论文信息 - Ensure Symmetrical Traffic Flow, to prevent the Dropping of Response Packet by the Firewall, on the Active-Active Data Centers

Ensure Symmetrical Traffic Flow, to prevent the Dropping of Response Packet by the Firewall, on the Active-Active Data Centers

This paper illustrates the problem in the Active-Active Data Centers of an organization, where response traffic from the destination server is dropped by the firewall because the initial traffic from the client departs from another firewall in different Data Center (asymmetric traffic). This problem can be solved by two proposed solutions, namely the implementation of the BGP Community attributes and OSPF over GRE tunnel. The case study also compares both proposed solutions in terms of recovery time, packet loss, ICMP response time and TCP three-way handshake time for HTTP connection.

Benfano Soewito | Irwan Piesessa | B. Soewito | Irwan Piesessa

[1] Niklas Carlsson,et al. Collaborative framework for protection against attacks targeting BGP and edge networks , 2017, Comput. Networks.

[2] Gopal Dommety,et al. Key and Sequence Number Extensions to GRE , 2000, RFC.

[3] O. Osunade,et al. A Packet Routing Model for Computer Networks , 2012 .

[4] Mitko Bogdanoski,et al. Analysis of the SYN Flood DoS Attack , 2013 .

[5] Daniel Massey,et al. Identifying BGP routing table transfers , 2011, Comput. Networks.

[6] E. Karthikeyan,et al. Survey of Current Multipath Routing Protocols for Mobile AD Hoc Networks , 2013 .

[7] Iago A. Carvalho,et al. Robust Optimization for OSPF Routing , 2016 .

[8] Jon Postel,et al. Internet Control Message Protocol , 1981, RFC.

[9] Yakov Rekhter,et al. A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[10] William R. Parkhurst. Cisco OSPF Command and Configuration Handbook , 2001 .