NFV based firewall

Project Title

NFV based firewall

Project Area of Specialization Cyber SecurityProject Summary

Network functions virtualization (NFV) is an initiative to virtualize network services that traditionally run on proprietary, dedicated hardware. NFV based firewall adds features such as auto-scaling, auto-healing, low CAPEX(capital expenditure) and OPEX(operational expenditure) cost. The firewall runs on docker container(s) and kubernetes (k8s) is used to orchestrate it. The firewall is capable of doing layer 7 filtering. The overall monitoring of the whole system that contains multiple firewall containers is performed by ELK(elastic search, logstash & kibana) to give system level information.

Project Objectives

•  Implementation of firewall using snabb (opensource NFV switch) and nDPI(network deep packet inspection) for layer-7 filtering in application containers I.e Docker.
•  Implementation of ELK stack in docker-containers.
•  Integration of containerized firewall with ELK stack for visualizing filtered network traffic through APIs.
•  Orchestration of docker-containers through Kubernetes(k8s).
•  Testing of firewall
•  Optimization (if necessary)

Project Implementation Method

Initial testing of docker, kubernetes, nDPI and ELK on native environment. Integration of these implemented tools in native environment(host machine). After successful implementation and integration, imported this whole environment on docker-containers. We are implementing firewall through nDPI and snabb in docker container. A docker file(script) is written having capability to run nDPI and layer-7 filtering firewall in a container.

One container has layer-7 capturer (nDPI) that accept packets from one NIC and send its metadata to second container which has layer-7 firewall running in it. Firewall rules are defined in it that filters traffic and route it to other NIC. It is described in docker file for both containers, thus making a multi-container application then these containers are being mapped to physical NICs to capture traffic from one side and filter at other. Also these containers are exposed at specific ports to access them from external network(s).

Then for container orchestration, auto-healing and auto-scaling,we used Kubernetes. Using custom metrics and APIs we set threshold (i.e 10%) on CPU resources that if the threshold is crossed the horizontal pods scaling will be done to scale up CPU resources which is known as auto-scaling. When it comes to normal state K8S will downscale pods and they’ll be destroyed. The scaling based on network traffic can also be achieved through it. For that we need to write custom metrics. Similarly, if a container in a pod is crashed or bug/error hits it, K8S will launch a new container as a replica set of previous one without human interaction, this is the concept of auto-healing reducing HR. This whole process is monitored at Kubernetes dashboard.

On the basis of pre-defined rules in Snabb, the traffic rules in json format are stored in elastic search database then kibana will visualize those logs on real time showing layer-7 filtered traffic on graphs. The nDPI extracts layer-7 packet payload and compare with firewall rules and matches metadata/payload, on this basis it blocks or allow network traffic.

ELK stack is a multi-container application,elastic search, logstash and kibana are running in separate containers and are dependent on each other, they communicate with each other through APIs. Each service of firewall forms a multi-container application to visualize the network traffic that is either being passed or blocked on basis of defined rules.

Benefits of the Project

Adopting the NFV for applications and services can be fruitful in saving capital expenditure and operational expenditure. Especially for the firms that are willing to optimally utilize their resources to achieve efficiency in processing of applications,speed is concern, and to generate revenue is goal. The concept of CI/CD continuous integration and continuous delivery/deployment helps reducing HR, as one person known as devop(s) can do both work as a developer and can manage operations. Secondly, running applications in docker containers is beneficial where application is treated as small services, if one service of application goes down, it doesn’t affect whole application.

The important thing about this platform is that it’s not only limited to Networks or Telecom but it can be used in any system/industry.

Technical Details of Final Deliverable

The final goal is to have NFV based firewall in docker-container with multiple features including auto-healing and auto-scaling. In this regard the steps involved are:

1. Layer-7 filtering is done through the integration of nDPI and Snabb switch. The rules are defined on basis of which network traffic will be monitored and filtered. For example, if we want to block HTTPS traffic, we can add rule in firewall to perform corresponding action.

2. The firewall is shifted to docker containers. Multiple containers are made that communicate with each other and each container has a service running in it. Thus making a multi-container application with advanced features to hit processing speed up to 10G.

3. In next phase, Kubernetes an open-source tool is used so it can help in orchestration of containers (application/service running in them).

4. Integration of ELK with firewall. The database of elastic search have logs generated by logstash, kibana ultimately visualizes the network traffic flow, the blocked and allowed traffic record is also maintained. Kibana provides graphical user interface and visualize the network traffic.

Final Deliverable of the Project HW/SW integrated systemType of Industry IT , Security , Telecommunication Technologies Cloud InfrastructureSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources

Item Name	Type	No. of Units	Per Unit Cost (in Rs)	Total (in Rs)
			Total in (Rs)	78000
DELL Server(used)	Equipment	1	70000	70000
Poster Printing	Miscellaneous	2	4000	8000