The Design Of A New Embedded Firewall Load-Balancing System

Along with the incredible development speed of computer technology,our expectation towards computer performance and availability is becoming higher. Unfortunately, the performance of single PC or server is far from our expectation,as a result,the cluster technology which makes a bunch of computers work together as a group providing the service that meets the customer's needs appeared. Normally,there are three kinds of cluster technology: High Performance Computing Cluster (HPC Cluster),Load Balancing Cluster,(LB Cluster) and High Availability Cluster (HA Cluster),and the most common used network cluster technology is a mixture of the two latter ones.This paper introduced the existing Cluster technology and its classification, as well as the Cluster technology used in Firewall,put up with a new embedded firewall load-balancing system,and expatiated the theories as well as structure,function and implementation of each part in detail. At last, the paper made an evaluation of this system according to the standards of firewall Cluster technology. After the appearance of cluster technology, most firewall production vendors tried to implement this technology in there own firewall products, but till now, the load balancing functionality of most firewalls are realized through third part products, undoubtedly, this will increase the cost of firewall; therefore, this paper proposed a new kind of embedded firewall load balancing system which can run as a module in the firewall and responsible for the load balancing for firewall itself.This paper introduces the existing cluster technology and its category, focuses on the high availability technology and load balancing technology,and then introduces the Linux OS based firewall on which our module implementation is based and the Netfilter module as well,including the architecture,function register mechanism and important data structures; at last it proposes a brand new embedded firewall load balancing system and detailed theories,module partition,the architecture,functionality,technology and implementation of each module.