Home | deutsch  | Impressum | Data Protection | Sitemap | KIT

A Majority-Decision Firewall System Implementation Using Service Function Chaining

A Majority-Decision Firewall System Implementation Using Service Function Chaining
chair:Future Internet Architectures
type:Bachelorarbeit
time:2018
advisor:

Roland Bless

Service Function Chaining (SFC) is a recently IETF specified architecture for the dynamic creation of chains in network infrastructures through which traffic is steered. Main motivation for this was the static configuration caused by topological and physical resource dependence that traditional ways of creating such chains brought. This bachelors thesis used this architecture to create an SFC implementation of the known FORTRESS multi-decision firewall model to explore benefits and limitations of this approach. In it, different conceptual designs that map elements of the SFC architecture to FORTRESS components were drafted to realize SFC FORTRESS. One of these conceptual designs was then implemented using an SFC implementation provided by the OPNFV project and the limitations of this were documented. A basic functional evaluation and a basic performance evaluation of the implementation was also done.