An SDN-based firewall shunt for data-intensive science applications
| dc.contributor.author | Miteff, Simeon | |
| dc.date.accessioned | 2016-09-19T10:30:29Z | |
| dc.date.available | 2016-09-19T10:30:29Z | |
| dc.date.issued | 2016 | |
| dc.description | A dissertation submitted to the Faculty of Engineering and the Built Environment, University of the Witwatersrand, Johannesburg, in fulfilment of the requirements for the degree of Master of Science in Engineering, 2016 | |
| dc.description.abstract | Data-intensive research computing requires the capability to transfer les over long distances at high throughput. Stateful rewalls introduce su cient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links [25]. To work around this challenge, the science DMZ design [19] trades o stateful packet ltering capability for loss-free forwarding via an ordinary Ethernet switch. We propose a novel extension to the science DMZ design, which uses an SDN-based rewall. This report introduces NFShunt, a rewall based on Linux's Net lter combined with OpenFlow switching. Implemented as an OpenFlow 1.0 controller coupled to Net lter's connection tracking, NFShunt allows the bypass-switching policy to be expressed as part of an iptables rewall rule-set. Our implementation is described in detail, and latency of the control-plane mechanism is reported. TCP throughput and packet loss is shown at various round-trip latencies, with comparisons to pure switching, as well as to a high-end Cisco rewall. Cost, as well as operations and maintenance aspects, are compared and analysed. The results support reported observations regarding rewall introduced packet-loss, and indicate that the SDN design of NFShunt is a technically viable and cost-e ective approach to enhancing a traditional rewall to meet the performance needs of data-intensive researchers | en_ZA |
| dc.description.librarian | GS2016 | en_ZA |
| dc.format.extent | Online resource (97 pages) | |
| dc.identifier.citation | Miteff, Simeon (2016) An SDN-based firewall shunt for data-intensive science applications, University of Witwatersrand, Johannesburg, <http://wiredspace.wits.ac.za/handle/10539/21061> | |
| dc.identifier.uri | http://hdl.handle.net/10539/21061 | |
| dc.language.iso | en | en_ZA |
| dc.subject.lcsh | Software-defined networking (Computer network technology) | |
| dc.subject.lcsh | Computer networks | |
| dc.subject.lcsh | Computer software | |
| dc.title | An SDN-based firewall shunt for data-intensive science applications | en_ZA |
| dc.type | Thesis | en_ZA |