A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching device. A received data packet by the switching device is forwarded to one of the firewall security devices in a cluster based on the load balancing function, the load balancing table and the address contained in the data packet.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for balancing load among firewall security devices in a network, the method comprising: causing, by a switching device on the network, a plurality of firewall security devices arranged in one or more clusters on the network to enter into a load balancing mode by sending one or more control messages to the plurality of firewall security devices; receiving, by the switching device, heartbeat signals from the plurality of firewall security devices; including, by the switching device, information regarding the plurality of firewall security devices into a load balancing table; configuring a load balancing function in the switching device based on information received from a network administrator indicative of (i) a number of bits to be used as an input to the load balancing function and (ii) bit positions of the number of bits within one or more of a packet type, a source port, a destination port, a source address and a destination address of packets to be load balanced, wherein the number of bits may be fewer than that of the source address or the destination address, wherein the bit positions are not limited to being contiguous and wherein the load balancing function enables the switching device to manage more than eight firewall security devices in a cluster; receiving, by the switching device, a data packet from one or more client devices; and forwarding, by the switching device, the data packet to a firewall security device of the plurality of firewall security devices based on the load balancing function.
2. The method of claim 1 , wherein the load balancing function comprises a hash function or an emulated hash function.
3. The method of claim 1 , further comprising configuring one or more rules to generate one or more outcomes, wherein the one or more outcomes are generated based on the number of bits.
4. The method of claim 3 , further comprising specifying one or more ports corresponding to the one or more outcomes on the switching device.
5. The method of claim 4 , further comprising directing the data packet to one of the one or more ports based on (i) an outcome of applying the hash function to the bit positions and (ii) the load balancing table.
6. The method of claim 1 , further comprising assigning a Virtual Local Area Network (VLAN) tag to the data packet.
7. A non-transitory computer-readable storage medium readable by one or more processors of a switching device, the computer-readable storage medium tangibly embodying a set of instructions executable by the one or more processors to perform a method for balancing load among firewall security devices, the method comprising: directing a plurality of firewall security devices arranged in one or more clusters on a network to enter into a load balancing mode by sending one or more control messages to the plurality of firewall security devices; receiving heartbeat signals from the plurality of firewall security devices; including information regarding the plurality of firewall security devices into a load balancing table; configuring a load balancing function in the switching device based on information received from a network administrator indicative of (i) a number of bits to be used as an input to the load balancing function and (ii) bit positions of the number of bits within one or more of a packet type, a source port, a destination port, a source address and a destination address of packets to be load balanced, wherein the number of bits may be fewer than that of the source address or the destination address, wherein the bit positions are not limited to being contiguous and wherein the load balancing function enables the switching device to manage more than eight firewall security devices in a cluster; receiving a data packet from one or more client devices; and forwarding the data packet to a firewall security device of the plurality of firewall security devices based on the load balancing function.
8. The non-transitory computer-readable storage medium of claim 7 , wherein the load balancing function comprises a hash function or an emulated hash function.
9. The non-transitory computer-readable storage medium of claim 7 , wherein the method further comprises configuring one or more rules to generate one or more outcomes, wherein the one or more outcomes are generated based on the number of bits.
10. The non-transitory computer-readable storage medium of claim 9 , wherein the method further comprises specifying one or more ports corresponding to the one or more outcomes on the switching device.
11. The non-transitory computer-readable storage medium of claim 10 , wherein the method further comprises directing the data packet to one of the one or more ports based on (i) an outcome of applying the hash function to the bit positions and (ii) the load balancing table.
12. The non-transitory computer-readable storage medium of claim 7 , wherein the method further comprises assigning a Virtual Local Area Network (VLAN) tag to the data packet.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 27, 2013
February 23, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.