A Generic Hot–Failover State Machine for Gateway Services and its Application to a Linux Firewall

Nowadays, companies of any size rely on their IT–infrastructure since it provides connectivity to the outside world. Services like firewalls, being positioned between the own domain and a foreign one, form a premises for higher level services. Therefore, such gateway services must be considered as especially mission– critical. While there exist high availability solutions for special service types, a generic solution which can be applied to arbitrary gateway services, especially for smaller sized scenarios, is missing. Fault tolerance in terms of high availability is addressed by this paper through the concept of redundancy. Presenting a generic state machine for monitoring and takeover processes, it leads to an universally applicable logic. The state machine’s basis is derived from requirements posed by the generic scenario of gateway services. Furthermore, our solution’s practical applicability is shown by presenting an implementation carried out for a Linux–based firewall system.