Understanding Replication in Databases and Distributed Systems
ICDCS '00 Proceedings of the The 20th International Conference on Distributed Computing Systems ( ICDCS 2000)
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Recovering Internet Service Sessions from Operating System Failures
IEEE Internet Computing
A Model of Stateful Firewalls and Its Properties
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
High Availability support for the design of stateful networking equipments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
International Journal of Information Security
Customizable Service State Durability for Service Oriented Architectures
EDCC '06 Proceedings of the Sixth European Dependable Computing Conference
T2CP-AR: A system for Transparent TCP Active Replication
AINA '07 Proceedings of the 21st International Conference on Advanced Networking and Applications
CSP-Based Firewall Rule Set Diagnosis using Security Policies
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
FT-FW: Efficient Connection Failover in Cluster-based Stateful Firewalls
PDP '08 Proceedings of the 16th Euromicro Conference on Parallel, Distributed and Network-Based Processing (PDP 2008)
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Many research has been done with regards to firewalls during the last decade. Specifically, the main research efforts have focused on improving the computational complexity of packet classification and ensuring the rule-set consistency. Nevertheless, other aspects such as fault-tolerance of stateful firewalls still remain open. Continued availability of firewalls has become a critical factor for companies and public administration. Classic fault-tolerant solutions based on redundancy and health checking mechanisms does not success to fulfil the requirements of stateful firewalls. In this work we detail FT-FW, a scalable software-based transparent flow failover mechanism for stateful firewalls, from the multiprimary perspective. Our solution is a reactive fault-tolerance approach at application level that has a negligible impact in terms of network latency. On top of this, quick recovery from failures and fast responses to clients are guaranteed. The solution is suitable for low cost off-the-shelf systems, it supports multiprimary workload sharing scenarios and no extra hardware is required.