Intelligent integrated network security device for high-availability applications

US 8,326,961 B2
Filed: 04/23/2010
Issued: 12/04/2012
Est. Priority Date: 02/08/2002
Status: Expired due to Term

First Claim

Patent Images

1. A system comprising:

a first apparatus comprising;

a first security device; and

a first memory to store;

first information relating to processing a first flow associated with one or more first packets received from a network, andsecond information relating to processing a second flow associated with one or more second packets received from the network and intended for a second apparatus, the first flow being different than the second flow, the second apparatus being different than the first apparatus,the first apparatus to;

determine whether a failover event, associated with the second apparatus, has occurred,activate the second information in the first memory when the failover event, associated with the second apparatus, has occurred, andprocess packets, associated with the second flow, using the first security device and the activated second information when the failover event, associated with the second apparatus, has occurred,packets, associated with the first flow, being processed using the first security device and the first information when the failover event, associated with the second apparatus, has not occurred.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Citations

27 Claims

1. A system comprising:
- a first apparatus comprising;
  
  a first security device; and
  
  a first memory to store;
  
  first information relating to processing a first flow associated with one or more first packets received from a network, andsecond information relating to processing a second flow associated with one or more second packets received from the network and intended for a second apparatus, the first flow being different than the second flow, the second apparatus being different than the first apparatus,the first apparatus to;
  
  determine whether a failover event, associated with the second apparatus, has occurred,activate the second information in the first memory when the failover event, associated with the second apparatus, has occurred, andprocess packets, associated with the second flow, using the first security device and the activated second information when the failover event, associated with the second apparatus, has occurred,packets, associated with the first flow, being processed using the first security device and the first information when the failover event, associated with the second apparatus, has not occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, further comprising the second apparatus,the second apparatus further comprising:
    - a second security device; and
      
      a second memory to;
      
      store the first information and the second information.
  - 3. The system of claim 2, where the second apparatus is to:
    - detect that a failover event, associated with the first apparatus, has occurred; and
      
      process packets, associated with the first flow, using the second device and the first information, when the failover event, associated with the first apparatus, has occurred,the second apparatus not processing the packets, associated with the first flow, when the failover event, associated with the first apparatus, has not occurred.
  - 4. The system of claim 3, where the first apparatus is to:
    - resume processing the packets, associated with the first flow, when the failover event, associated with the second apparatus, is corrected.
  - 5. The system of claim 1, where the failover event, associated with the second apparatus, includes a failure of the second apparatus.
  - 6. The system of claim 1, where the failover event associated with the second apparatus, includes a failure of a link from the second apparatus.
  - 7. The system of claim 1, where the first apparatus is to:
    - detect that a keep-alive signal has not been received from the second apparatus,determine that of the failover event, associated with the second apparatus, has occurred based on detecting that the keep-alive signal has not been received from the second apparatus, andprocess the packets, associated with the second flow, based on determining that the failover event, associated with the second apparatus, has occurred.
  - 8. The system of claim 1, where the first apparatus is to:
    - receive a take-over signal associated with the second apparatus,determine that the failover event, associated with the second apparatus, has occurred based on receiving the take-over signal.
  - 9. The system of claim 8, further comprising:
    - a third apparatus to monitor operation of the second apparatus and to send the take-over signal to the first apparatus when the third apparatus detects a fault associated with the second apparatus based on monitoring the operation of the second apparatus.
  - 10. The system of claim 1, where the first apparatus is to determine whether the failover event, associated with the second apparatus, has occurred at predetermined time intervals.
  - 11. The system of claim 1, where the second apparatus is to send a refresh message when a session, associated with the second apparatus, is set-up or terminated.
  - 12. The system of claim 1, where the first apparatus is further to:
    - reorder information, stored in the first memory, to integrate records respectively included in the first information and the second information,each of the records including a label that identifies one of the first apparatus or the second apparatus.

13. A system comprising:
- a primary security apparatus, to process packets in a first traffic flow;
  
  a secondary security apparatus to;
  
  store first information relating to processing the first traffic flow,store second information relating to processing a second traffic flow that is different than the first traffic flow,activate the first information when a failover event, associated with the primary security apparatus, has been detected,process the packets, in the first traffic flow, when the failover event has been detected, the packets, in the first traffic flow, being processed using the activated first information, andprocess packets, in the second traffic flow, when the failover event has not been detected, the packets, in the second traffic flow, being processed using the second information.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, where the secondary security apparatus further is to:
    - detect an occurrence of the failover event associated with the primary security apparatus; and
      
      the primary security apparatus further is to;
      
      detect an occurrence of a failover event associated with the secondary security apparatus, andprocess the packets in the second traffic flow, for the secondary security apparatus, when the occurrence of the failover event, associated with the secondary security apparatus, is detected.
  - 15. The system of claim 14, where the secondary security apparatus is to:
    - detect that a keep-alive signal, generated by the primary security apparatus, has not been received, anddetect the occurrence of the failover event, associated with the primary security apparatus, based on detecting that the keep-alive signal has not been received; and
      
