aalto1 untyped-item.component.html
Evaluating the performance of netfilter architecture in private realm gateway
Loading...
URL
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
Department
Major/Subject
Mcode
ELEC3029
Language
en
Pages
6+70
Series
Abstract
Network address translation(NAT) was introduced to decelerate the IPv4 ad- dresses depletion through separation of a network into the public and private realm. The hosts in a private network connect to the public Internet by sharing a pool of public IP addresses, and NAT acts as a gateway between the public and the private networks. Although NAT alleviates the problem of addresses deple- tion, it leads to a reachability problem as NAT would generally block any outside connections to the private network from the Internet.
This thesis examines a new concept called Private Realm Gateway(PRGW) which is developed to overcome the shortcoming of NAT. PRGW imitates the NAT func- tionality and allows the inbound connections initiated from the public networks towards a private realm via the Circular Pool of Public Addresses (CPPA). PRGW provides interoperability between the legacy IP network and hosts in the private networks and vice-versa, using pre-existing TCP/IP protocols and applications.
PRGW has been implemented on top of Linux operating system, and therefore, the primary approach in this thesis is to evaluate the forwarding performance of Linux kernel networking (Netfilter subsystem), as well as inspect the possible performance tuning methods to achieve higher packets processing rates.
The performance of Netfilter is evaluated by offering heavy traffic load to measure packet forwarding capability, memory usage by IP traffic as well as overloading the CPU process. In addition, the stateful mechanism for packet filtering and NAT routing was evaluated using appropriate iptables lookup and packets traversing through different chains. When conducting the various tests, by adjusting different parameters in Linux Netfilter subsystem revels that the PRGW can be deployed over the Linux architecture.