Publication: EMULACIÓN DE UN FIREWALL EN UN ENTORNO VIRTUALIZADO PARA UNA PRUEBA DE CONCEPTO
No Thumbnail Available
Date
2017
Authors
CONTRERAS CONTRERAS, JUAN CLAUDIO
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Hoy más que nunca las empresas necesitan tener por un lado una alta disponibilidad de sus redes de datos, pero al mismo tiempo requieren hacer cambios para incorporar nuevos equipos y/o servicios para mejorar los existentes o para desarrollar nuevos negocios. Dado lo anterior, es recomendable hacer una prueba de concepto en entornos virtualizados antes de realizarlos en la red productiva o en el datacenter, especialmente si estos equipos no están en sus instalaciones físicas.Uno de los mayores problemas a los que se enfrentan las empresas para realizar las PoCs (Proof of Concept), es principalmente que el equipamiento físico es costoso (aunque sea arriendo temporal) y normalmente requiere mucho tiempo en su implementación, además de utilización de espacio físico, clima, energía y conectividad en datacenters, además de costos posteriores de mantención y operación.En este trabajo, primero se describen las funcionalidades más importantes de los software de emulación (GNS3, Mininet, Packetracer) más conocidos que pueden resolver el problema anteriormente planteado.Posteriormente se definió un criterio multifactorial y se aplicó un puntaje a los distintos parámetros de cada software de emulación, se finalizó esta etapa con una ponderación de estos puntajes, una componente técnica y otra económica, así, el software que obtuvo el mayor puntaje, fue el software seleccionado para realizar el PoC.Las pruebas que se realizaron fueron:1. Configurar un Firewall virtual ASAv10 (Cisco) en un ambiente emulado dentro de un notebook y comparar algunas funcionalidades básicas con un dispositivo real ASA5555-X (Cisco). Primero se instaló el Firewall físico dentro de una red real y se obtuvieron medidas de tráfico y conectividad que posteriormente fueron comparadas con el Firewall virtual que reemplazo al físico.2. Diseñar e implementar una prueba de concepto (alta disponibilidad, escenarios de falla, tiempo de restauración, etc) con una red emulada. Primero se implementó una red virtual de tamaño mediano dentro de un notebook, se testearon algunas funcionalidades y posteriormente se implementó un nuevo Firewall como si fuese un trabajo real, registrando los tiempos en cada paso, se finalizó testeando la conectividad que pasa a través del Firewall y las reglas previamente definidas.
Today more than ever, companies need to have a high availability of their data networks, but at the same time they need to make changes to incorporate new equipment and/or services to improve existing ones or to develop new businesses. Given the foregoing, it is advisable to make a proof of concept in virtualized environments before performing them on the production network or in the datacenter, especially if these equipments are not in their physical installations.One of the biggest problems facing companies to perform the POCs (proof of concept), it is mainly that the physical equipment is expensive (although it is temporary lease) and usually requires a lot of time in its implementation, in addition to the use of physical space, climate, energy and connectivity in datacenters, in addition to subsequent maintenance and operation costs.In this document, in the first place, was described the most known emulation software (GNS3, Mininet, Packetracer) and their principal features, that can solved the problem previously mentioned.Later, a multifactorial criterion was defined and a score was applied to the different parameters of each emulation software, this stage was completed with a weighting of these scores, a technical and other economic component, thus, the software that obtained the highest score, was the software selected to perform the PoC.The tests that were executed were:1. Configure a virtual firewall ASAv10 (Cisco) in an emulated environment within a notebook and compare some basic features with a real device ASA5555-X (Cisco). The physical firewall was installed within a real network, and traffic and connectivity measures obtained were compared later with the virtual firewall that replaced the physical firewall.2. Design and implement a PoC (high availability, failure scenarios, restore time, etc) with an emulated network. A medium size virtual network was implemented inside a notebook, some functionalities were tested and then a new firewall was implemented as if it were a real activity, recording the times at each step, it was ended testing the connectivity that passes through the firewall and the previously defined rules.
Today more than ever, companies need to have a high availability of their data networks, but at the same time they need to make changes to incorporate new equipment and/or services to improve existing ones or to develop new businesses. Given the foregoing, it is advisable to make a proof of concept in virtualized environments before performing them on the production network or in the datacenter, especially if these equipments are not in their physical installations.One of the biggest problems facing companies to perform the POCs (proof of concept), it is mainly that the physical equipment is expensive (although it is temporary lease) and usually requires a lot of time in its implementation, in addition to the use of physical space, climate, energy and connectivity in datacenters, in addition to subsequent maintenance and operation costs.In this document, in the first place, was described the most known emulation software (GNS3, Mininet, Packetracer) and their principal features, that can solved the problem previously mentioned.Later, a multifactorial criterion was defined and a score was applied to the different parameters of each emulation software, this stage was completed with a weighting of these scores, a technical and other economic component, thus, the software that obtained the highest score, was the software selected to perform the PoC.The tests that were executed were:1. Configure a virtual firewall ASAv10 (Cisco) in an emulated environment within a notebook and compare some basic features with a real device ASA5555-X (Cisco). The physical firewall was installed within a real network, and traffic and connectivity measures obtained were compared later with the virtual firewall that replaced the physical firewall.2. Design and implement a PoC (high availability, failure scenarios, restore time, etc) with an emulated network. A medium size virtual network was implemented inside a notebook, some functionalities were tested and then a new firewall was implemented as if it were a real activity, recording the times at each step, it was ended testing the connectivity that passes through the firewall and the previously defined rules.
Description
Catalogado desde la version PDF de la tesis.
Keywords
ENTORNOS VIRTUALIZADOS , PROOF OF CONCEPT , PRUEBA DE CONCEPTO , SOFTWARE DE EMULACION