| Network security is an important issue which catches people's eyes all the time in the computer science and technology field. Firewalls are the basic and necessary devices in networks, whose technology has greatly improved and updated in the recent ten years. Among the performance parameters of the firewall, such as security, flexibility and availability, the high availability is always the main pursued target in the future.With the expanding of the network's scope and the more complex of their structure, there is also a higher requirement of the network's reliability. Therefore, as the key node in the network, whether the firewall can ensure the reliability and stabilization of the services or not is a very important issue. At the meanwhile, the fast expanding of the internet causes the increasing access of the multimedia network server .And then the server need able to provide large numbers of the subsequent access. So the heavy load server will soon meet a problem that the processing ability of the CPU and I/O can become a choke point. To resolve the problem, multi-server and the load balance technology should be used. For the above situation, the firewall must provide a solution which price is cheap and load ability is easy to expand. Moreover, the alarming mechanism is also placed to an import position in the whole structure of the firewall. Only has the alarming function, the manager can be notified to take a proper measure when the system produces an important event such as Hot Standby switch. So that, the firewall should provide an effective alarming mechanism.Pointing at the problems above, this paper which accords the practical needs of a project's development analyses the existing network, and extends the function of the firewall, including the main-main mode of the Hot Standby function model, the load balance function model that supports the server cluster system in the Intranet, and the alarming function model.The Hot Standby based on main-main mode of the firewall is a core extending function of its high usability. By adding waiting status and adjusting the policy of the Hot Standby switch, this paper completes the function of the master-master mode based on the VRRP Hot Standby technology on a single network interface. And this function can support Hot Standby of 255 numbers firewalls. At the meanwhile, this paper also provides a solution to deal with the problem about the abnormal Hot Standby switch when there is a line fault or physical problem on the network interface.This paper resolves the load balance problem of the server cluster system in the Intranet by combining the technology of LVS cluster and the packet filter on the firewall. It provides the solution of implementing load balance of the Intranet server using the firewall as the balance server, and emphasizes to introduce the method of checking the status of the server on working.In the alarming function model, it puts forward the active checking and alarming mechanism of the firewall based on its healthiness examination. By farther extending, it completes an alarming mechanism of monitoring abnormal events passively and finally accomplishments the alarm function using the buzzer and the Email.In conclusion, this paper firstly analyses the problems existing in the networks, and then mainly designs and implements three functions of the firewall, including the main-main mode of the Hot Standby function model, the load balance function model that supports the server cluster system in the Intranet, and the alarming function model. Finally, it increases the liability and haleness of the network by improving the high availability of the firewall. |
PDF Full Text Request