      where the primary security apparatus is to;
      
      detect that a keep-alive signal, generated by the secondary security apparatus, has not been received, anddetect the occurrence of the failover event, associated with the secondary security apparatus, based on detecting that the keep-alive signal, generated by the secondary security apparatus, has not been received.
  - 16. The system of claim 14, where the primary security apparatus is to resume processing the packets in the first flow, when a condition that caused the failover event, associated with the primary security apparatus, is corrected;
    - andwhere the secondary security apparatus is to resume processing the packets in the second flow, when a condition that caused the failover event, associated with the secondary security apparatus, is corrected.
  - 17. The system of claim 13, where the failover event associated with the primary security apparatus, includes:
    - a failure of the primary security apparatus,a failure of a link between the primary security apparatus and the secondary security apparatus.
  - 18. The system of claim 13, where the secondary security apparatus is:
    - monitor an operation of the primary security apparatus, andgenerate a take-over signal when a fault is detected in the operation of the primary security apparatus; and
      
      where the primary security apparatus is to;
      
      monitor an operation of the secondary security apparatus, andgenerate a take-over signal when a fault is detected in the operation of the secondary security apparatus.
  - 19. The system of claim 13, where the first information and the second information are stored in a memory associated with the secondary security apparatus,the secondary security apparatus further to:
    - reorder information, stored in the memory, to integrate records respectively included in the first information and the second information,each of the records including a label that identifies one of the primary security apparatus or the secondary security apparatus.

20. A method comprising:
- storing, by a first device, first information relating to processing a first flow associated with one or more first packets;
  
  storing, by the first device, second information relating to processing a second flow associated with one or more second packets and intended for a second device,the second device being different than the first device, andthe second flow being different than the first flow;
  
  determining, by the first device, whether a failover event, associated with the second device, has occurred;
  
  activating, by the first device, the second information when the failover event has occurred;
  
  processing, by the first device and using the activated second information, packets, associated with the second flow, when the failover event has occurred; and
  
  processing, by the first device and using the first information, packets, associated with the first flow, when the failover event has not occurred.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20, where the failover event includes:
    - a failure of the second device, ora failure of a link associated with the second device.
  - 22. The method of claim 20, further comprising:
    - receiving a signal associated with a fault in the second device; and
      
      determining that the failover event has occurred based on receiving the signal.
  - 23. The method of claim 20, where the first information and the second information are stored in a memory, andthe method further comprising:
    - reordering information, stored in the memory, to integrate records respectively included in the first information and the second information,each of the records including a label that identifies one of the first device or the second device.

24. A non-transitory computer-readable medium comprising:
- a plurality of instructions which, when executed by a first device, cause the first device to;
  
  store first information relating to processing a first flow associated with one or more first packets;
  
  store second information relating to processing a second flow associated with one or more second packets and intended for a second device,the second device being different than the first device, andthe second flow being different than the first flow;
  
  determine whether a failover event, associated with the second device, has occurred;
  
  activate the second information when the failover event has occurred;
  
  process, using the activated second information, packets, associated with the second flow, when the failover event has occurred; and
  
  process, using the first information, packets, associated with the first flow, when the failover event has not occurred.
- View Dependent Claims (25, 26, 27)
- - 25. The non-transitory computer-readable medium of claim 24, where the failover event includes:
    - a failure of the second device, ora failure of a link associated with the second device.
  - 26. The non-transitory computer-readable medium of claim 24, further comprising one or more instructions to:
    - receive a signal associated with a fault in the second device; and
      
      determine that the failover event has occurred based on receiving the signal.
  - 27. The non-transitory computer-readable medium of claim 24, where the first information and the second information are stored in a memory, andthe non-transitory computer-readable medium further comprising one or more instructions to:
    - reorder information, stored in the memory, to integrate records respectively included in the first information and the second information,each of the records including a label that identifies one of the first device or the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Zuk, Nir, Mao, Yu Ming, Guruswamy, Kowsik
Primary Examiner(s)
Duong, Oanh

Application Number

US12/766,773
Publication Number

US 20100242093A1
Time in Patent Office

956 Days
Field of Search

709223-224, 709/248, 709/238, 709/250, 714/1, 714/2, 714/4, 714/11, 370/392, 370/401
US Class Current

709/223
CPC Class Codes

G06F 11/2002   where interconnections or c...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0428   wherein the data content is...

H04L 63/1416   Event detection, e.g. attac...

H04L 69/40   for recovering from a failu...

H04L 9/40   Network security protocols

Intelligent integrated network security device for high-availability applications

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent integrated network security device for high-availability applications

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links