The goal of high availability computer network environments is to provide users and other entities with “always on” service. That is, high availability computer network environments should provide reliable, continuous operation service. To accomplish this, network devices in a high availability environment perform error detection and implement recoverability for detected errors. Unfortunately, network devices occasionally fail. For example, a software or hardware problem or a power fault within a security device may cause all or a portion of the security device to stop functioning.
When a network device fails, all network traffic flowing through the failed network device may cease. For an enterprise that depends on such network traffic, this may be unacceptable, even if this failure occurs only for a short time. To minimize the possibility of a failure causing all network traffic to cease, a backup network device may be installed. Thus, if the network device that has primary responsibility for performing the security services (i.e., the master device) fails, the backup device may be quickly substituted for the master device. In other words, the failing network device “fails over” to the backup device. A master device may also “switch over” to the backup device to go offline temporarily, e.g., to install software and/or firmware updates or to undergo other routine maintenance procedures. In general, failover is considered a form of switchover. After failing over or switching over to the backup device, the backup device becomes the master device. High availability clusters often include such primary and backup network devices.
A firewall is one example of a network device in a high availability network environment. Firewalls generally inspect packets and packet flows of a computer network to detect and block malicious data. One aspect of a packet flow inspected by some firewalls is transmission control protocol (TCP) sequence numbers. These firewalls inspect TCP sequence numbers in a process commonly referred to as stateful inspection, which generally refers to the process of verifying that communications as part of a network session match the current TCP state. Such firewalls are commonly referred to as stateful firewalls. Stateful firewalls generally drop communications that are allegedly part of a network session when those communications are outside the current TCP state or are invalid with respect to the current TCP sequence. Such communications are identified using the TCP sequence numbers of the communications. Having the proper TCP sequence numbers is also necessary to properly forward packets to a destination device.
In order for a primary stateful firewall to switchover or failover to a backup stateful firewall in a high availability computer network, the backup firewall must be aware of the current TCP state, including current or recent TCP sequence numbers. That is, the backup stateful firewall should not break the TCP sequence number check. However, updating the backup stateful firewall with every communication received by the primary stateful firewall would cause too many updates to be sent, which may overburden either or both of the primary stateful firewall and/or the backup stateful firewall.