Traffic and overhead analysis of applied pre-filtering ACL firewall on HPC service network

Abstract

In an high-performance computing (HPC), supercomputing service environment, the security of infrastructure nodes that are points of contact for researchers is very important. We have applied various security devices such as anti-DDoS, IPS, firewall, web application firewall, and etc. on an HPC service network to provide more secure supercomputing services. Firewalls are a common and essential element of network security devices with the ability to block network traffic according to predefined rules. With the increasing demands for services, cyberattacks, as well as overheads on firewall policies have also increased. To reduce this overhead, in our previous research, we analyzed dropped packets log and performed a method on the firewall as Abnormal IP that can detect and deny anomalous IPs in real-time. As the number of abnormal IPs increased, the performance of the firewall significantly deteriorated. To solve this problem, we applied access control list (ACL) at the front-end of the firewall to perform pre-filtering, thereby improving the performance of the firewall on the HPC service network. This research is expected to contribute as a preliminary study in the HPC field by deriving pre-filtering ACL to reduce the CPU load of firewall server by showing the result of about 21.5% improvement in performance.