Abstract
A single firewall becomes traffic bottleneck depending on network expansion, number of connections and throughput required. The present paper describes a method of interconnecting the firewalls at multiple geographic locations through Open source network. The placement of firewall and routing device along with protocols will form the proposed optimized system to improve overall network security and scalability. To evaluate the performance of the approach, authors carried out performance testing under laboratory setup. OpenBSD PF firewalls processed 360 kpps of traffic with 80 % CPU load. Further, design for site requiring higher capacity is proposed and forwarding performance of firewalls is tested with different packet sizes under laboratory traffic by changing maximum transmission unit (MTU). Dynamic extension of design is proposed to connect to other networks using dynamically routed interconnections.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sheth, C., Thakker, R.: Performance evaluation and comparative analysis of network firewalls. In: IEEE International Conference on Devices and Communications (ICDeCom), pp. 1–5. IEEE Press (2011)
Bush, R., Griffin, T.G.: Integrity for virtual private routed networks. In: 22nd Conference of the IEEE Computer and Communications (INFOCOM), pp. 1467–1476. IEEE Press (2003)
Hamed, H., Al-Shaer, E., Marrero, W.: Modeling and verification of IPSec and VPN security policies. In: 13th IEEE International Conference on Network Protocols, pp. 259–278. IEEE Press (2005)
Zaharuddin, M.H.M., Rahman, R.A., Kassim, M.: Technical comparison analysis of encryption algorithm on site-to-site IPSec VPN. In: IEEE International Conference on Computer Applications and Industrial Electronics, pp. 641–645. IEEE Press (2010)
Mai, J., Du, J.: BGP performance analysis for large scale VPN. In: IEEE International Conference on Information Science and Technology, pp. 722–725. IEEE Press (2013)
Almandhari, T.M., Shiginah, F.A.: A performance study framework for Multi-Protocol Label Switching (MPLS) networks. In: IEEE 8th GCC Conference and Exhibition, pp. 1–6. IEEE Press (2015)
U-chupala, P., Uthayopas, P., Ichikawa, K., Date, S., Abe H.: An implementation of a multi-site virtual cluster cloud. In: 10th IEEE International Joint Conference on Computer Science and Software Engineering, pp. 155–159. IEEE Press (2013)
Check Point Software Technologies Ltd., https://sc1.checkpoint.com/documents/R76/
Lencse, G., Repas, S.: Performance analysis and comparison of different DNS64 implementations for Linux, OpenBSD and FreeBSD. In: IEEE 27th International Conference on Advanced Information Networking and Applications, pp. 877–884. IEEE Press (2013)
Attebury, G., Ramamurthy, B.: Router and firewall redundancy with OpenBSD and CARP. In: IEEE International Conference on Communications, pp. 146–151. IEEE Press (2006)
PF: The OpenBSD Packet Filter, http://www.openbsd.org/faq/pf/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Sheth, C., Thakker, R.A. (2016). Scalable Design of Open Source Based Dynamic Routed Network for Interconnection of Firewalls at Multiple Geographic Locations. In: Satapathy, S., Das, S. (eds) Proceedings of First International Conference on Information and Communication Technology for Intelligent Systems: Volume 1. Smart Innovation, Systems and Technologies, vol 50. Springer, Cham. https://doi.org/10.1007/978-3-319-30933-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-30933-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30932-3
Online ISBN: 978-3-319-30933-0
eBook Packages: EngineeringEngineering (R0)