Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi  Hypervisor

Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then use its software to be run on high specification server. It helps reduce vendor lock-in and help create a multiplatform network function environment. It has a lot of benefits compared to a traditional network. One of them is it can reduce the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the management of hardware. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed because if an attack occurs on the network it will interfere with existing network components. This paper focuses on analyzing the performance of two firewall system, pfSense, and FortiGate. Both firewalls will run on the VMware ESXi hypervisor. It aims to determine the firewall performance comparison in normal conditions without attacks and under SYN DoS attacks. We also evaluate firewall failover capabilities. Based on the results of testing obtained that overall FortiGate has better performance. It has better ability in handling DoS SYN attack because it has lower throughput performance degradation and better FTP performance compare to pfSense. We conclude that FortiGate has best performance compare with pfSense

Download Full-text

Analisis Performansi Layanan FTP danVideo Streaming berbasis Network Function Virtualization menggunakan Docker Containers

ELKOMIKA Jurnal Teknik Energi Elektrik Teknik Telekomunikasi & Teknik Elektronika ◽

10.26760/elkomika.v6i2.180 ◽

2018 ◽

Vol 6 (2) ◽

pp. 180

Author(s):

MANZILA IZNIARDI DJOMI ◽

RENDY MUNADI ◽

RIDHA MULDINA NEGARA

Keyword(s):

Operating System ◽

Video Streaming ◽

Packet Loss ◽

System Level ◽

Network Function Virtualization ◽

Software Application ◽

Network Function ◽

Virtualization Technology ◽

Network Functions ◽

Qos Performance

ABSTRAKInfrastruktur jaringan seperti router, secara tradisional menggunakan hardware yang bersifat proprietary. Teknologi virtualisasi pada fungsi jaringan atau NFV (Network Function Virtualization) membuat layanan ini dapat diimplementasikan sebagai aplikasi perangkat lunak yang dapat dijalankan di lingkungan virtual atau Virtualized Network Functions (VNFs). Selain menggunakan hypervisor (hardware-level virtualization), teknologi virtualisasi memiliki alternatif pengimplementasian dengan menggunakan teknologi containers (Operating system -level virtualization), salah satunya menggunakan Docker. Penelitian ini mengimplementasikan layanan FTP dan video streaming pada jaringan NFV di Docker Containers. Tanpa backgound traffic, layanan menunjukkan performansi QoS yang memenuhi standarisasi ITU-T G.1010 dengan delay FTP 0,12 ms dan delay video streaming 6,21 ms serta nilai packet loss kedua layanan sebesar 0%. Penggunaan CPU pada Docker ketika layanan dijalankan dibawah 1 %. Kata kunci: Virtualisasi, Containers, Docker, Network Function Virtualization, QoSABSTRACTNetwork infrastructure such as routers, traditionally using proprietary hardware. Virtualization technology on network function or NFV (Network Function Virtualization) makes this service can be implemented as a software application that can run in virtual environment or Virtualized Network Functions (VNFs). In addition to using hypervisor (hardware-level virtualization), virtualization technology has an alternative implementation using containers technology (Operating system-level virtualization), one of them using Docker. This research implements FTP and video streaming services on NFV networks in Docker Containers. Without background traffic, the service demonstrates QoS performance that meets the ITU-T G.1010 standardization with 0.12 ms FTP delay and 6.21 ms video streaming delay and with packet loss value of both services at 0%. CPU usage on Docker when service runs below 1%.Keywords: Virtualization, Containers, Docker, Network Function Virtualization, QoS

Download Full-text

Design of Networking Network Model Based on Network Function Virtualization Technology

Advances in Intelligent Systems and Computing - The 2020 International Conference on Machine Learning and Big Data Analytics for IoT Security and Privacy ◽

10.1007/978-3-030-62746-1_16 ◽

2020 ◽

pp. 109-114

Author(s):

Jin Bao

Keyword(s):

Network Model ◽

Network Function Virtualization ◽

Network Function ◽

Model Based ◽

Virtualization Technology

Download Full-text

NFV Practical Implementation

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Innovations in Software-Defined Networking and Network Functions Virtualization ◽

10.4018/978-1-5225-3640-6.ch008 ◽

2018 ◽

pp. 175-194

Author(s):

Lalit Pandey

Keyword(s):

Network Architecture ◽

Software Implementation ◽

Virtual Network ◽

Network Function Virtualization ◽

Practical Implementation ◽

Network Function ◽

Network Functions

This chapter is focused on the traditional network architecture limitations with NFV benefits. Discussion of NFV architecture and framework as well as management and orchestration has been discussed in this chapter. Cisco VNF portfolio and virtual network functions implementation is included with software implementation of the architecture of NFV (network function virtualization). Management and orchestration functional layers as per ETSI standard. The challenges in NFV implementation is also a concern today, which is a part of this chapter.

