Workload Estimation for Firewall Rule Processing on Network Functions Virtualization
Summary :
Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E101-B No.2 pp.528-537
- Publication Date
- 2018/02/01
- Publicized
- 2017/08/08
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.2017EBT0002
- Type of Manuscript
- PAPER
- Category
- Network
Authors
Dai SUZUKI
Fujitsu Laboratories Ltd.
Satoshi IMAI
Fujitsu Laboratories Ltd.
Toru KATAGIRI
Fujitsu Laboratories Ltd.
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Dai SUZUKI, Satoshi IMAI, Toru KATAGIRI, "Workload Estimation for Firewall Rule Processing on Network Functions Virtualization" in IEICE TRANSACTIONS on Communications,
vol. E101-B, no. 2, pp. 528-537, February 2018, doi: 10.1587/transcom.2017EBT0002.
Abstract: Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.2017EBT0002/_p
Copy
@ARTICLE{e101-b_2_528,
author={Dai SUZUKI, Satoshi IMAI, Toru KATAGIRI, },
journal={IEICE TRANSACTIONS on Communications},
title={Workload Estimation for Firewall Rule Processing on Network Functions Virtualization},
year={2018},
volume={E101-B},
number={2},
pages={528-537},
abstract={Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.},
keywords={},
doi={10.1587/transcom.2017EBT0002},
ISSN={1745-1345},
month={February},}
Copy
TY - JOUR
TI - Workload Estimation for Firewall Rule Processing on Network Functions Virtualization
T2 - IEICE TRANSACTIONS on Communications
SP - 528
EP - 537
AU - Dai SUZUKI
AU - Satoshi IMAI
AU - Toru KATAGIRI
PY - 2018
DO - 10.1587/transcom.2017EBT0002
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E101-B
IS - 2
JA - IEICE TRANSACTIONS on Communications
Y1 - February 2018
AB - Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
