Ensure Symmetrical Traffic Flow, to prevent the Dropping of Response Packet by the Firewall, on the Active-Active Data Centers

Full Text (PDF, 1085KB), PP.1-15

Views: 0 Downloads: 0

Author(s)

Irwan Piesessa 1,* Benfano Soewito 1

1. Computer Science Department, BINUS Graduate Program - Master of Computer Science, Bina Nusantara University, Jakarta, Indonesia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2018.06.01

Received: 23 Feb. 2018 / Revised: 2 Apr. 2018 / Accepted: 11 May 2018 / Published: 8 Jun. 2018

Index Terms

Asymmetric routing, symmetric routing, Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Generic Routing Encapusulation (GRE)

Abstract

This paper illustrates the problem in the Active-Active Data Centers of an organization, where response traffic from the destination server is dropped by the firewall because the initial traffic from the client departs from another firewall in different Data Center (asymmetric traffic). This problem can be solved by two proposed solutions, namely the implementation of the BGP Community attributes and OSPF over GRE tunnel. The case study also compares both proposed solutions in terms of recovery time, packet loss, ICMP response time and TCP three-way handshake time for HTTP connection.

Cite This Paper

Irwan Piesessa, Benfano Soewito, "Ensure Symmetrical Traffic Flow, to prevent the Dropping of Response Packet by the Firewall, on the Active-Active Data Centers", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.6, pp.1-15, 2018. DOI:10.5815/ijcnis.2018.06.01

Reference

[1]Osunade, O (2012). A Packet Routing Model for Computer Networks. International Journal of Computer Network and Information Security. 4 (2012) 13-20.
[2]Bogdanoski, M., Shuminoski, T., & Risteski, A. (2013). Analysis of the SYN Flood DoS Attack. International Journal of Computer Network and Information Security.8 (2013) 1-11.
[3]Durai, A. (2008). Asymmetric Routing and Firewalls. Retrieved from Cisco Systems: https://www.cisco.com/web/services/news/ts_newsletter/tech/chalktalk/archives/200903.html
[4]Piens, T. (2015). DotW: Issues with Asymmetric Routing. Retrieved from Palo Alto Networks: https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Issues-with-Asymmetric-Routing/ta-p/65456
[5]Magnani, D., Carvalho, I., Noronha, T. (2016). Robust Optimization for OSPF Routing. International Federation of Automatic Control. 49-12 (2016) 461-466.
[6]Periyasamy, P., Karthikeyan, E. (2013). Survey of Current Multipath Routing Protocols for Mobile AD Hoc Networks. International Journal of Computer Network and Information Security. 12 (2013) 68-79.
[7]Hiran, R., Carlsson, N., & Shahmehri, N. (2017). Collaborative Framework for Protection Against Attack Targeting BGP and Edge Networks. Computer Networks, 122 (2017) 120–137.
[8]Cheng, P., Zhang, B., Massey, D., & Zhang, L. (2010). Identifying BGP Routing Table Transfers. Computer Networks, 55 (2011) 636–649.
[9]Rekhter, Y., Li, T., (1995). RFC 1771: A Border Gateway Protocol 4 (BGP-4). Retrieved from Internet Engineering Task For19 (IETF): https://tools.ietf.org/html/rfc1771
[10]Cisco Systems (2016). BGP Best Path Selection Algorithm. Retrieved from Cisco Systems: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html
[11]Cisco Systems (2013). What is Administrative Distance?. Retrieved form Cisco Systems: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html
[12]Parkhurst, W. (2002). Cisco OSPF Command and Configuration Handbook.Cisco Press. Indianapolis, USA.
[13]Cisco Systems. (2013). Cisco IOS IP Routing: BGP Command Reference. Retrieved from Cisco Systems: https://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp4.html
[14]Juniper Networks. hold-time (Protocols BGP). Retrieved on 20 February 2018 from Juniper Networks: https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/hold-time-edit-protocols-bgp.html
[15]Chandra, R., Traina P. (1996). RFC 1997: BGP Communities Attribute. Received from Internet Engineering Task Force (IETF): https://tools.ietf.org/html/rfc1997
[16]Dommety, G. (2000). RFC 2890: Key and Sequence Number Extensions to GRE. Retrieved from Internet Engineering Task Force (IETF): https://tools.ietf.org/html/rfc2890
[17]Farinacci, D., Li, T., Hanks, S., Meyer, D., Traina, P. (2000). RFC 2784: Generic Routing Encapsulation (GRE). Retrieved from Internet Engineering Task Force (IETF): https://tools.ietf.org/html/rfc2784
[18]Postel, J. (1981). Internet Control Message Protocol. RFC 1972. Retrieved from Internet Engineering Task Force: https://tools.ietf.org/html/rfc792.
[19]Pandya, P. (2013). TCP/IP Packet Analysis. Computer and Information Security Handbook. (2013) 499-512.