Internet is a network resource shared within the world, and various kinds of information are transmitted via the same medium. Therefore, it is necessary to protect sensitive data of users, especially for application scenes with high secret demands, such as military affairs, banks and the like, the security of data is particularly important. FIG. 1 is a schematic diagram illustrating a structure of a conventional security processing device. The security processing device shown in FIG. 1 includes a processing module and a primary control module. The processing module includes an interface processing module and a service processing module. The interface processing module has one or more interfaces connected to the outside of the security processing device, and is adapted to receive packets and send packets processed by the service processing module. The service processing module is adapted to receive the packets sent by the interface processing module, perform service processing for the packets, and send the processed packets via the interface processing module. The primary control module is adapted to manage and control the interface processing module and the service processing module.
Because of security problems brought by the attack and abuse of network viruses, the security processing device needs to process more and more security services. Along with the increase of the security services, the processing capacity of a single security processing device can not meet network security demands already. In order to meet the increasing network security demands, the security processing device is extended. The extension refers to that original two or multiple security processing devices are combined to form a security system, and the increasing security problems are solved through improving the processing capability.
FIG. 2 is a schematic diagram illustrating an extension of a conventional security system. According to the security system shown in FIG. 2, there is no data interaction between security processing devices. The extension in the prior art merely puts the security processing devices together on a physical location and does not realize the data interaction between the security processing devices, so each security processing device independently receives, processes and sends packets, which can not implement resource sharing and cooperation processing between the security processing devices.
For example, a security processing device A shown in FIG. 2 is connected to an external network 1 and an internal network 1, and a security processing device B shown in FIG. 2 is connected to an external network 2 and an internal network 2. In order to send a packet received from the external network 1 to the internal network 2 after the packet is processed, it is necessary to add an exchanger in the outside of the extended security system to implement communication between the internal network 1 and the internal network 2. In this way, the packet can enter the security processing device A from the external network 1, and then enter the internal network 2 through the internal network 1 and the newly added exchanger after the packet is processed by the security processing device A. For another example, the security processing device A has many packets to be processed currently; since the security processing device A and the security processing device B work independently, the security processing device B which is relatively idle can not assist the security processing device A to process the packets, which badly influences the processing capability of the whole security system and makes the processing capability of the security system limit to the processing capacity of a single security processing device. In view of the foregoing, the mode of extending the security system in the prior art needs to improve the performance of the extended security system.