A Load-Balancing and State-Sharing Algorithm for Fault-Tolerant Firewall Cluster

Traditional firewall is typically implemented as a single device that applies security policies for data packets. It will become the bottlenecks of internal and external network, even lead to the firewall's single-point of failure. In order to avoid this, in this paper, fault-tolerant firewall cluster is proposed as a new solution to achieve the firewall high performance, high reliability, high availability. The load-balancing and state-sharing algorithm is designed to achieve load-balancing and fault-tolerant by means of sharing connection states in firewall cluster. When a firewall is overloaded, firewall will transfer part of loads to the light-load partner's nodes; when a firewall is failed, the backup firewall replaces the lapsed firewall smoothly. The experiment shows that the load-balancing and state-sharing algorithm in firewall cluster can effectively improve the performance, and prevent the single-point of failure.