Download Full-text

ONAP

Design Innovation and Network Architecture for the Future Internet - Advances in Web Technologies and Engineering ◽

10.4018/978-1-7998-7646-5.ch008 ◽

2021 ◽

pp. 212-249

Author(s):

Eric Debeau ◽

Veronica Quintuna-Rodriguez

Keyword(s):

Network Function Virtualization ◽

Network Function ◽

On Demand ◽

Public Networks ◽

5G Network ◽

Network Flexibility ◽

Optimal Resource ◽

Network Functions ◽

Lifecycle Management ◽

Automation Techniques

The ever-increasing complexity of networks and services advocates for the introduction of automation techniques to facilitate the design, the delivery, and the operation of such networks and services. The emergence of both network function virtualization (NFV) and software-defined networks (SDN) enable network flexibility and adaptability which open the door to on-demand services requiring automation. In aim of holding the increasing number of customized services and the evolved capabilities of public networks, the open network automation platform (ONAP), which is in open source, particularly addresses automation techniques while enabling dynamic orchestration, optimal resource allocation capabilities, and end-to-end service lifecycle management. This chapter addresses the key ONAP features that can be used by industrials and operators to automatically manage and orchestrate a wide set of services ranging from elementary network functions (e.g., firewalls) to more complex services (e.g., 5G network slices).

Download Full-text

VNF Placement Optimization at the Edge and Cloud †

Future Internet ◽

10.3390/fi11030069 ◽

2019 ◽

Vol 11 (3) ◽

pp. 69 ◽

Cited By ~ 18

Author(s):

Aris Leivadeas ◽

George Kesidis ◽

Mohamed Ibnkahla ◽

Ioannis Lambadaris

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Research Area ◽

End Users ◽

Network Function Virtualization ◽

Future Research ◽

Cloud Infrastructure ◽

Network Function ◽

Computing Paradigm ◽

Network Functions

Network Function Virtualization (NFV) has revolutionized the way network services are offered to end users. Individual network functions are decoupled from expensive and dedicated middleboxes and are now provided as software-based virtualized entities called Virtualized Network Functions (VNFs). NFV is often complemented with the Cloud Computing paradigm to provide networking functions to enterprise customers and end-users remote from their premises. NFV along with Cloud Computing has also started to be seen in Internet of Things (IoT) platforms as a means to provide networking functions to the IoT traffic. The intermix of IoT, NFV, and Cloud technologies, however, is still in its infancy creating a rich and open future research area. To this end, in this paper, we propose a novel approach to facilitate the placement and deployment of service chained VNFs in a network cloud infrastructure that can be extended using the Mobile Edge Computing (MEC) infrastructure for accommodating mission critical and delay sensitive traffic. Our aim is to minimize the end-to-end communication delay while keeping the overall deployment cost to minimum. Results reveal that the proposed approach can significantly reduce the delay experienced, while satisfying the Service Providers’ goal of low deployment costs.

Download Full-text

Reconfigurable Network Stream Processing on Virtualized FPGA Resources

International Journal of Reconfigurable Computing ◽

10.1155/2018/8785903 ◽

2018 ◽

Vol 2018 ◽

pp. 1-11 ◽

Cited By ~ 1

Author(s):

Qianqiao Chen ◽

Vaibhawa Mishra ◽

Jose Nunez-Yanez ◽

Georgios Zervas

Keyword(s):

General Purpose ◽

Network Services ◽

Network Function Virtualization ◽

Network Function ◽

Software Applications ◽

Data Plane ◽

High Bandwidth ◽

Network Functions ◽

Reconfigurable Platform ◽

On Chip

The software defined network and network function virtualization are proposed to address the network ossification issue in current Internet infrastructure. Network functions and services are implemented as software applications to increase the programmability of network. However, involving general purpose processors in data plane restricts the bandwidth of network services. Therefore, to keep both the bandwidth and flexibility, a FPGA platform is suggested as a reconfigurable platform to deliver high bandwidth virtual network functions on data plane. In this paper, the FPGA resource has been virtualized by interconnecting partial reconfigurable regions to deliver high bandwidth reconfigurable processing on network streams. With the help of partial reconfiguration technology, network functions on our platform can be configured without affecting other functions on the same FPGA device. The on-chip interconnect system is further evaluated by comparing with existing network-on-chip system. A reconfiguration process is also proposed and demonstrated that it can be performed on our platform. The process can happen in the real time of network services and it is able to keep the original function working during the download of partial bitstream.

Download Full-text

Securing Virtual Network Function (VNF) in Telco Cloud

Journal of ICT Standardization ◽

10.13052/jicts2245-800x.834 ◽

2020 ◽

Author(s):

Bharathkumar Ravichandran

Keyword(s):

General Purpose ◽

Virtual Network ◽

Network Function Virtualization ◽

Communication Architecture ◽

Network Function ◽

Fifth Generation ◽

Security Challenges ◽

5G Network ◽

Network Functions ◽

Computing Platforms

In the fifth generation mobile communication architecture (5G), network functions which traditionally existed as discrete hardware entities based on custom architectures, are replaced with dynamic, scalable Virtual Network Functions (VNF) that run on general purpose (x86) cloud computing platforms, under the paradigm Network Function Virtualization (NFV). The shift towards a virtualized infrastructure poses its own set of security challenges that need to be addressed. One such challenge that we seek to address in this paper is providing integrity, authenticity and confidentiality protection for VNFs.

