| 发明名称 | Distributed multi-processing security gateway | ||
| 摘要 | A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided. | ||
| 申请公布号 | US8918857(B1) | 申请公布日期 | 2014.12.23 |
| 申请号 | US201313875180 | 申请日期 | 2013.05.01 |
| 申请人 | A10 Networks, Inc. | 发明人 | Chen Lee;Szeto Ronald Wai Lun |
| 分类号 | G06F21/00;H04L29/06 | 主分类号 | G06F21/00 |
| 代理机构 | Carr & Ferrell LLP | 代理人 | Carr & Ferrell LLP |
| 主权项 | 1. A network computing device, comprising: a plurality of processing cores in a multi-core processor; a network address selector that receives a session request for a session between a host and a server, selects a network address for the host based on a combination of network addresses for a host side session between the host and the network computing device, the network address selected such that a calculated first processing element identity of a first processing core of the multi-core processor is the same as a calculated second processing element identity of a second processing core of the multi-core processor, and establishes a server side session between the network computing device and the server using the selected network address; and a dispatcher for: calculating the first processing element identity in response to receiving a first data packet from the host side session and assigning the first processing core with the first processing element identity to process data packets received from the host side session according to one or more security policies,calculating the second processing element identity from a server network address and the selected network address in the second data packet, in response to receiving a second data packet from the server side session and assigning the second processing core with the second processing element identity to process data packets received from the server side session according to one or more security policies,receiving the processed second data packet from the second processing core,substituting the selected network address in the processed second data packet with the host network address in the session request, andsending the processed second data packet to the host side session. | ||
| 地址 | San Jose CA US | ||