Network security smart load balancing
First Claim
1. A method for protecting data communications, the method comprising the steps of:
- (a) providing at least one load-balancer operatively connecting a cluster of security network components, said at least one load-balancer transferring a plurality of data streams respectively to said security components, said at least one load balancer being separate from said security network components;
(b) transmitting control information from at least one of said security network components to said at least one load-balancer, wherein said control information includes an instruction regarding balancing load of said data streams between said security network components; and
(c) balancing load, by said at least one load-balancer, based on said control information, only by transferring said plurality of data streams respectively to said security network components.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.
-
Citations
30 Claims
-
1. A method for protecting data communications, the method comprising the steps of:
-
(a) providing at least one load-balancer operatively connecting a cluster of security network components, said at least one load-balancer transferring a plurality of data streams respectively to said security components, said at least one load balancer being separate from said security network components; (b) transmitting control information from at least one of said security network components to said at least one load-balancer, wherein said control information includes an instruction regarding balancing load of said data streams between said security network components; and (c) balancing load, by said at least one load-balancer, based on said control information, only by transferring said plurality of data streams respectively to said security network components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 27)
-
-
16. A system for protecting data communications, the system comprising:
-
(a) a cluster of security network components; and (b) at least one load balancer, separate from said security network components, which operatively connects said security network components by transferring a plurality of data streams respectively to said security network components wherein said at least one load balancer receives a command from at least one of said security network components, wherein said command includes an instruction regarding balancing load of said data streams between said security network components, and wherein said balancing load of said data streams in accordance with said instruction is effected only by transferring said data streams respectively to said security network components by said at least one load balancer. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 28, 30)
-
-
24. A system for protecting data communications, the data communications including sessions wherein connection information is included as arguments of control commands of the sessions, the system comprising:
-
(a) a cluster of security network components; and (b) at least one load balancer, separate from said security network components, which operatively connects said network components to at least one network; wherein said network components and said at least one load balancer are configured so that (i) said network components read said connection information; and (ii) commands from the network components to said at least one load balancer allow maintaining connection stickiness in said sessions, wherein connection stickiness guarantees that all packets of each said sessions are processed by a single network component, and wherein, responsive to said commands, said at least one load balancer maintains said connection stickiness only by transferring packets of the sessions respectively to said security network components. - View Dependent Claims (25, 26, 29)
-
Specification