The inherent reasons to load balance the firewalls are as follows:
• Increase volume of traffic: In any network, a secured domain can have an increase burst in traffic. The traffic burst is destined to a single security domain, in which case the other security domain's traffic passing through the firewall should not be starved. If traffic volume in firewall designs is a concern, firewall load balancing should be considered as a solution.
• Improve scalability: This is commonly seen in shared firewall architecture. A shared firewall infrastructure will have virtual firewalls for multiple entities. When different security domains represent different entities, the growth and services offered by the firewall architecture cannot be determined in the initial deployment. The growth is based on estimation and probability. It is important to forecast the services offered and the flow of traffic through the firewall. This forecasted number should be compared with the traffic throughput that the firewall can handle. If the requirement forecasted is greater than the current throughput of the firewall, firewall load balancing should be considered as an option.
• Create symmetry with available network bandwidth: This scenario is usually seen in the data center environment, where a 10 Gbps traffic requirement exists at the Layer 2 and Layer 3 levels. A data center normally has high bandwidth links as compared to the rest of the network. This bandwidth is used for server-to-server communication. If firewalls are placed in the data center, the firewalls need to support high-bandwidth traffic to avoid a traffic bottleneck. When firewalls are deployed in the data center, the firewall architecture will need to support high-bandwidth applications or environments of grid computing. In this case, firewall load balancing is a good option to explore to increase the throughput of the firewall architecture in the data center environment.
• Provide independent traffic flow: This requirement is seen in networks where critical applications will need flow redundancy. The redundancy parameters should be kept in mind while designing the firewall load-balancing solution.
NOTE Redundancy has to be considered for each of the design requirements. The firewall has its own redundancy methods. The method chosen for load balancing should have redundancy considered in the design.
Several valid requirements exist for firewall load balancing. The next section covers the design requirements, which are important to define the type of load balancing needed for FWSM and its components.
Was this article helpful?