CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 4527 > Article
Paper
26 July 2001 Constructing high-performance firewall load-balancing clusters: practical experience and novel ideas
Lebin Cheng, Yan-Fa Li, Brian Jemes, Samuel Horowitz
Author Affiliations +
Proceedings Volume 4527, Technologies, Protocols, and Services for Next-Generation Internet; (2001) https://doi.org/10.1117/12.434426
Event: ITCom 2001: International Symposium on the Convergence of IT and Communications, 2001, Denver, CO, United States
Abstract
Security and performance are probably the top two concerns of web hosting service providers. As available bandwidth of a hosting service is approaching Giga-bits-per-second, low throughput of a single firewall quickly becomes the bottleneck. Constructing a load-balancing cluster of multiple firewall devices seems to be an effective solution. In this paper, we first present a proof-of-concept firewall cluster using web load balancing switches. Our test cluster works; but has major limitations. First, the cluster set-up is too complex to be manageable in a large-scale deployment. Furthermore, the firewall cluster works only in a local area network. It does not work across the wide area network where asymmetric routing is possible. Based on these findings, we propose two novel approaches. The first approach introduces a Firewall Cluster Control Protocol (FCCP) for routers to direct network flows to the appropriate firewall device for processing. FCCP simplifies the implementation of firewall clusters by eliminating the load balancing switch requirement. The second approach, called Stateful Packet Forwarding (SPF), allows firewall devices in a cluster to discover the 'owner' of a network flow when asymmetric routing occurs. SPF can be potentially used in a geographically distributed firewall cluster.
© (2001) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Lebin Cheng, Yan-Fa Li, Brian Jemes, and Samuel Horowitz "Constructing high-performance firewall load-balancing clusters: practical experience and novel ideas", Proc. SPIE 4527, Technologies, Protocols, and Services for Next-Generation Internet, (26 July 2001); https://doi.org/10.1117/12.434426
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 8 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 1 scholarly publication and 2 patents.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Switches
Inspection
Internet
Local area networks
Failure analysis
Control systems
Fiber reinforced polymers
RELATED CONTENT
Network systems security analysis
Proceedings of SPIE (May 14 2015)
Architectures for QKD networks
Proceedings of SPIE (July 19 2022)
Quality of service policy control in virtual private networks
Proceedings of SPIE (April 15 2004)
Protecting sensitive data: lessons learned
Proceedings of SPIE (March 12 1996)
A comparative study of restoration schemes and a new hierarchical...
Proceedings of SPIE (September 28 2006)
Security of remotely operated robotic telescopes
Proceedings of SPIE (June 02 2000)
An effective access control approach to support mobility in IPv6...
Proceedings of SPIE (December 05 2005)
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top