1. Field
Embodiments of the present invention generally relate to the field of load balancing in a computer network. In particular, various embodiments relate to a method and system for balancing load among a plurality of firewall security devices arranged in one or more clusters.
2. Description of the Related Art
The Internet is a medium that provides access to various information, applications, services, and provides ability to publish information, in revolutionary ways. Today, the Internet has significantly changed the way we access and use information. Millions of computers, from low processing end personal computers to high processing-end super computers are coupled to the Internet. Internet Banking, E-commerce, and E-learning are some of the high-end services that we access in our day-to-day life. In order to access such services, a user shares his personal information, such as, name, contact details, highly confidential information such as usernames, passwords, bank account number, credit card details, and the like with the service providers. Similarly, confidential information of companies such as, trade secrets, financial details, employee details, company strategies, and the like is also stored on servers that are connected to the Internet. There is a threat to such confidential data by malware, viruses, spyware, key loggers, and unauthorized access to information and so forth. This poses great danger to unwary computer users.
In order to avoid such threats, there are various solutions, such as firewalls and antivirus software that is available in the market. A firewall provides a barrier against most of these types of threats. The firewall installed at a private network prevents any unauthorized access to and from the private network. Firewalls can be implemented in both hardware and software, or a combination of both. Generally, the firewalls are employed to restrict unauthorized Internet users from accessing the private networks connected to the Internet, such as intranets. All messages that enter or leave the private network have to pass through the firewall; the firewall examines each message and blocks those that do not meet the specified security criteria.
However, the firewall can be a single point of failure. If it fails, there will be no restrictions on the viruses, spyware, key loggers, and unauthorized access and the services may get hampered badly. In order to overcome such problems, various solutions are available that provide high availability (HA) clusters of firewalls. As there are multiple firewall systems in a cluster, how the data traffic load is balanced among the multiple firewall systems becomes extremely important. There are various network switches that are available in the market, which can balance load among the multiple firewall systems. However, there is a limitation with respect to the number of firewall systems that a single network switch can handle in a cluster. Further, due to highly varying and growing traffic requirements of today's networks, which are increasingly shifting towards core, cloud, and datacenter based solutions, the processing capability of the presently used firewall systems and the load balancing arrangement is not sufficient.
Additionally, in the presently available HA cluster based load balancing systems, it is very difficult to manage asymmetric traffic flows and achieve extreme levels of session based performance. Furthermore, due to limited processing capabilities of the present load balancing systems it is very difficult to balance load among geographically distributed firewall systems.
In light of the foregoing discussion, there is a need for a method, system, and apparatus that can overcome the limitations of presently available HA cluster based load balancing systems. The method, system, and apparatus should provide effective load balancing for the increased data traffic requirements and should be capable of handling asymmetric traffic flows. Further, the method, system and apparatus for load balancing should be capable of adaptively distributing the data traffic among the significantly large number of firewall systems. Still further, the method, system, and apparatus should provide load balancing among geographically distributed firewall systems.