【作者】 李秀剑；

【导师】 武维善；

【作者基本信息】 西安建筑科技大学 ， 计算机应用技术， 2007， 硕士

【摘要】 现在网络服务的安全性和可靠性变的越来越重要，如果网络中的重要组件—防火墙出现问题，将会导致网络不能提供正常的服务。本文利用集群技术—虚拟路由冗余协议(virtual Router Redundancy Protocol，简称VRRP)来实现防火墙的高可用性，使得在一台防火墙宕掉时，另外一个备份防火墙会及时接管转发工作，不会给主机带来任何负担，提高了网络服务质量。本文首先介绍高可用性的基本技术，然后对常用防火墙高可用性方案进行了分析比较；详细说明了VRRP协议工作原理，包括协议中所用到概念的定义、协议运行所需参数的确定、协议运行的内在机制、主控防火墙的选举策略和选举实施。论文重点分析了VRRP实例的同步过程，在深入研究同步过程中可能出现的问题后，给出了可行的改进方案，并用测试用例对改进后实现的防火墙高可用性进行了验证和分析。防火墙高可用性是在修改后的VRRP协议上实现的，主要包括VRRP功能模块的划分、模块的实现以及配置同步模块的实现。通过对防火墙高可用性的测试表明，该功能得到了较好的实现。最后进行了总结并展望下一步工作。更多还原

【Abstract】 Nowadays the security and availability of networked service is becoming more and more important for much business and it is extremely important that failure of one network component (such as firewall) does not prevent the normal usage of all other service. Virtual Router Redundancy Protocol which is a clustering technique is used in this paper. That can be used for deploying route reduandancy. When one firewall is down, the other can take over the "work", will not bring the user any burthen, and impove the quality of network.Firstly I intruduce some basic knowledge of High Availability, then analysis the common deploy way of the Firewall High Availability and the VRRP protocal. The analysis of VRRP includes many sub-aspects again such as concepts definition, parameters choice, protocol mechanism, and master router’s election policies and so on.VRRP instance sysnchronic is focused mainly. I point out possible error and give the feasible solution. With a testing program, I validate the high availability of firewall based on modified VRRP and get the expectable result.The implementations of the high avalibility firewall based on modified VRRP, which including modules partition, modules realization and configure synchronic realization. Finally, the results of test indicate that the functions of VRRP were realized better. Conclusions and advices are also given finally.更多还原