Fault tolerant firewall sandwiches

US 20030131262A1
Filed: 10/18/2002
Published: 07/10/2003
Est. Priority Date: 10/18/2001
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium comprising computer-executable instructions for performing a method in application-space, said method comprising:

receiving a packet from a computer network;

selecting one of a plurality of firewalls for processing the packet; and

forwarding the packet to the selected one of the firewalls.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Firewall sandwich configurations having improved levels of system availability as well as an application-space implementation of a firewall load balancer (FLB) which provides greater operational flexibility while reducing the need for custom hardware and/or operating system software. Also disclosed is a firewall capable of functionally replacing an FLB upon detecting a failure therein.

71 Citations

View as Search Results

23 Claims

1. A computer-readable medium comprising computer-executable instructions for performing a method in application-space, said method comprising:
- receiving a packet from a computer network;
  
  selecting one of a plurality of firewalls for processing the packet; and
  
  forwarding the packet to the selected one of the firewalls.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-readable medium of claim 1 further comprising:
    - determining whether the packet is associated with an existing connection; and
      
      wherein selecting includes selecting one of the firewalls as a function of the determining step.
  - 3. The computer-readable medium of claim 1 wherein said computer-executable instructions enable performance of said method on COTS hardware.
  - 4. The computer-readable medium of claim 1 wherein said computer-executable instructions enable performance of said method on COTS hardware executing COTS OS software.
  - 5. The computer-readable medium of claim 1 further comprising:
    - determining whether a failure has occurred in an associated FLB; and
      
      if the failure has occurred, functionally replacing the associated FLB.
  - 6. The computer-readable medium of claim 1 further comprising:
    - determining whether a failure has occurred in either one of a first associated FLB and a second associated FLB; and
      
      if the failure has occurred, functionally replacing the first associated FLB or the second associated FLB in which the failure occurred.
  - 7. The computer-readable medium of claim 1 wherein the instructions enable operation in either one of a single-FLB mode and a dual-FLB mode.
  - 8. The computer-readable medium of claim 1 wherein the instructions include instructions for operating as a firewall, and instructions for converting operation to a FLB upon determining that a failure has occurred in an associated FLB.

9. A system comprising:
- a plurality of firewalls;
  
  a first FLB for exchanging packets between a first network and the plurality of firewalls;
  
  a second FLB for exchanging packets between a second network and the plurality of firewalls; and
  
  a first standby FLB configured to detect a failure in either one of the first FLB and the second FLB, and to functionally replace a corresponding one of the first FLB and the second FLB after detecting the failure.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9 wherein the first FLB and the second FLB are application-space FLBs.
  - 11. The system of claim 10 wherein the application-space FLBs are embodied in COTS hardware executing COTS OS software.
  - 12. The system of claim 9 further comprising a second standby FLB configured to functionally replace the first standby FLB upon detecting that the first standby FLB no longer serves a standby function for the first FLB and the second FLB.

13. A system comprising:
- a plurality of firewalls;
  
  a first FLB for exchanging packets between a first network and the plurality of firewalls; and
  
  a second FLB for exchanging packets between a second network and the plurality of firewalls;
  
  wherein at least the first FLB is configured to both exchange packets between the first network and the plurality of firewalls, and exchange packets between the second network and the plurality of firewalls, after determining that a failure has occurred in the second FLB.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13 wherein the second FLB is configured to both exchange packets between the first network and the plurality of firewalls, and exchange packets between the second network and the plurality of firewalls, after determining that a failure has occurred in the first FLB.
  - 15. The system of claim 13 wherein the first FLB and the second FLB are application-space FLBs.
  - 16. The system of claim 13 further comprising at least one standby FLB configured to functionally replace the second FLB upon determining that the failure has occurred in the second FLB.
  - 17. The system of claim 16 wherein the first FLB is configured to both exchange packets between the first network and the plurality of firewalls, and exchange packets between the second network and the plurality of firewalls, after determining that the failure has occurred in the second FLB and a failure has occurred in the standby FLB.
  - 18. The system of claim 13 further comprising at least one standby FLB configured to functionally replace the first FLB upon determining that a failure has occurred in the first FLB.
  - 19. The system of claim 13 further comprising at least one standby FLB configured to determine whether a failure has occurred in either one of the first FLB and the second FLB, and to functionally replace the corresponding one of the first FLB and the second FLB upon determining that the failure has occurred.

20. A system comprising:
- a plurality of firewalls;
  
  a first FLB for exchanging packets between a first network and the plurality of firewalls; and
  
  a second FLB for exchanging packets between a second network and the plurality of firewalls;
  
  wherein at least one of the firewalls is configured to functionally replace the first FLB after detecting a failure in the first FLB.
- View Dependent Claims (21, 22, 23)
- - 21. The system of claim 20 wherein each of the firewalls is configured to functionally replace the first FLB after detecting a failure in the first FLB.
  - 22. The system of claim 21 wherein each of the firewalls is configured to functionally replace either one of the first FLB and the second FLB after detecting a failure in a corresponding one of the first FLB and the second FLB.
  - 23. The system of claim 20 wherein said one of the firewalls is configured to functionally replace either one of the first FLB and the second FLB after detecting a failure in a corresponding one of the first FLB and the second FLB.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Board of Regents of the University of Nebraska
Original Assignee
Board of Regents of the University of Nebraska
Inventors
Goddard, Stephen M.

Granted Patent

US 7,254,834 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 67/1001   for accessing one among a p...

H04L 67/1006   with static server selectio...

H04L 67/1008   based on parameters of serv...

H04L 67/1017   based on a round robin mech...

H04L 67/1034   Reaction to server failures...

H04L 67/60   Scheduling or organising th...

H04L 69/40   for recovering from a failu...

Fault tolerant firewall sandwiches

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Fault tolerant firewall sandwiches

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links