Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor

Main Article Content

Ahmad Thoriq Azzam Rendy Munadi Ratna Mayasari

Abstract

Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then uses its software to be run on high specification server. It helps to reduce vendor lock-in and creates a multiplatform network function environment for telecommunication or Internet Service Provider (ISP) company.  It has a lot of benefits compared to a traditional network. One of them is reducing the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the hardware management. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed. If an attack occurs on the network, it will interfere the existing network components. This paper focuses on analyzing the performance of two firewall systems: pfSense, and FortiGate. Both firewalls run on the VMware ESXi hypervisor. It compares the firewall performance in normal conditions without attacks and under SYN DoS attacks. Besides, firewall failover capabilities are evaluated. Based on the overall testing results, FortiGate has better performance than pfSense. It has better ability in handling DoS SYN attack because of lower throughput performance degradation and better FTP performance. It is concluded that FortiGate has best performance if it is compared to pfSense.

Downloads

Download data is not yet available.

Article Details

How to Cite
AZZAM, Ahmad Thoriq; MUNADI, Rendy; MAYASARI, Ratna. Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor. JURNAL INFOTEL, [S.l.], v. 11, n. 1, p. 29-35, mar. 2019. ISSN 2460-0997. Available at: <http://ejournal.st3telkom.ac.id/index.php/infotel/article/view/425>. Date accessed: 09 dec. 2019. doi: https://doi.org/10.20895/infotel.v11i1.425.
Section
Articles

References

[1] ETSI, “Network Functions Virtualisation (NFV); Architectural Framework,” ETSI GS NFV 002 v1.2.1, vol. 1, pp. 1–21, 2014.
[2] T. Alharbi, A. Aljuhani, and H. Liu, “Holistic DDoS mitigation using NFV,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, 2017.
[3] S. Lal, T. Taleb, and A. Dutta, “NFV: Security Threats and Best Practices,” IEEE Commun. Mag., vol. 55, no. 8, pp. 211–217, 2017.
[4] S. Pawar and S. Singh, “Performance Comparison of VMware and Xen Hypervisor on Guest OS,” Int. J. Innov. Comput. Sci. Eng. Issue, vol. 2, no. 3, pp. 56–60, 2015.
[5] A. Aljuhani and T. Alharbi, “Virtualized Network Functions security attacks and vulnerabilities,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, pp. 1–4, 2017.
[6] M. Daghmehchi Firoozjaei, J. (Paul) Jeong, H. Ko, and H. Kim, “Security challenges with network functions virtualization,” Futur. Gener. Comput. Syst., vol. 67, pp. 315–324, 2017.
[7] C. Sheth and R. Thakker, “Performance evaluation and comparative analysis of network firewalls,” 2011 Int. Conf. Devices Commun. ICDeCom 2011 - Proc., 2011.
[8] Open Networking Foundation, “Network Functions Virtualisation?: NFV Security Problem Statement,” vol. 1, no. 1, pp. 1–15, 2014.
[9] IT Central Station, “Business Intelligence Tools Buyer ’ s Guide and Reviews February 2018,” no. February, 2018.
[10] C. M. Buechler and J. Pingle, “pfSense?: The Definitive Guide (Version 1.2.3) - The Definitive Guide to the pfSense Open Source Firewall and Router Distribution,” p. 479, 2009.
[11] Fortinet, FortiOS TM Handbook - Firewall. 2017.
[12] N. Gray, C. Lorenz, A. Müssig, S. Gebert, T. Zinner, and P. Tran-Gia, “A priori state synchronization for fast failover of stateful firewall VNFs,” 2017 Int. Conf. Networked Syst. NetSys 2017, 2017.
[13] L. A. F. Mauricio, M. G. Rubinstein, and O. C. M. B. Duarte, “Proposing and evaluating the performance of a firewall implemented as a virtualized network function,” 2016 7th Int. Conf. Netw. Futur. NOF 2016, 2017.
[14] G. Attebury and B. Ramamurthy, “Router and firewall redundancy with OpenBSD and CARP,” IEEE Int. Conf. Commun., vol. 1, no. c, pp. 146–151, 2006.
[15] M. Arunwan, T. Laong, and K. Atthayuwat, “Defensive performance comparison of firewall systems,” 2016 Manag. Innov. Technol. Int. Conf. MITiCON 2016, pp. MIT221-MIT224, 2017.