| 发明名称 |
REGIONAL FIREWALL CLUSTERING IN A NETWORKED COMPUTING ENVIRONMENT |
| 摘要 |
An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration. |
| 申请公布号 |
US2014366119(A1) |
申请公布日期 |
2014.12.11 |
| 申请号 |
US201313913022 |
申请日期 |
2013.06.07 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Floyd, III Robert K.;Mandalia Baiju D.;Monaco Robert P.;Viswanathan Mahesh |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for managing a firewall cluster in a networked computing environment, comprising the computer-implemented steps of:
receiving a packet at a first firewall in the firewall cluster between a source and a destination, wherein the packet has an unknown session state; reading a session state table to determine a session state match based on the source and destination; buffering the packet for the duration of a predefined time interval when a session state match is not found; and forwarding the packet to the destination when session state information is received from a second firewall in the firewall cluster prior to the expiration of the predefined time interval. |
| 地址 |
Armonk NY US |
