Abstract
The network functions virtualization (NFV) paradigm promises higher flexibility, vendor-independence, and higher cost-efficiency for network operators. Its key concept consists of virtualizing the functions of specialized hardware-based middleboxes like load balancers or firewalls and running them on commercial off-the-shelf (COTS) hardware.
This work aims at investigating the performance implications that result from migrating from a middlebox-based hardware deployment to a NFV-based software solution. Such analyses pave the way towards deriving guidelines that help determining in which network environments NFV poses a viable alternative to today’s middlebox-heavy architectures. To this end, a firewall is chosen as an exemplary network function and a performance comparison between a dedicated hardware device and a commercially distributed virtualized solution by the same vendor is drawn. This comparison focuses on the packet delay, while varying the load level that is applied to the network function under test. Based on traffic measurements of a university campus network, conclusions regarding possible fields of application are drawn.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
References
Asati, R., Pignataro, C., Calabria, F., Olvera, C.: RFC26201: Device Reset Characterization. IETF (2011)
Bradner, S., Dubray, K., McQuaid, J., Morton, A.: RFC6815: Applicability Statement for RFC 2544: Use on Production Networks Considered Harmful. IETF (2012)
Bradner, S., McQuaid, J.: RFC2544: Benchmarking Methodology for Network Interconnect Devices. IETF (1999)
Hickman, B., Newman, D., Tadjudin, S., Martin, T.: RFC3511: Benchmarking Methodology for Firewall Performance. IETF (2003)
Lange, S., Nguyen-Ngoc, A., Gebert, S., et al.: Performance benchmarking of a software-based LTE SGW. In: 2nd International Workshop on Management of SDN and NFV Systems (2015)
Morton, A.: Considerations for Benchmarking Virtual Network Functions and Their Infrastructure. Internet-Draft draft-morton-bmwg-virtual-net-03 (2015)
Overture, Brocade: Intel, Spirent, and Integra. NFV Performance Benchmarking for vCPE, Executive Summary (2015)
Salim, J.H., Olsson, R., Kuznetsov, A.: Beyond softnet. In: Proceedings of the 5th Annual Linux Showcase & Conference (2001)
Xu, J., Su, W.: Performance evaluations of Cisco ASA and linux IPTables firewall solutions. Master’s thesis, Halmstad University (2013)
Acknowledgment
This work has been performed in the framework of the SARDINE project and is partly funded by the BMBF (Project ID 16KIS0261). The authors alone are responsible for the content of the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gebert, S., Müssig, A., Lange, S., Zinner, T., Gray, N., Tran-Gia, P. (2017). Processing Time Comparison of a Hardware-Based Firewall and Its Virtualized Counterpart. In: Agüero, R., Zaki, Y., Wenning, BL., Förster, A., Timm-Giel, A. (eds) Mobile Networks and Management. MONAMI 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 191. Springer, Cham. https://doi.org/10.1007/978-3-319-52712-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-52712-3_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52711-6
Online ISBN: 978-3-319-52712-3
eBook Packages: Computer ScienceComputer Science (R0)