METHOD FOR SECURITY GATEWAY CLUSTER OPERATION Russian patent published in 2021 - IPC H04L29/06 H04L12/66 

FIELD: network technologies.

SUBSTANCE: method for operation of a cluster of security gateways (SG) includes the following operations: formation of key information for the SG; allocation of two IP and MAC addresses for the SG, ranges of IP addresses tunneled by the SG, IP addresses for cluster devices, seven physical ports on the switch, a unique range of transport ports for each SG, six priority levels for the rules of the switch flow table; formation of traffic filtering rules and rules for translating IP addresses for the SG; selection of the SG as the driving SG of the cluster (DSG) and the controller; selection of a dedicated SB for processing packets with a transport protocol other than TCP/UDP; formation of a set of static rules for processing network packets for the switch; enabling all SG and loading key information for each, configuring IP and MAC addresses, ranges of tunneled IP addresses, traffic filtering rules and IP address translation; setting on all SGs, except for the DSG, the IP-address of the DSG from the service network; setting in the configuration file of the DSG the time interval of inactivity of dynamic rules for processing network packets; turning on the switch and configuring its own IP address and IP address of the DSG from the service network, registering the switch in the controller; loading into the switch flow table sets of static rules for processing network packets; putting the cluster into operation to process traffic between networks 1 and 2.

EFFECT: scalability of network functions; increasing the speed of processing network packets in the switch; and enabling secure communication of the cluster with external security gateways and protected clients.

1 cl, 1 dwg, 1 tbl