【作者】 赵征；

【导师】 马光思；

【作者基本信息】 西安建筑科技大学 ， 计算机应用技术， 2003， 硕士

【摘要】 网络安全始终是计算机科学技术领域引人注目的重大研究课题。防火墙作为互联网络安全必需的基础设备，其技术在过去近十年里经历了不断的完善和更新。在对防火墙一直追求的安全、灵活、可用等性能指标中，高可用性始终是防火墙技术发展的主要方向。 本文作者以国家“十五”科技攻关项目：“银行信息系统安全保密平台”的子课题——“基于负载均衡机制的防火墙技术研究”为背景，开展了大量的研发工作，在理论和实践方面都获得了很大收益。 结合实际课题，论文概要论述了防火墙的基本概念、特点、分类、关键技术及其发展。按照把负载均衡机制用于防火墙的策略，探讨了负载均衡的概念、传输链路聚合、交换技术，并参照防火墙系统的体系结构，详细介绍了LVS集群策略和各种均衡算法。 论文进而从设计目标出发，根据作者在项目研发中所取得的成果，全面阐述了设计思路，系统平台的构建，采用的核心技术，并以此为基础深入讨论了服务负载均衡模块和双机热备份模块的设计和实现方法，其中包括DNAT技术、LC(最少连接)算法、心跳检测技术、同步配置策略。 尽管加入服务负载均衡模块和双击热备份模块大大提高了防火墙系统的性能，但没改变防火墙单点接入的现状。为了更好地改善整个系统性能，在分布式防火墙和防火墙集群的基础上，论文给出了防火墙集群系统的开发原型，指出了可能存在的问题、实现的难点及未来的研究方向。更多还原

【Abstract】 Network security was an important issue in Computer Science. Firewall, as the basic structure on the network security, have improved and updated in the recent ten years. In the characters of firewall, such as security, flexibility and availability, high availability is a target in the future of firewall.Research of loading balance on firewall is a sub-project of researching and implementing on the security platform of banking information system, a key state-level technology development project in the Tenth Five Year Plan period. Based on this project, we do lots of research, thus benefit from both theory and practice.In this paper, we gave the definition, character, class, key technology of firewall and its development. According to loading balance on firewall, we described loading balance’s conception, transport link polymerization, exchange technology, especially LVS cluster and balance algorithms.From the design object of this sub-project, we expound the design thinking, system structure and core technology. And based on this, we address the design and method of Servers Loading Balance module and Hot Standby module, including DNAT, LC algorithms, heartbeat inspection, and synchronization policy.Although we have improved performance of firewall using modules of Servers Loading Balance and Hot Standby, we can’t settle single entry point of firewall. In order to more improve firewall performance, after researching and analyzing distributed firewall and firewall cluster, we present the development prototype of firewall cluster system,difficulties.At last, we summarize of our design and purpose the development direction of futurefirewall.更多还原