Evaluation of Offloading Firewall Rules with P4
University of Wuerzburg, (2017)

Contact: nicholas.gray@informatik.uni-wuerzburg.de Firewalls are classical network middle boxes, which are physically implemented within the data path. Following this design pattern causes the network to become inflexible and harder to scale as additional hardware devices have to be deployed whenever the limits of the current configuration are reached, resulting in a high maintenance and requisition cost. Network Function Virtualization (NFV) is a novel paradigm aiming to mitigate these drawbacks by shifting the function of hardware middle boxes to software programs run on Commodity of the Shelf servers. While increasing the network flexibility, it also imposes additional delays on the data path as the complete networking and software stack has to be traversed for each packet. P4 allows the execution and packet matching process on inexpensive, programmable networking cards at line rate. Goal of the thesis is the implementation and evaluation of a distributed stateful firewall based on P4.
  • @uniwue_info3
This publication has not been reviewed yet.

rating distribution
average user rating0.0 out of 5.0 based on 0 reviews
    Please log in to take part in the discussion (add own reviews or comments).