclient 110 and anetwork security device 120. Specifically, theclient 110 sends the message to be forwarded to thenetwork security device 120, after receiving the message to be forwarded, thenetwork security device 120 searches the state information record table for second connection information corresponding to the message to be forwarded when confirming that the forwarding record of the message to be forwarded does not exist in the connection table, then establishes a connection item for the message to be forwarded in the connection table when the second connection information does not exist, and finally forwards the message to be forwarded based on the connection item.
In the related art, in the transparent proxy program based on the linux kernel, after the proxy program crashes, before the process is restarted, the newly entered transparent proxy connection cannot be connected with the proxied address, and service interruption occurs. Some agent initiation processes can be time consuming, during which policy access to the business is affected. When the proxy process exits due to abnormality, the kernel can send the current message to be forwarded to the transparent proxy address request bypass. When the proxy process is started, the message to be forwarded can be forwarded through the proxy process, and transparent proxy connection of bypass can be kept uninterrupted.
The following exemplarily illustrates a solution for forwarding a message provided by some embodiments of the present application by using a network security device. It can be appreciated that the technical scheme of the method for forwarding the message in the embodiment of the application can be applied to any network security device, for example, firewall products.
At least for the problems in the background art, as shown in fig. 2, some embodiments of the present application provide a method for forwarding a message, where the method includes:
s210, searching a forwarding record corresponding to the message to be forwarded in the connection table.
It should be noted that, the connection table is a bypass connection table, and the connection table is used for storing a correspondence between a message to be forwarded and a bypass forwarding record. That is, the bypass connection table stores first connection information for forwarding a message by means of bypass, where the first connection information includes five-tuple information, for example, a source IP address, a destination IP address, a source port number, a destination port number, and a protocol.
In one embodiment of the present application, a netfilter module needs to be added to the kernel of the network security device before S210, and the following functions are configured for this module:
firstly, for a kernel socket matching interface, whether a corresponding socket structure exists in the kernel or not can be searched through a message structure to be forwarded. Then, a pre_routing hook function is registered for acquiring a message to be forwarded and is used as an entry for transparent proxy bypass flow processing. Then, connection management is performed, specifically, connection searching is achieved according to five-tuple (source IP, destination IP, source port, destination port and protocol family (IPV 4 or IPV 6)) of the message to be forwarded, and TCP state machine management achieves recovery of overtime connection under various states. Finally, policy management, specifically, allows a user to configure monitoring transparent proxy IP, port, protocol family and TCP connection timeout information, and provides a policy matching interface, allowing to determine whether a message to be forwarded belongs to a certain transparent proxy policy.
Wherein, adding policy route in network safety device, taking IPV4 as example, executing the following command:
“/sbin/ip rule add fwmark 1lookup 100
/sbin/ip route add local 0.0.0.0/0dev lo table 100”
it may be appreciated that the policy routing includes an interface for forwarding the message, a destination device for forwarding, etc., and may be set according to actual situations, and the embodiments of the present application are not limited thereto.
After the configuration is completed, the transparent proxy strategy address configuration is issued downwards, so that the IP, the port and the protocol family of the kernel and the proxy process are kept consistent, and the transparent proxy process is started.
In one embodiment of the present application, after the message to be forwarded is obtained, a forwarding record corresponding to the message to be forwarded is searched in the bypass connection table.
That is, if the forwarding record exists, it is only necessary to directly track the connection state (i.e. record the connection state of the message to be forwarded) and forward the message to be forwarded through bypass, which indicates that the message having the same five-tuple information as the current message to be forwarded has already been forwarded through bypass.
S220, confirming that the forwarding record does not exist, and searching second connection information corresponding to the message to be forwarded in the state information record table.
It should be noted that, the state information record table is used for storing the corresponding relation between the message to be forwarded and the second connection information. Specifically, the state information record table may be referred to as a kernel inet_hash table (for example, the state information record table corresponding to ipv6 is inet6_hash table), which is used to store a TCP connection sock established between the kernel and the outside and a TCP sock monitored by the kernel, and is used to store a connection state, a monitored state, a time-out time, and the like.
