Design of a Load-Balancing Architecture For Parallel Firewalls   [open pdf - 4MB]

From the thesis abstract: "Because firewalls can become a potential choke point as network speeds and loads increase, the Navy needs a cost-effective means of increasing data rate through firewalls by placing several machines in parallel and balancing the traffic load among them. Current firewall architectures consisting of multiple machines do not balance load among machines and require that each type of traffic be allocated to a machine dedicated to processing specific protocols. This situation creates a performance bottleneck. This thesis proposes a load-balancing firewall architecture to meet the Navy's needs. It first conducts an architectural analysis of the problem and then presents a high-level system design as a solution. Finally, the thesis provides a detailed system design, targeted for the BSD/OS [Berkeley Software Design/operating system] operating System. The detailed design describes the state transitions, data types and databases, functional interfaces, and threads of execution for a modular layered software architecture. The result of this thesis is a procedural blueprint for implementation of a firewall architecture, from both software and hardware perspectives, that should mitigate the performance bottleneck. The software architecture is easily verifiable due to its modular, layered design; does not affect either the commercial routers or firewall products; and provides an administrative interface for performance tuning."

Public Domain
Retrieved From:
Naval Postgraduate School, Dudley Knox Library: http://www.nps.edu/Library/
Media Type:
Help with citations