FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls

P
PDP
2008
16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)
Abstract - FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Pablo Neira Ayuso Articles by Rafael Martinez Gasca Articles by Laurent Lefevre

16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)

February 13-February 15

ISBN: 978-0-7695-3089-5

	ASCII Text	x
	Pablo Neira Ayuso, Rafael Martinez Gasca, Laurent Lefevre, "FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls," Parallel, Distributed, and Network-Based Processing, Euromicro Conference on, pp. 573-580, 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008), 2008.

	BibTex	x
	@article{ 10.1109/PDP.2008.87, author = {Pablo Neira Ayuso and Rafael Martinez Gasca and Laurent Lefevre}, title = {FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls}, journal ={Parallel, Distributed, and Network-Based Processing, Euromicro Conference on}, volume = {0}, year = {2008}, issn = {1066-6192}, pages = {573-580}, doi = {http://doi.ieeecomputersociety.org/10.1109/PDP.2008.87}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Parallel, Distributed, and Network-Based Processing, Euromicro Conference on TI - FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls SN - 1066-6192 SP573 EP580 A1 - Pablo Neira Ayuso, A1 - Rafael Martinez Gasca, A1 - Laurent Lefevre, PY - 2008 KW - fault tolerant KW - stateful KW - firewall VL - 0 JA - Parallel, Distributed, and Network-Based Processing, Euromicro Conference on ER -

Pablo Neira Ayuso

Rafael Martinez Gasca

Laurent Lefevre

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PDP.2008.87

Stateful firewalls are security solutions widely deployed in the Internet. These devices filter network traffic and keep track of the state of connections in order to make the deployment of several attacks, such as TCP resets, difficult. However, firewalls are critical equipments in the network schema since they introduce a single point of failure. Therefore, a failure may isolate networks, users and interrupt established connections. Current fault tolerant solutions mask failures by means of replication techniques based on physical redundancy and state propagation. However, these solutions do not suit well for stateful firewall scenarios since they reduce bandwidth throughput roughly, they require costful extra hardware or are stuck to wasteful and inflexible single primary-backup settings. In this work we detail FT-FW (Fault Tolerant FireWall), a software-based transparent connection failover mechanism for stateful firewalls. Our solution has a negligible impact in terms of performance, as well as the fact that quick recovery from failures and fast responses to clients are guaranteed. The architecture is suitable for low cost off-the-shelf systems and no extra hardware is required.

Index Terms:

fault tolerant, stateful, firewall

Citation:

Pablo Neira Ayuso, Rafael Martinez Gasca, Laurent Lefevre, "FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls," pdp, pp.573-580, 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.