Network security smart load balancing

摘要

A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.

主权项

1. A method for protecting data communications, the method comprising the steps of:
(a) providing at least one load-balancer operatively connecting a cluster of security network components, said at least one load-balancer transferring a plurality of data streams respectively to said security components, said at least one load balancer being separate from said security network components; (b) transmitting control information from at least one of said security network components to said at least one load-balancer, wherein said control information includes an instruction regarding balancing load of said data streams between said security network components; and (c) balancing load, by said at least one load-balancer, based on said control information, only by transferring said plurality of data streams respectively to said security network components.