A Study Of LVS Cluster Technology And Its Application In Firewall System

With the rapid development of network applications, people need a higher demand on information security and network quality of service. Made the development of firewall technology with strong security and in-depth become an urgent task. Cluster firewall with high data throughput, high reliability then comes to people’s focus. With its mature technology, simple realization and less investment in hardware, Cluster firewall has been widely used in the field of SME security. The performance of its load balancing and filtering rules will directly affect the ultimate result of the cluster firewall system.Aiming at the above problems and based on an in-depth analysis of the current cluster theory and technical principles, studies included in the thesis are following:1. The notion is introduced through researching and analyzing the internal and external factors that affect the performance of service node. Because of their different characteristics, different loads place different requirements on the service node of its computing power, storage capacity and input and output capacity. If the network load feature information is extracted, the load factor of the service node can be calculated.2. A balance between limited resources and unlimited growth of service application can be achieved on the basis of Logistic model analysis of the block growth characteristics. When the load is within light load range, the node performance does not decrease as the load increase, when the load exceeds the growth inflection point of the Logistic model, any added load will decrease the performance of the load exponentially. This provides a reference for load balancing strategy.3. Based on analyzing the balanced scheduling algorithm for the Cluster load, on the commonly used weighted round-robin scheduling algorithm, based on and the features of the load factors and its block growth characteristics, an improved weighted round robin scheduling algorithm is advanced in the thesis, which,in the distribution of network load, not only considers the performance of the service node but combines the multi-factor load, and identifies the expected load impact on the service node, a guarantee to realize the promotion of load balancing performance.4. The filter performance is promoted by analyzing packet filtering rules, replacing the original linear list with tree- level rule table, optimizing rule order in the table and reducing the number of matching rules. The improvement of system security is effected by using regular mapping model to reduce conflicts between rules.5. By studying the LVS clustering framework, designing campus network firewall cluster structures, hooking them to the Improved Weighted round-robin scheduling algorithm with the help of Netfilter / IPTables, and adjusting the load impact factor calculations as a result of multiple regression testing, the realization of campus firewall cluster with a small investment, high security, and high performance is thus achieved.