If the forwarding record does not exist, judging whether the message to be forwarded is a transparent proxy message, and if the message to be forwarded is not the transparent proxy message, directly ending the flow. If the message to be forwarded is the transparent proxy message, searching second connection information corresponding to the message to be forwarded in the state information record table.
If the second connection information exists, firstly, marking an identifier for the message to be forwarded to obtain the identifier for the message to be forwarded, then, storing the identifier for the message to be forwarded in a kernel of the network security equipment, then, searching a policy route of the message to be forwarded in the kernel based on the identifier, and finally, forwarding the message to be forwarded based on the policy route.
Specifically, in the presence of the second connection information, the message to be forwarded is marked as 1, and the message to be forwarded with the mark of 1 is obtained and stored in the kernel. And then, the core pre-stores the strategy route corresponding to the identifier, after the core acquires the message to be forwarded with the identifier 1, the core searches the strategy route corresponding to the identifier 1, and finally forwards the current message to be forwarded according to the strategy route.
S230, confirming that the second connection information does not exist, and establishing a connection item for the message to be forwarded in the connection table.
If the second connection information does not exist, judging whether the forwarding request of the message to be forwarded is a new connection request, and if the forwarding request of the message to be forwarded is not the new connection request, discarding the message to be forwarded. If the connection request is newly established, a connection item is established for the message to be forwarded in the bypass connection table, then the connection state of the message to be forwarded is recorded, and S240 is executed to forward the message to be forwarded based on the connection item.
As a specific embodiment of the present application, as shown in fig. 3, a method for forwarding a message provided in the present application includes: s301 uses hook function to obtain the message to be forwarded, S302 is bypass connection, if yes, S310 is executed to track the connection state, if not, S303 is executed to be transparent proxy message, if not, S312 is executed to end, if transparent proxy message is executed to search for transparent proxy sock, then S305 sock is executed to determine whether the transparent proxy sock exists, if yes, S306 is executed to set the mark, if not, S307 is executed to be new connection, if not, S308 is executed to discard the message, if new connection is executed to establish bypass connection item, S309 is executed to track the connection state and S311 is executed to transfer the message, and finally S312 is executed to end.
Specifically, firstly, when a message to be forwarded enters a kernel through a network security device to be processed, the message passes through a kernel netfilter framework, and then enters a pre_routing hook of a kproxy module. In the hook function, firstly, a connection management interface is used for searching, judging whether the message to be forwarded is connected with a bypass transparent proxy, if so, tracking the connection state, and then forwarding the message.
It will be appreciated that, since a kernel module is required to complete the function of the kernel module in implementation, the kernel module implementing the method of the present application is referred to as kproxy module in the present application.
And secondly, when the message to be forwarded does not belong to bypass connection, the kproxy module judges whether the message to be forwarded is a transparent proxy message or not by utilizing a policy matching interface, and if the message to be forwarded does not belong to the transparent proxy message, the processing of the message to be forwarded is ignored. And judging whether the kernel has the established sock connection or the monitored sock structure by utilizing a socket matching module for the message to be forwarded of the transparent proxy message. If the core sock structure exists, a message mark to be forwarded is set to be 1, and the message is routed to a local machine through a routing module.
Thirdly, if the kernel does not exist in the kernel when the socket matching module searches, if the kernel has no socket structure which is already connected or in a monitoring state, if the message to be forwarded is a SYN handshake message of a TCP, the message to be forwarded is a newly-built connection request, and at the moment, the proxy process is abnormally exited and needs to carry out bypass on the connection, the kproxy module creates a connection tracking table entry for the connection, tracks the connection state and forwards the message; if the message to be forwarded is not a TCP handshake message, the message is discarded.
Finally, when the proxy process is restarted, after the transparent proxy address is monitored again, the message to be forwarded in the kernel is entered, if the request is a new request with a synchronization sequence number (Synchronize Sequence Numbers, SYN), the message to be forwarded can be forwarded to the local through kernel socket matching. For the connection of the previous bypass, the hook function is searched through the bypass connection table and directly forwarded, so that the connection is ensured to be continuous.
