Abstract
Nowadays, companies of any size rely on their IT-infrastructure since it provides connectivity to the outside world. Services like firewalls, being posi- tioned between the own domain and a foreign one, form a premises for higher level services. Therefore, such gateway services must be considered as especially mission-critical. While there exist high availability solutions for special service types, a generic solution which can be applied to arbitrary gateway services, es- pecially for smaller sized scenarios, is missing. Fault tolerance in terms of high availability is addressed by this paper through the concept of redundancy. Pre- senting a generic state machine for monitoring and takeover processes, it leads to an universally applicable logic. The state machine’s basis is derived from re- quirements posed by the generic scenario of gateway services. Furthermore, our solution’s practical applicability is shown by presenting an implementation carried out for a Linux-based firewall system.
The author wishes to thank the members of the Munich Network Management (MNM) Team for helpful discussions and valuable comments on previous versions of this paper. The MNM Team directed by Prof. Dr. Heinz-Gerd Hegering is a group of researchers of the University of Munich, the Munich University of Technology, and the Leibniz Su percomputing Center of the Bavarian Academy of Sciences. Its web-server is located at http://wwwmnmteam.informatik.uni-muenchen.de/
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Cassen. Linux virtual server high availability using vrrpv2. Technical report, November 2001. http://www.keepalived.org/pdf/LVS-HA-using-VRRPv2.pdf.
J. Loughney (ed.), M. Stillman, Q. Xie, and R. Stewart. Comparison of protocols for reliable server pooling. Internet Draft, work in progress, IETF, March 2002. http://www.ietf.org/internet-drafts/draft-ietf-rserpool-comp-03.txt.
High-Availability Linux Project. http://linux-ha.org/.
R. Hauck and I. Radisic. Service Oriented Application Management — Do Current Techniques Meet the Requirements? In New Developments in Distributed Applications and Interoperable Systems, Proceedings of the 3rd IFIP Int. Working Conference (DAIS 2001), Krakow, Poland, September 2001. Kluwer Academic Publishers. http://www.nm.informatik.uni-muenchen.de/Literatur/MNMPub/Publikatio-nen/hara01/hara01.shtml.
H.-G. Hegering, S. Abeck, and B. Neumair. Integrated Management of Networked Systems-Concepts, Architectures and their Operational Application. Morgan Kaufmann Publishers, ISBN 1-55860-571-1, 1999.
R. Hinden. Virtual router redundancy protocol for ipv6. Internet Draft, work in progress, IETF, February 2002. http://www.ietf.org/internet-drafts/draft-ietf-vrrp-ipv6-spec-02.txt.
R. Hinden, D. Mitzel, P. Hunt, P. Higginson, et al. Virtual router redundancy protocol. Internet Draft, work in progress, IETF, February 2002. http://www.ietf.org/internet-drafts/draft-ietf-vrrp-spec-v2-06.txt
Reliable Server Pooling (rserpool). IETF Working Group Charter. http://www.ietf.org/html.charters/rserpool-charter.html.
Virtual Router Redundancy Protocol (vrrp). IETF Working Group Charter. http://www.ietf.org/html.charters/vrrp-charter.html.
B. Jewell and D. Chuang. RFC 2787: Definitions of managed objects for the virtual router redundancy protocol. RFC, IETF, March 2000.
S. Knight, D. Weaver, D. Whipple, R. Hinden, et al. RFC 2338: Virtual router redundancy protocol. RFC, IETF, April 1998.
T. Li, B. Cole, P. Morton, and D. Li. RFC 2281: Cisco hot standby router protocol (hsrp). RFC, IETF, March 1998.
Linux Virtual Server Project. http://www.linuxvirtualserver.org/.
A. Robertson. Linux-ha heartbeat system design. In 4th Annual Linux Showcase & Conference (ALS 2000), Atlanta, USA, October 2000. http://www.linuxshowcase.org/2000/2000papers/.
R. Stewart, Q. Xie, K. Morneault, C. Sharp, et al. RFC 2960: Stream control transmission protocol. RFC, IETF, October 2000.
R. R. Stewart, Q. Xie, and M. Stillman. Aggregate server access protocol (asap). Internet Draft, work in progress, IETF, May 2002. http://www.ietf.org/internet-drafts/draft-ietf-rserpool-asap-03.txt.
M. Tuexen, Q. Xie, R. Stewart, M. Shore, et al. Architecture for reliable server pooling. Internet Draft, work in progress, IETF, April 2002. http://www.ietf.org/internet-drafts/draft-ietf-rserpool-arch-02.txt.
M. Tuexen, Q. Xie, R. Stewart, M. Shore, et al. RFC 3237: Requirements for reliable server pooling. RFC, IETF, January 2002.
W. Zhang. Linux virtual server for scalable network services. In Proceedings of Ottawa Linux Symposium 2000, July 2000. http://www.linuxvirtualserver.org/ols/lvs.ps.gz.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Roelle, H. (2002). A Hot-Failover State Machine for Gateway Services and Its Application to a Linux Firewall. In: Feridun, M., Kropf, P., Babin, G. (eds) Management Technologies for E-Commerce and E-Business Applications. DSOM 2002. Lecture Notes in Computer Science, vol 2506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36110-3_18
Download citation
DOI: https://doi.org/10.1007/3-540-36110-3_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00080-8
Online ISBN: 978-3-540-36110-7
eBook Packages: Springer Book Archive