Information security – Access control or authentication – Network
Reexamination Certificate
2006-05-30
2006-05-30
Vu, Kim (Department: 2135)
Information security
Access control or authentication
Network
C726S013000
Reexamination Certificate
active
07055173
ABSTRACT:
A firewall fault-tolerant network interface system includes a switch circuit configured to detect when a firewall fails in a multi-firewall local network. When a failed firewall is detected, the switch circuit waits for a time-out period to expire to allow convergence. The switch circuit then intervenes when traffic from a server to the failed firewall is detected. The switch circuit translates the MAC address of the failed firewall to the MAC address of a functional firewall. Traffic from a server originally directed to the failed firewall is then redirected to a functional firewall. In a further refinement, the switch circuit provides the MAC address of a functional firewall in response to an ARP request from a server to the failed firewall. Thus, traffic from this server will be directed to the functional firewall without further intervention, reducing the overhead of the switch circuit. In still a further refinement, if the failed firewall recovers, the switch circuit waits for a time-out period to expire to allow convergence of external firewalls and to allow the recovered firewall to learn routes to known clients. The switch circuit then ceases all intervention for the MAC address of the now-recovered firewall.
REFERENCES:
patent: 5283897 (1994-02-01), Georgiadis et al.
patent: 5301226 (1994-04-01), Olson et al.
patent: 5473599 (1995-12-01), Li et al.
patent: 5513314 (1996-04-01), Kandasamy et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5586121 (1996-12-01), Moura et al.
patent: 5608447 (1997-03-01), Farry et al.
patent: 5612865 (1997-03-01), Dasgupta
patent: 5612897 (1997-03-01), Rege
patent: 5634125 (1997-05-01), Li
patent: 5652892 (1997-07-01), Ugajin
patent: 5655140 (1997-08-01), Haddock
patent: 5666487 (1997-09-01), Goodman et al.
patent: 5687369 (1997-11-01), Li
patent: 5740375 (1998-04-01), Dunne et al.
patent: 5754752 (1998-05-01), Sheh et al.
patent: 5764895 (1998-06-01), Chung
patent: 5774660 (1998-06-01), Brendel et al.
patent: 5774668 (1998-06-01), Choquier et al.
patent: 5796941 (1998-08-01), Lita
patent: 5805804 (1998-09-01), Laursen et al.
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5815668 (1998-09-01), Hashimoto
patent: 5828833 (1998-10-01), Belville et al.
patent: 5835696 (1998-11-01), Hess
patent: 5835710 (1998-11-01), Nagami et al.
patent: 5862338 (1999-01-01), Walker et al.
patent: 5864666 (1999-01-01), Shrader
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 5920699 (1999-07-01), Bare
patent: 5936936 (1999-08-01), Alexander, Jr. et al.
patent: 5949753 (1999-09-01), Alexander, Jr. et al.
patent: 5951634 (1999-09-01), Sitborn et al.
patent: 5959990 (1999-09-01), Frantz et al.
patent: 5963540 (1999-10-01), Bhaskaran
patent: 5999536 (1999-12-01), Kawafuji et al.
patent: 6006259 (1999-12-01), Adelman et al.
patent: 6006264 (1999-12-01), Colby et al.
patent: 6047319 (2000-04-01), Olson
patent: 6078957 (2000-06-01), Adelman et al.
patent: 6097882 (2000-08-01), Mogul
patent: 6098093 (2000-08-01), Bayeh et al.
patent: 6101616 (2000-08-01), Joubert et al.
patent: 6108300 (2000-08-01), Coile et al.
patent: 6141755 (2000-10-01), Dowd et al.
patent: 6226684 (2001-05-01), Sung et al.
patent: 6266335 (2001-07-01), Bhaskaran
patent: 6295276 (2001-09-01), Datta et al.
patent: 6356985 (2002-03-01), Ichimi et al.
patent: 6389448 (2002-05-01), Primak et al.
patent: 6397260 (2002-05-01), Wils et al.
patent: 6484261 (2002-11-01), Wiegel
patent: 6530032 (2003-03-01), Shew et al.
patent: 6606708 (2003-08-01), Devine et al.
patent: 6647400 (2003-11-01), Moran
patent: 409321789 (1997-12-01), None
patent: WO 99/32956 (1999-07-01), None
Internet—“Quasi-Dynamic Load-Balancing (QDLB) Methods.” Apr. 25, 1995, pp. 2 and 5.
IBM, Document Identifier: NN9305363 “Value-Oriented Approach To SelectingBucketsFor Dat Redistribution,” West, May 1, 1993.
Internet—Becker, Wolfgang, “Dynamic Load Balancing For Parallel Database Processing,” Institute of Parallel and Distributed High-Performance Systems (IPVR), University of Stuttgart Breitwiesenstr, Stuttgart, Germany, 1997.
Omiecinski, Edward, “Performance Analysis of a Load Balancing Hash-Join Algorithm for a Shared Memory Multiprocessor,” The ACM Sigmod Anthology, 17thInternational Conference of Very Large Data Bases, Sep. 3, 1991.
Bommareddy Sathish
Chaganty Srinivas
Kale Makarand
Avaya Technology Corp.
Ha Leynna T.
Volejnicek David
Vu Kim
LandOfFree
Firewall pooling in a network flowswitch does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Firewall pooling in a network flowswitch, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firewall pooling in a network flowswitch will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3571354