Method and Device for Synchronizing Network Data Flow Detection Status
First Claim
1. A method for synchronizing network data flow detection status, comprising:
- receiving a first request sent by a first security device node, wherein the first request carries a first flow entry of a first data flow that is currently detected by the first security device node, and wherein a flow entry is used to uniquely identify a data flow;
determining first network data flow detection status corresponding to the first flow entry; and
sending a first response to the first security device node, wherein the first response carries the first network data flow detection status such that the first security device node maintains, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the first security device node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a device for synchronizing network data flow detection status are provided. The method includes: a status synchronizing server receives a first request sent by a first security device node, where the first request carries a first flow entry of a first data flow that is currently detected by the first security device node; determines first network data flow detection status corresponding to the first flow entry; sends a first response to the first security device node, where the first response carries the first network data flow detection status. A security device node requests previous network data flow detection status of a data flow from a status synchronizing server so as to synchronize network data flow detection status, thereby allowing the security device node to detect a network attack in a more accurate way and improving network system security.
-
Citations
19 Claims
-
1. A method for synchronizing network data flow detection status, comprising:
-
receiving a first request sent by a first security device node, wherein the first request carries a first flow entry of a first data flow that is currently detected by the first security device node, and wherein a flow entry is used to uniquely identify a data flow; determining first network data flow detection status corresponding to the first flow entry; and sending a first response to the first security device node, wherein the first response carries the first network data flow detection status such that the first security device node maintains, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the first security device node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for synchronizing network data flow detection status, comprising:
-
sending, by a first security device node, a first request to a status synchronizing server, wherein the first request carries a first flow entry of a first data flow that is currently detected by the first security device node, and a flow entry is used to uniquely identify a data flow; receiving, by the first security device node, a first response that is sent by the status synchronizing server according to the first request, wherein the first response carries first network data flow detection status corresponding to the first flow entry; and maintaining, by the first security device node, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the first security device node. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A status synchronizing server, comprising:
-
a receiving circuit; a sending circuit; a processor; and a memory, wherein the receiving circuit is configured to receive a first request sent by a first security device node, wherein the first request carries a first flow entry of a first data flow that is currently detected by the first security device node, and a flow entry is used to uniquely identify a data flow, wherein the memory stores an instruction for the processor to determine first network data flow detection status corresponding to the first flow entry, and wherein the sending circuit is configured to send a first response to the first security device node, wherein the first response carries the first network data flow detection status determined by the processor such that the first security device node maintains, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the first security device node.
-
-
17. A security device node, comprising:
-
a receiving circuit; a sending circuit; a processor; and a memory, wherein the sending circuit is configured to send a first request to a status synchronizing server, wherein the first request carries a first flow entry of a first data flow that is currently detected by the security device node, and a flow entry is used to uniquely identify a data flow, wherein the receiving circuit is configured to receive a first response that is sent by the status synchronizing server according to the first request, wherein the first response carries first network data flow detection status corresponding to the first flow entry, and wherein the memory is configured to store an instruction for the processor to maintain, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the security device node.
-
-
18. A network system, comprising:
-
a status synchronizing server configured to; receive a first request sent by a first security device node, wherein the first request carries a first flow entry of a first data flow that is currently detected by the first security device node, and a flow entry is used to uniquely identify a data flow; determine first network data flow detection status corresponding to the first flow entry; send a first response to the first security device node, wherein the first response carries the first network data flow detection status determined by the processor such that the first security device node maintains, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the first security device node; and at least one host device, each of the at least one host device comprises one or more virtual machines and the security device node, wherein the at least one host device is configured to; send the first request to a status synchronizing server; receive a first response that is sent by the status synchronizing server according to the first request, wherein the first response carries first network data flow detection status corresponding to the first flow entry; store an instruction for the processor to maintain, according to the first response, second network data flow detection status that corresponds to the first flow entry and is stored on the security device node, and wherein a data connection is established between the security device node and the status synchronizing server to exchange network data flow detection status. - View Dependent Claims (19)
-
Specification