Design And Implementation Of Two-node Hot-standby Cluster For Firewall

An important feature of network equipment is the ability to run for long periods of time.This requirement is more important for a firewall which connects the internal networks and external networks.The use of hot-standby system is an effective means to improve the reliability of equipment.Unlike routers and switches,firewalls that focus on security keep the information of each connected session table on the device and record the associated services that are performed by the connection.The general hot-standby system only backup configuration and routing table and other data,in the firewall after the active and standby switchover will cause the connection interrupted.This project has designed a special hot standby system for the firewall,with specific business for the firewall will back up different data.This paper studies the history of the development of the hot standby system and the business process of the safety products of H3 C,and designs the firewall hot-standby system for the existing firewall equipment.The main contents of this paper are divided into four modules,hot-standby system core module,hot-standby system data synchronization module,hot standby system board communicat ion module and related business processing module.The core module implements the functions of active and standby switchover and link control through the failover group.The data synchronization module encapsulates and sends the data of the session table by calling the session service,and implements the two backup modes.Inter-board communication module designed a queue mode,such a queue can effectively reduce the packet loss rate and delay.The related service processing module is used by other service modules so that other service modules can maintain the service data on the remote device.The test part simulates the actual firewall working environment,through the functional testing and nonfunctioning test of the firewall hot standby system.The test results show that the system can meet the hot standby requirements of the firewall.In the event of active and standby switchover,there is no connection disruption.