| There is a policy control center to manage the creating and distributing policy in thetypical Distributed Firewall. As the scale of network is becoming larger and larger, the stressof the policy control center is growing bigger. This paper is based on a new type of DistributedFirewall. There is no policy control center in this type of firewall, but a policy control modulein each node firewall. If a node firewall is attacked, a new policy is created and distributed tothe others as alarm. Therefore they can work together to defense attack. This type ofDistributed Firewall decreases the limit of one policy control center, and makes it moreavailable.This paper analyses the distributing technology based on the Distributed Firewall. Westudy the technology of Application Layer Multicast, and choose the scalable ApplicationLayer Multicast Protocol named NICE. We introduce the Minimum Cost Spanning Tree in thecluster of the structure of NICE to improve the performance of it, and analyses theperformance of the improved NICE structure. We bring in the improved NICE structure to thedistributing technology to create the path of delivering policy. We use the Application LayerMulticast to distribute policy to speed up the distributing efficiency. Then we implement thedistributing algorithms and test it in the real network environment. We do tests in bothconnect-oriented and connectionless mode. The result indicates that the NICE structure withMinimum Cost Spanning Tree is working more efficiently than without it. |
PDF Full Text Request