A priori state synchronization for fast failover of stateful firewall VNFs

Network Functions Visualization (NFV) replaces physical middleboxes with software instances running network functions in cloud environments. To support this new paradigm, it is necessary to port the code basis from highly specialized hardware devices to virtual machines running on COTS hardware. In order to fully exploit the inherent capabilities of cloud environments it is further necessary to redesign the software to support a large amount of distributed, cooperating function instances instead of single, isolated and monolithic instances. This development can be observed for network functions like stateful firewalling. Until now, available software firewalls lack support for active/active operation in clustered environments, which hinders horizontal scalability. This is due to the fact that the required synchronization of connection states among the cluster's instances is an impediment that still has to be resolved. Therefore, this work investigates different synchronization strategies and mechanisms, which allow to share connection states among the cluster to maintain scalability and high-availability.