A Majority-Decision Firewall System Implementation Using Service Function Chaining

  • chair:Future Internet Architectures
  • type:Bachelorarbeit
  • time:2018
  • advisor:

    Roland Bless

  • Service Function Chaining (SFC) is a recently IETF specified architecture for the dynamic creation of chains in network infrastructures through which traffic is steered. Main motivation for this was the static configuration caused by topological and physical resource dependence that traditional ways of creating such chains brought. This bachelors thesis used this architecture to create an SFC implementation of the known FORTRESS multi-decision firewall model to explore benefits and limitations of this approach. In it, different conceptual designs that map elements of the SFC architecture to FORTRESS components were drafted to realize SFC FORTRESS. One of these conceptual designs was then implemented using an SFC implementation provided by the OPNFV project and the limitations of this were documented. A basic functional evaluation and a basic performance evaluation of the implementation was also done.