



尤其需要加强分析、建模和网络防火墙性能模拟,以预测网络中防火墙的效率,预测网络防火墙在DDoS攻击下的有效性和效率(Rao 1-11)。这进而帮助防火墙设计者和系统管理员了解影响性能的基本参数和瓶颈,以及执行获得最佳性能所需的调优。此外,性能分析还有助于快速回答与设计和操作相关的各种问题。这进一步帮助防火墙的设计者进行单独的设计削减,以减少设计备选集(Rhodes-Ousley 14-25)。然后,他们利用模拟过程或实验来评估一些好的设计的资产的性能,在系统被建立和部署到网络的个别环境之前。


即使防火墙代表了DDoS攻击发生时的一个重要故障点,但仍然没有任何标准化的程序来评估防火墙在攻击期间的性能(Pal et al. 159-163)。根据所收集的知识,这类软件仍然需要在市场上占主导地位。其关键原因在于,防火墙的实现差异很大,这使得在直接性能和间接性能之间进行比较时存在问题。随着公司中防火墙部署的增加,可以看到在网络上出现了一个问题。这个问题是关于这些公司所购买的产品是否经得起考验,是否能够承受较重的负荷。


在这样的设置中使用的三个防火墙系统都由有状态网络组成(Patel 9-12)。这些网络有能力跟踪在整个网络中运行的与连接相关的状态网络。通过保存连接状态的记录,有状态类型的防火墙在检查数据包方面提供了额外的效率。这是因为对于当前的连接,防火墙只需要检查表状态,而不是检查与防火墙规则集相反的包(Shin et al. 26-29)。这可以是一种广泛的形式。从表状态中删除这种陈旧的关系。为了防止表状态被填满,会话在特定时间段内没有任何流量通过时超时。


There is an enhancement in demand particularly to indulge in analysis, modelling and network firewalls performance simulation for predicting how efficient the firewall in the network is, for predicting the network firewall effectiveness and efficiency under the attacks of DDoS (Rao 1-11). This, in turn, helps the designers of firewalls as well as administrators of the system to understand essential parameters and bottlenecks which influence this performance along with performing the requires tuning for gaining performance of optimal nature. Analysis of performance furthermore can help in providing answers quickly for various design and operation related questions. This further helps the designers of firewalls in carrying out an individual design cut for reducing the design alternative sets (Rhodes-Ousley 14-25). Then they make use of simulation processes or experimentation for assessing the performance of assets of some good designs prior to systems being built and deployed into individual environments of networks.

Even after the fact that firewalls represent one of the essential failure points at the time when an attack of DDoS is taking place, but still it does not exist any standardized procedure to evaluate the performance of firewall during the attack (Pal et al. 159-163). Such software is still required to prevail in the market as per the knowledge collected. The key reason for this lies in the fact that implementation of firewalls widely vary and this makes it problematic for carrying out comparisons between direct performance and indirect one. With the rise in deployment of firewalls in firms, it will be seen that over the network there is a question which arises. This question is with regard to whether the products being purchased by these firms stands up and is able to sustain the heavy loads relatively or not.

All of the three systems of firewalls utilized within such a set up comprise of stateful networks (Patel 9-12). These networks have the ability to keep track of the connection related state network that is travelling throughout it. Through keeping a record of the state of connection, the firewalls of stateful type result in providing the addition of efficiency with regard to the inspection of the packet. This is due to the fact that for current connections, the firewall only requires checking the table state rather than checking the packet in opposition to the rule set of the firewall (Shin et al. 26-29). This can be of an extensive form. Such stale relationships get removed from the table state. For preventing the table state from being filled, sessions are timed out when no traffic is being passed for a specific time period.