Distributed multi-processing security gateway
First Claim
1. A distributed network system, comprising:
- a plurality of processing modules, wherein each processing module comprises a multi-core processor, the multi-core processor of each of the plurality of processing modules comprising a plurality of processing cores;
a selecting module for selecting a network address, the network address selected such that a calculated first processing module identity of a first processing module of the plurality of processing modules is the same as a calculated second processing module identity of a second processing module of the plurality of processing modules, and for selectively establishing a server side session with a server using the selected network address; and
a dispatching module for;
receiving a first data packet from a host side session, calculating the first processing module identity using the first data packet, and assigning the first processing module with the first processing module identity to process the first data packet, wherein the processing of the first data packet by the first processing module comprises;
substituting a host network address in the first data packet with the selected network address, andsending the processed first data packet to the server side session; and
receiving a second data packet from the server side session, calculating the second processing module identity using the selected network address in the second data packet, and assigning the second processing module with the second processing module identity to process the second data packet, wherein the processing of the second data packet by the second processing module comprises;
substituting the selected network address in the second data packet with the host network address, andsending the processed second data packet to the host side session.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
-
Citations
38 Claims
-
1. A distributed network system, comprising:
-
a plurality of processing modules, wherein each processing module comprises a multi-core processor, the multi-core processor of each of the plurality of processing modules comprising a plurality of processing cores; a selecting module for selecting a network address, the network address selected such that a calculated first processing module identity of a first processing module of the plurality of processing modules is the same as a calculated second processing module identity of a second processing module of the plurality of processing modules, and for selectively establishing a server side session with a server using the selected network address; and a dispatching module for; receiving a first data packet from a host side session, calculating the first processing module identity using the first data packet, and assigning the first processing module with the first processing module identity to process the first data packet, wherein the processing of the first data packet by the first processing module comprises; substituting a host network address in the first data packet with the selected network address, and sending the processed first data packet to the server side session; and receiving a second data packet from the server side session, calculating the second processing module identity using the selected network address in the second data packet, and assigning the second processing module with the second processing module identity to process the second data packet, wherein the processing of the second data packet by the second processing module comprises; substituting the selected network address in the second data packet with the host network address, and sending the processed second data packet to the host side session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for a distributed network system comprising a plurality of processing modules having a multi-core processor, the multi-core processor of each of the plurality of processing modules comprising a plurality of processing cores, the method comprising:
-
selecting, via a selecting module, a network address, the network address selected such that a calculated first processing module identity of a first processing module of the plurality of processing modules is the same as a calculated second processing module identity of a second processing module of the plurality of processing modules; selectively establishing, via a selecting module, a server side session with a server using the selected network address; calculating, via a dispatching module, the first processing module identity using a received first data packet from a host side session, and assigning the first processing module with the first processing module identity to process the first data packet, wherein the processing of the first data packet by the first processing module comprises; substituting a host network address in the first data packet with the selected network address, and sending the processed first data packet to the server side session; and calculating, via a dispatching module, the second processing module identity using the selected network address in a second data packet, and assigning the second processing module with the second processing module identity to process the second data packet, wherein the processing of the second data packet by the second processing module comprises; substituting the selected network address in the second data packet with the host network address, and sending the processed second data packet to the host side session. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification