Deploying Secure Distributed Systems: Comparative Analysis of GNS3 and SEED Internet Emulator
Abstract
:1. Introduction
1.1. Research Motivations
- The investigation of how network emulation and hybrid systems can provide advanced control and flexibility when integrated with existing infrastructure, enabling organizations to adapt to changing business needs and network demands.
- To explore the ability to use network emulation and hybrid systems for offering a cost-effective and efficient solution for businesses, particularly SMEs, by combining existing physical infrastructure with an emulation architecture.
1.2. Research Contributions
- Providing a comprehensive analysis of cybersecurity in virtualization technology, networking, and hybrid systems, including cryptographic mechanisms, and a security evaluation through an exploration of evidence-based related literature (Section 2).
- Conducting a performance comparison of network emulation systems and a hybrid system, considering specific benchmarks such as the bandwidth, latency, throughput, and other relevant metrics (Section 5), as well as evaluating the energy consumption and cost-effectiveness through data analysis and addressing the reliability and usability considerations around the platforms (Section 6).
- Analyzing the deployment and application of hybrid emulation systems, combining physical Cisco infrastructure with emulated (GNS3) components, and conveying an evaluation, including identifying the strengths, challenges, and notable findings of hybrid emulation (Section 4), as well as providing specific recommendations for its implementation, optimization, and further enhancements (Section 6).
2. Background
2.1. Emulated and Virtualized Systems
2.1.1. Network Emulation vs. Virtualization
2.1.2. Hypervisors and Data Privacy
2.2. Vulnerabilities, Exploitation, and Remediation Techniques in Emulated Networks and Virtualized Systems
2.3. Related Work
2.4. Network Performance Comparison
2.5. Hybrid System Deployment
3. Methodology
- Literature review: Firstly, we conducted a comprehensive review of recent and relevant academic literature in the field of network emulation. We explored emerging network emulation platforms and identified opportunities for hybrid emulation configuration and deployment.
- Network design and development: We built and configured a six-node network on different platforms: physical, GNS3, the SEED Internet Emulator, and hybrid, creating a data center topology. To maintain consistency, we utilized Cisco CLM appliances as routers in GNS3, programmatic nodes in the SEED Internet Emulator, and physical devices in the physical network using the OSPF protocol. The data center architecture was chosen for its widespread use and relevance in data center network construction, as highlighted by Luo et al. [41]. This model consisted of three layers: the core layer, distribution layer, and access layer.We employed a NAT node to provide outside Internet connectivity using one of the Network Interface Cards (NICs) on the host server. The host server connects to the Internet Service Provider (ISP) through a TP-Link Powerline. When connecting the hybrid system, we used the Cloud Node to connect to other devices using the OSPF protocol for dynamic routing. Additionally, we developed the same network topology in Python using the Internet Emulator platforms and Docker containers. This allowed us to build a six-node emulated network that uses the OSPF protocol, designed to the same specification as the GNS3 network. Once completed, we created a solution using physical Cisco routers and the GNS3 network with the OSPF protocol, along with a bridged network adapter supporting Network Address Translation (NAT). The network design is shown in Figure 2, representing a data center model that can be further expanded into a Campus Area Network (CAN) model consisting of conceptually different locations across a campus.
- Data collection and analysis: In this step, we employed automated scripts for data collection: using bash for the Internet Emulator under Linux and the proprietary Cisco TCLsh for the GNS3 network and the physical Cisco appliances. These scripts enable systematic and reliable data collection while minimizing measurement errors. We executed the scripts by repeating the measurements 1000 times. Once completed, we conducted a statistical analysis to compute latency metrics such as the minimum, maximum, average, median, and standard deviation, as well as jitter.
- Energy efficiency and cost analysis: In this step, we considered two additional criteria for the networks regarding economic benefits. We compared the energy consumption of all network models and performed a cost analysis to understand the economic implications of adopting these networks in a business context.
- Network comparison: In this step, we compared the performance of the network models and platforms to identify their advantages, constraints, and limitations. By analyzing and presenting the performance criteria, we can make comparisons to the SEED Internet Emulator, GNS3, physical, and hybrid solutions to begin identifying meaningful adoption based on the results.
- Evaluation and recommendations: After completing the experiments and the network comparison, we performed an overall evaluation and provide recommendations based on the comparison of the various network models.
4. Network Models under Test
5. Network Performance Comparison
- Bandwidth
- Throughput
- Latency
- Jitter
- Energy Consumption
5.1. Routing Protocols
OSPF vs. EIGRP
5.2. Methods for Controlling Network Performance
- Subnetting: Grouping together endpoints that communicate most frequently can reduce latency across the network.
- Traffic shaping: By utilizing the QoS, traffic shaping, and bandwidth allocation, it is possible to improve latency for specific network segments.
- Load balancing: Load balancing distributes traffic to areas of the network with the capacity to handle the additional activity.
- Class-map: Categorize traffic into groups.
- Policy-map: Allocate the quantity of bandwidth and priority to the traffic from the class-map.
5.3. Energy Consumption
6. Results and Evaluation
6.1. Bandwidth and Throughput
6.2. Latency and Jitter
6.2.1. GNS3 Network
6.2.2. SEED Internet Emulator Network
6.2.3. Hybrid System
6.3. Energy Consumption Comparison
- Energy Data Collection
- Defining energy consumption measurement: We measured energy consumption in kilowatt-hours (kWh), as it is the universal standard for measuring electricity consumption.
- Defining the data collection scope: We measured the energy consumption of all variations of the network technology used in the study.
- Defining the rationale of measuring device choice: We used the Anglerfish Smart Meter Energy Monitor for data collection.
