Firewall-as-a-Service for Campus Networks Based on P4-SFC

Abstract

Taking care of security is a crucial task for every operator of a campus network. One of the most fundamental security-related network functions that can be found in most networks for this purpose are stateful firewalls. However, deploying firewalls in large campus networks, e.g., at a university, can be challenging. Hardware appliances that can cope with today's high data rates at the border of a campus network are not cost-effective enough for most deployments. Shifting the responsibility to run firewalls to single departments at a university is not feasible because the expertise to manage these devices is not available there. For this reason, we propose a cloud-like infrastructure based on service function chaining (SFC) and network function virtualization (NFV) that allows users to deploy network functions like firewalls at a central place while hiding most technical details from the users.