Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor

Main Article Content

Ahmad Thoriq Azzam Rendy Munadi Ratna Mayasari

Abstract

Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then use its software to be run on high specification server. It helps reduce vendor lock-in and help create a multiplatform network function environment.  It has a lot of benefits compared to a traditional network. One of them is it can reduce the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the management of hardware. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed because if an attack occurs on the network it will interfere with existing network components. This paper focuses on analyzing the performance of two firewall system, pfSense, and FortiGate. Both firewalls will run on the VMware ESXi hypervisor. It aims to determine the firewall performance comparison in normal conditions without attacks and under SYN DoS attacks. We also evaluate firewall failover capabilities. Based on the results of testing obtained that overall FortiGate has better performance. It has better ability in handling DoS SYN attack because it has lower throughput performance degradation and better FTP performance compare to pfSense. We conclude that FortiGate has best performance compare with pfSense

Downloads

Download data is not yet available.

Article Details

How to Cite
AZZAM, Ahmad Thoriq; MUNADI, Rendy; MAYASARI, Ratna. Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor. JURNAL INFOTEL, [S.l.], v. 11, n. 1, mar. 2019. ISSN 2460-0997. Available at: <http://ejournal.st3telkom.ac.id/index.php/infotel/article/view/425>. Date accessed: 24 apr. 2019. doi: https://doi.org/10.20895/infotel.v11i1.425.
Section
Articles

References

[1] ETSI, “Network Functions Virtualisation (NFV); Architectural Framework,” ETSI GS NFV 002 v1.2.1, vol. 1, pp. 1–21, 2014.
[2] T. Alharbi, A. Aljuhani, and H. Liu, “Holistic DDoS mitigation using NFV,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, 2017.
[3] S. Lal, T. Taleb, and A. Dutta, “NFV: Security Threats and Best Practices,” IEEE Commun. Mag., vol. 55, no. 8, pp. 211–217, 2017.
[4] S. Pawar and S. Singh, “Performance Comparison of VMware and Xen Hypervisor on Guest OS,” Int. J. Innov. Comput. Sci. Eng. Issue, vol. 2, no. 3, pp. 56–60, 2015.
[5] A. Aljuhani and T. Alharbi, “Virtualized Network Functions security attacks and vulnerabilities,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, pp. 1–4, 2017.
[6] M. Daghmehchi Firoozjaei, J. (Paul) Jeong, H. Ko, and H. Kim, “Security challenges with network functions virtualization,” Futur. Gener. Comput. Syst., vol. 67, pp. 315–324, 2017.
[7] C. Sheth and R. Thakker, “Performance evaluation and comparative analysis of network firewalls,” 2011 Int. Conf. Devices Commun. ICDeCom 2011 - Proc., 2011.
[8] Open Networking Foundation, “Network Functions Virtualisation?: NFV Security Problem Statement,” vol. 1, no. 1, pp. 1–15, 2014.
[9] IT Central Station, “Business Intelligence Tools Buyer ’ s Guide and Reviews February 2018,” no. February, 2018.
[10] C. M. Buechler and J. Pingle, “pfSense?: The Definitive Guide (Version 1.2.3) - The Definitive Guide to the pfSense Open Source Firewall and Router Distribution,” p. 479, 2009.
[11] Fortinet, FortiOS TM Handbook - Firewall. 2017.
[12] N. Gray, C. Lorenz, A. Müssig, S. Gebert, T. Zinner, and P. Tran-Gia, “A priori state synchronization for fast failover of stateful firewall VNFs,” 2017 Int. Conf. Networked Syst. NetSys 2017, 2017.
[13] L. A. F. Mauricio, M. G. Rubinstein, and O. C. M. B. Duarte, “Proposing and evaluating the performance of a firewall implemented as a virtualized network function,” 2016 7th Int. Conf. Netw. Futur. NOF 2016, 2017.
[14] G. Attebury and B. Ramamurthy, “Router and firewall redundancy with OpenBSD and CARP,” IEEE Int. Conf. Commun., vol. 1, no. c, pp. 146–151, 2006.
[15] M. Arunwan, T. Laong, and K. Atthayuwat, “Defensive performance comparison of firewall systems,” 2016 Manag. Innov. Technol. Int. Conf. MITiCON 2016, pp. MIT221-MIT224, 2017