Therefore, the method and the device solve the problem that after the transparent proxy program is crashed by using the linux kernel, the newly-entered transparent proxy connection cannot be processed until the process is restarted and recovered, so that the service is interrupted. The method comprises the steps that a connection table is established in a kernel, transparent proxy traffic of bypass is tracked and connected, whether a proxy process is abnormal or not is judged through a sock search, and when the proxy process exits abnormally and causes kernel sock search failure, a message to be forwarded is subjected to bypass; when the proxy process is restarted, the newly entered request can continue to be forwarded through the proxy process, while the transparent proxy connection of the previous bypass can remain uninterrupted.
The foregoing describes a specific embodiment of a method for forwarding a message, and a device for forwarding a message will be described below.
As shown in fig. 4, some embodiments of the present application provide anapparatus 400 for forwarding a message, where the apparatus includes: afirst lookup module 410, asecond lookup module 420, anentry creation module 430, and amessage forwarding module 440.
Afirst lookup module 410, configured to lookup a forwarding record corresponding to a message to be forwarded in a bypass connection table, where the bypass connection table is used to store a correspondence between the message to be forwarded and the forwarding record; asecond searching module 420, configured to confirm that the forwarding record does not exist, and search a state information record table for second connection information corresponding to the message to be forwarded, where the state information record table is used to store a correspondence between the message to be forwarded and the second connection information; anentry establishing module 430, configured to confirm that the second connection information does not exist, and establish a connection entry for the message to be forwarded in the bypass connection table; amessage forwarding module 440, configured to forward the message to be forwarded based on the connection.
In one embodiment of the present application, theentry creation module 430 is further configured to: and confirming that the forwarding request of the message to be forwarded is a newly-built connection request.
In one embodiment of the present application, theentry creation module 430 is further configured to: and confirming that the forwarding request of the message to be forwarded is not a newly established connection request, and discarding the message to be forwarded.
In one embodiment of the present application, thesecond search module 420 is further configured to: and confirming the message to be forwarded as a transparent proxy message.
In one embodiment of the present application, thesecond search module 420 is further configured to: confirming that the second connection information exists, marking the message to be forwarded with a mark, and obtaining a mark message to be forwarded; storing the identification to-be-forwarded message Wen Bao in a kernel of the network security device; searching a policy route of the message to be forwarded based on the identification in the kernel; and forwarding the message to be forwarded based on the policy route.
In one embodiment of the present application, thepacket forwarding module 440 is further configured to: and recording the connection state of the message to be forwarded.
In the embodiment of the present application, the module shown in fig. 4 can implement each process in the embodiments of the methods of fig. 1, fig. 2, and fig. 3. The operation and/or function of the individual modules in fig. 4 are for the purpose of realizing the respective flows in the method embodiments in fig. 1, 2 and 3, respectively. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.
As shown in fig. 5, an embodiment of the present application provides anelectronic device 500, including: aprocessor 510, amemory 520 and a bus 530, the processor being connected to the memory by means of the bus, the memory storing computer readable instructions which, when executed by the processor, are adapted to carry out the method according to any one of the above-mentioned embodiments, in particular with reference to the description of the above-mentioned method embodiments, and detailed descriptions are omitted here as appropriate to avoid redundancy.
Wherein the bus is used to enable direct connection communication of these components. The processor in the embodiment of the application may be an integrated circuit chip, which has a signal processing capability. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The Memory may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. The memory has stored therein computer readable instructions which, when executed by the processor, perform the method described in the above embodiments.
