Traffic and Overhead Analysis of Applied Pre-filtering ACL Firewall on HPC Service Network

Jae-Kook Lee, Taeyoung Hong, and Guohua Li

10.23919/JCN.2021.000011

Abstract : In an high-performance computing (HPC), supercomputing service environment, the security of infrastructure nodes that are points of contact for researchers is very important. We have applied various security devices such as anti-DDoS, IPS, firewall, web application firewall, and etc. on an HPC service network to provide more secure supercomputing services. Firewalls are a common and essential element of network security devices with the ability to block network traffic according to pre-defined rules. With the increasing demands for services, cyberattacks, as well as overheads on firewall policies have also increased. To reduce this overhead, in our previous research, we analyzed dropped packets log and performed a method on the firewall as Abnormal IP that can detect and deny anomalous IPs in real-time. As the number of abnormal IPs increased, the performance of the firewall significantly deteriorated. To solve this problem, we applied access control list (ACL) at the front-end of the firewall to perform prefiltering, thereby improving the performance of the firewall on the HPC service network. This research is expected to contribute as a preliminary study in the HPC field by deriving pre-filtering ACL to reduce the CPU load of firewall server by showing the result of about 21.5% improvement in performance. 

Index terms : Network performance, network security, traffic analysis, traffic overhead.