摘要：

通过分析集群防火墙系统结构和数据包协商处理过程，提出一种基于协商处理的集群防火墙系统负载均衡算法。使用基于权值的Hash算法实现并行过滤。当某一防火墙重载时将任务转移给轻载的伙伴节点，出故障时采用备份防火墙进行快速切换。该算法能实现防火墙节点负载均衡，并且防火墙个数越多，吞吐量越大，时延越低，从而获得了高性能、高可靠性和高可用性。

关键词: 集群防火墙系统, 负载均衡, 协商处理, Hash算法

Abstract: This paper analyzes the structure of the cluster firewall system and data packets negotiation treatment, and proposes a Cluster Firewall System(CFS) load-balancing algorithm based on negotiation treatment. The algorithm achieves parallel filter data based on the weighted Hash algorithm. When a firewall overloads, it transfers some assignments to the light-load partners nodes. When a firewall is failure, the backup firewall fast replaces the failure firewall. The algorithm can achieve a firewall node’s load-balancing, the more firewall number, the more higher throughput, the lower latency. And high performance, high reliability and high availability are received.

Key words: Cluster Firewall System(CFS), load-balancing, negotiation treatment, Hash algorithm

中图分类号: 

• TP393.08