Download Full-text

Network Function Virtualization in Content-Centric Networks

10.5753/wpeif.2019.7696 ◽

2019 ◽

Author(s):

José Castillo-Lema ◽

Augusto José Venâncio Neto ◽

Flavio de Oliveira Silva ◽

Sergio Takeo Kofuji

Keyword(s):

Ip Networks ◽

General Purpose ◽

Virtual Network ◽

Network Function Virtualization ◽

Network Function ◽

The Past ◽

Central Controller ◽

Network Functions ◽

Extensive Effort ◽

Hardware Platforms

Network Functions Virtualization (NFV) offers an alternative way to design, deploy, and manage networking functions and services by leveraging virtualization technologies to consolidate network functions into general-purpose hardware platforms. On the past years extensive effort has been made to evolve and mature NFV tecnologies over IP networks. However, little or no attempts at all have been made to incorporate NFV into Information-Centric Networks (ICN). This work explores the use and implementation of virtual Network Funtions (VNFS)in Content-Centric Networks (CCN), and proposes the use of the Named Function Networking (NFN) paradigm as means to implement network functions and services in this kind of networks, distributing the network functions and services through the networks nodes and providing flexibility to dynamically place functions in the network as required and without the need of a central controller.

Download Full-text

Path Mapping Approach for Network Function Virtualization Resource Allocation with Network Function Decomposition Support

Symmetry ◽

10.3390/sym11091173 ◽

2019 ◽

Vol 11 (9) ◽

pp. 1173 ◽

Cited By ~ 1

Author(s):

Basheer Raddwan ◽

Khalil AL-Wagih ◽

Ibrahim A. Al-Baltah ◽

Mohamed A. Alrshah ◽

Mohammed A. Al-Maqri

Keyword(s):

Resource Allocation ◽

Execution Time ◽

Service Providers ◽

Virtual Network ◽

Network Function Virtualization ◽

Network Function ◽

Function Decomposition ◽

Mapping Approach ◽

Network Functions ◽

The Impact

Recently, Network Function Virtualization (NFV) and Software Defined Networking (SDN) have attracted many mobile operators. For the flexible deployment of Network Functions (NFs) in an NFV environment, NF decompositions and control/user plane separation have been introduced in the literature. That is to map traditional functions into their corresponding Virtual Network Functions (VNFs). This mapping requires the NFV Resource Allocation (NFV-RA) for multi-path service graphs with a high number of virtual nodes and links, which is a complex NP-hard problem that inherited its complexity from the Virtual Network Embedding (VNE). This paper proposes a new path mapping approach to solving the NFV-RA problem for decomposed Network Service Chains (NSCs). The proposed solution has symmetrically considered optimizing an average embedding cost with an enhancement on average execution time. The proposed approach has been compared to two other existing schemes using 6 and 16 scenarios of short and long simulation runs, respectively. The impact of the number of nodes, links and paths of the service requests on the proposed scheme has been studied by solving more than 122,000 service requests. The proposed Integer Linear Programming (ILP) and heuristic schemes have reduced the execution time up to 39.58% and 6.42% compared to existing ILP and heuristic schemes, respectively. Moreover, the proposed schemes have also reduced the average embedding cost and increased the profit for the service providers.

Download Full-text

Impact of the Maximum Number of Switching Reconfigurations on the Cost Saving in Network Function Virtualization Environments with Elastic Optical Interconnection

Applied Sciences ◽

10.3390/app9235167 ◽

2019 ◽

Vol 9 (23) ◽

pp. 5167

Author(s):

Vincenzo Eramo ◽

Francesco G. Lavacca ◽

Tiziana Catena

Keyword(s):

Computational Complexity ◽

Cost Saving ◽

Virtual Machines ◽

New Technology ◽

Network Function Virtualization ◽

Optical Interconnection ◽

Network Function ◽

Network Functions ◽

The Cost ◽

The Impact

Network Function Virtualization is based on the virtualization of the network functions and it is a new technology allowing for a more flexible allocation of cloud and bandwidth resources. In order to employ the flexibility of the technology and to adapt its use according to the traffic variation, reconfigurations of the cloud and bandwidth resources are needed by means of both migration of the Virtual Machines executing the network functions and reconfiguration of circuits interconnecting the Virtual Machines. The objective of the paper is to study the impact of the maximum number of switch reconfigurations on the cost saving that the Networking Function Virtualization technology allows us to achieve. The problem is studied in the case of a scenario with an elastic optical network interconnecting datacenters in which the Virtual Machines are executed. The problem can be formulated as an Integer Linear Programming one introducing a constraint on the maximum number of switch reconfigurations but due to its computational complexity we propose a low computational complexity heuristic allowing for results close to the optimization ones. The results show how the limitation on the number of possible reconfigurations has to be taken into account to evaluate the effectiveness in terms of cost saving that the Virtual Machine migrations in Network Function Virtualization environment allows us to achieve.

Download Full-text