It will be appreciated that the configuration shown in fig. 5 is illustrative only and may include more or fewer components than shown in fig. 5 or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
The embodiments of the present application further provide a computer readable storage medium, on which a computer program is stored, which when executed by a server, implements the method according to any one of the foregoing embodiments, and specifically reference may be made to the description in the foregoing method embodiments, and detailed descriptions are omitted here as appropriate to avoid redundancy.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211650929.XACN116170488B (en) | 2022-12-21 | 2022-12-21 | A method, device, system, electronic device and medium for forwarding messages |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211650929.XACN116170488B (en) | 2022-12-21 | 2022-12-21 | A method, device, system, electronic device and medium for forwarding messages |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116170488Atrue CN116170488A (en) | 2023-05-26 |
| CN116170488B CN116170488B (en) | 2025-04-25 |
Family
ID=86415544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211650929.XAActiveCN116170488B (en) | 2022-12-21 | 2022-12-21 | A method, device, system, electronic device and medium for forwarding messages |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116170488B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354989A (en)* | 2010-08-12 | 2013-10-16 | 思杰系统有限公司 | Systems and methods for multi-level quality of service classification in an intermediary device |
| WO2019056922A1 (en)* | 2017-09-22 | 2019-03-28 | 烽火通信科技股份有限公司 | Fast rerouting-based vpws bypass protection switching method and system |
| CN111897681A (en)* | 2020-07-14 | 2020-11-06 | 绿盟科技集团股份有限公司 | Message forwarding method and device, computing equipment and storage medium |
| WO2022237291A1 (en)* | 2021-05-11 | 2022-11-17 | 中国移动通信有限公司研究院 | Message transmission method and apparatus, related device, and storage medium |
| CN115421960A (en)* | 2022-09-28 | 2022-12-02 | 深信服科技股份有限公司 | UE memory fault recovery method, device, electronic equipment and medium |
- 2022
- 2022-12-21CNCN202211650929.XApatent/CN116170488B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103354989A (en)* | 2010-08-12 | 2013-10-16 | 思杰系统有限公司 | Systems and methods for multi-level quality of service classification in an intermediary device |
| WO2019056922A1 (en)* | 2017-09-22 | 2019-03-28 | 烽火通信科技股份有限公司 | Fast rerouting-based vpws bypass protection switching method and system |
| CN111897681A (en)* | 2020-07-14 | 2020-11-06 | 绿盟科技集团股份有限公司 | Message forwarding method and device, computing equipment and storage medium |
| WO2022237291A1 (en)* | 2021-05-11 | 2022-11-17 | 中国移动通信有限公司研究院 | Message transmission method and apparatus, related device, and storage medium |
| CN115421960A (en)* | 2022-09-28 | 2022-12-02 | 深信服科技股份有限公司 | UE memory fault recovery method, device, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116170488B (en) | 2025-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12316526B2 (en) | BGP route identification method, apparatus, and device | |
| EP2398198A1 (en) | Method, apparatus, and system for diagnosing route in network based on diameter protocol | |
| US20110093612A1 (en) | Device, method and computer readable medium for bgp route monitoring | |
| US11902130B2 (en) | Data packet loss detection | |
| EP2815546A1 (en) | Construct Large-scale DVPN | |
| WO2020173424A1 (en) | Message processing method, and gateway device | |
| CN106789638A (en) | Method and network device for processing routing | |
| WO2020057445A1 (en) | Communication system, method, and device | |
| CN112929225B (en) | Session exception handling method and device, computer equipment and storage medium | |
| CN111010362B (en) | Monitoring method and device for abnormal host | |
| EP4239969A1 (en) | Message sending method and apparatus, message processing method and apparatus, and system | |
| US10129749B2 (en) | Method and device for acquiring response message, method and device for routing response message, and system for acquiring response message and routing response message | |
| CN116170488B (en) | A method, device, system, electronic device and medium for forwarding messages | |
| CN112272134B (en) | IPSec tunnel establishment method and device, branch equipment and center-end equipment | |
| US20240039829A1 (en) | Route refresh method, apparatus, and system | |
| EP3627779A1 (en) | Path data deletion method, and message forwarding method and apparatus | |
| CN117061496A (en) | Remote debugging method, debugging terminal, target equipment and remote debugging system | |
| CN116248559A (en) | Method, system, device, equipment and medium for acquiring monitoring log | |
| CN112242943B (en) | IPSec tunnel establishment method and device, branch equipment and center-end equipment | |
| CN115632963A (en) | Method, device, apparatus and medium for confirming tunnel connection state | |
| CN116915786B (en) | License plate recognition and vehicle management system with cooperation of multiple servers | |
| JP4413539B2 (en) | ROUTING CONTROL METHOD, DATA COLLECTING DEVICE, AND ROUTING CONTROL SYSTEM | |
| CN115442288B (en) | SRv6 network data packet inspection method and device | |
| CN113055217A (en) | Equipment offline repair method and device | |
| CN108055200B (en) | Data packet sending method, mobile router and network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |