In the era of constantly evolving network services, the more versatile and more modular software based solutions are quickly taking over the popularity of the usual hardware-based ones. These virtualized, cloud-based software implementations can be more advantageous both in terms of scalability and customizability. One such software-based solution relies on Software Defined Networking and Network Function Virtualization, two different techniques that can be employed jointly to realize complex network scenarios.
The key concept is that systems are built using modules, with each module implementing a specific virtual network service. These modules may be chained one after another to create custom filters, or custom services, in general. For example, a firewall and various traffic filtering modules may be chained with a Virtual Private Network (VPN) concentrator to achieve a stricter and/or more secure VPN service. While the use cases and possibilities are endless, relatively few such building blocks (Virtual Network Functions) exist today. The Zorp GPL application proxy firewall offers several services, functions, and application programming interfaces that make it easy to implement different network functions, be it simple or more complex. Among the open source private cloud platforms, OpenStack is the most popular, which is also used by several proof-of-concept 5G implementations.
The goal of my thesis is to design, implement, and automate such functions in an OpenStack environment using the Zorp application proxy firewall developed by BalaSys IT Ltd.