Design of a load-balancing architecture for parallel firewalls
Loading...
Authors
Joyner, William L.
Subjects
Advisors
Irvine, Cynthia E.
Date of Issue
1999-03
Date
March, 1999
Publisher
Monterey, California. Naval Postgraduate School
Language
en_US
Abstract
Because firewalls can become a potential choke point as network speeds and loads increase, the Navy needs a cost-effective means of increasing data rate through firewalls by placing several machines in parallel and balancing the traffic load among them. Current firewall architectures consisting of multiple machines do not balance load among machines and require that each type of traffic be allocated to a machine dedicated to processing specific protocols. This situation creates a performance bottleneck. This thesis proposes a load-balancing firewall architecture to meet the Navy's needs. It first conducts an architectural analysis of the problem and then presents a high-level system design as a solution. Finally, the thesis provides a detailed system design, targeted for the BSD/OS operating System. The detailed design describes the state transitions, data types and databases, functional interfaces, and threads of execution for a modular layered software architecture. The result of this thesis is a procedural blueprint for implementation of a firewall architecture, from both software and hardware perspectives, that should mitigate the performance bottleneck. The software architecture is easily verifiable due to its modular, layered design; does not affect either the commercial routers or firewall products; and provides an administrative interface for performance tuning.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xii, 125 p.;28 cm.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.