1. Field of the Disclosure
This disclosure relates generally to a system and method of using a plurality of firewall devices for reducing data stream interruption during failure of a firewall device, and in at least one embodiment to such a system and method in a voice-over-internet-protocol communication network.
2. Background Art
Conventional firewall redundancy (i.e., active/standby redundancy) generally includes an active firewall and a standby firewall. In general, firewall functions are performed on an incoming data stream using only the active firewall. When a failure of the active firewall is detected, a switch-over sequence may occur such that the active firewall is disabled and the standby firewall becomes the active firewall. That is, the switch-over sequence generally re-assigns the firewall functions from the failed firewall to the standby firewall such that the standby firewall becomes the active firewall. During the switch-over sequence, a communication link between a source device and a target device is generally interrupted as communication through the failed firewall is dropped and communication through the standby firewall is established.
On many modern data networks, and on voice-over-internet-protocol (VOIP) networks in particular, interrupted communication during firewall switch-over may be problematic. For example, an inability to maintain existing telephone conversations and related signaling states during a firewall failure on a conventional VOIP network may result in subscriber dissatisfaction with the VOIP service. Furthermore, such an interruption may subject the VOIP network to “recall rush” which generally occurs when a large number of disconnected subscribers attempt to simultaneously re-establish connection to the VOIP network.