- Defining device implementation: We simply installed the device in the electric output socket and used an extension cable (consisting of twelve outlets) to provide power to the devices.
- Data analysis We recorded the collected data through the device in Table 7 to observe the variations in network consumption.
6.4. Cost Evaluation
6.4.1. Infrastructure
6.4.2. Depreciation
6.4.3. Maintenance and Reliability
- Network security: Ensuring a secure network environment by implementing contemporary and robust defense systems and mechanisms, such as access control, intrusion detection, and firewalls. The cost of acquiring and maintaining security solutions, as well as the associated personnel required to manage them, should be considered. In GNS3, these security measures can be implemented by integrating specific appliances such as pfSense, which can be attached to the network to provide firewall functionality and other security features. Similarly, the SEED Internet Emulator allows the use of programmable code integrated into the emulated network, which enables the deployment of various firewall software and other security solutions. Both platforms offer flexibility in choosing appropriate security solutions to protect the emulated networks effectively. By investing in robust security measures, potential threats can be mitigated, and the overall network resilience and data protection can be significantly enhanced.
- Network performance: Ensuring the optimal network speed and reliability of devices, which includes managing bandwidth usage and minimizing delay times.
- Network scalability: Ensuring that the network design and nodes can accommodate the operational demands, such as the number of users, locations, and business functions. To achieve this, it is essential to design the networks with scalability in mind. For instance, using open-source communication protocols such as OSPF can facilitate multi-vendor networking, and in GNS3 and the SEED Internet Emulator, designing the network to allow for the easy attachment of additional nodes contributes to scalability.
- Hardware and software updates: Regularly updating both the hardware and software elements of the network is crucial for maintaining security, performance, and compatibility. This involves ensuring all hypervisors and Virtual Machines (VMs) are kept up-to-date, along with the platforms running the emulated network.
- Infrastructure compliance: Ensuring that the network adheres to relevant policies and legislative requirements. This includes meeting security standards, data protection regulations, and any other compliance obligations applicable to the specific network environment.
- Network repairs: Proactively identifying and resolving problems before they escalate is essential for network stability. This can involve implementing measures such as regularly backing up GNS3 project files to prevent data corruption and creating copies of the code used for SEED Internet Emulator deployments, allowing for easy recovery in case of issues.
- System availability: This metric represents the ratio of the system’s actual operating time to the total time it is expected to be available. Ensuring availability in GNS3 requires attention to various factors, such as the GNS3 VM (GNS3 server)—which stores and runs all virtual devices, VMs providing services, and network nodes. Regular audits should be conducted to ensure all components of the emulated network are in optimal condition. On the other hand, the SEED Internet Emulator does not depend on decentralized factors such as external VMs. However, it is essential to take precautions to secure all the relevant files required for emulation. Any accidental removal, corruption, or unauthorized access to these files could potentially lead to system unavailability.
- Mean time between failures (MTBF): The MTBF is the average time between system or component failures. To calculate this, we divide the system’s total operating time by the number of downtime incidents that occur. Both GNS3 and the SEED Internet Emulator offer software-based appliances, eliminating the risk of specific device failures that were common in physical appliances. However, since both platforms rely on a single host system for emulation, there is a potential single point of failure. In the event of a server breakdown, whether due to natural causes or a cyber-attack, the entire emulation system could become unavailable. To mitigate this risk, it is crucial to have proper backup and redundancy measures in place to ensure the continuity of operations and minimize downtime.
- Mean Time To Repair (MTTR): This is the measurement of how long it will take for a failed or disabled system component to return to operational. This is calculated by the time period of system downtime and dividing it by the number of downtime incidents. Both GNS3 and the SEED Internet Emulator can suffer from having a particular device failing despite it being in logical rather than physical format; in the case of a broken node, this can be simply fixed by restarting the node virtually or deleting the node and dragging in a new one. One of the significant benefits of doing this is that the logistical element is removed as there is no need to wait for a new device to be delivered; this can be performed in a matter of seconds.
- Mean Time To Failure (MTTF): The MTTF represents the average lifetime period of a system or component that cannot be repaired. It is calculated by adding the total operating time before failure and dividing that by the quantity of these assets in use. Both GNS3 and the SEED Internet Emulator do not face this concern with their network nodes, as more nodes can be easily added to the network, ready to take over from a failing node. However, it is worth noting that the host server itself can be susceptible to this issue.
6.5. Network Security
6.5.1. Vulnerabilities
6.5.2. Security Evaluation
- Software version: Ensure that all platform software, including any Virtual Machines (VMs) and hypervisors used, are running the latest and most-stable versions. Regularly updating software helps to address security vulnerabilities and improve overall system performance.
- Platform security and configuration analysis: Conduct a thorough evaluation of the platform’s configuration settings, network settings, node configurations, and security features. Identify any weak or misconfigured settings that could potentially create vulnerabilities in the system. Addressing these issues will enhance the platform’s overall security condition.
- Access and identity management: Analyze and assess the effectiveness of the access control mechanisms and identity management processes used by the platform. This includes evaluating username and password combinations, as well as integration with external authentication systems to ensure only authorized users can access the network resources.
- Analysis of emulated network nodes: Perform security analysis on emulated components within the platform, such as routers, switches, and VMs. Pay specific attention to the security of different node models, such as Cisco equipment, to identify potential vulnerabilities and address them proactively.
- Traffic analysis: Monitor network traffic for anomalies during the testing and production phases. Identify unencrypted communication, unauthorized network traffic, and potentially malicious network activity. Timely detection and response to such incidents can prevent security breaches and data compromises.
- Vulnerability testing: Conduct vulnerability testing and analysis by scanning the emulated network for open ports, services, and potential weaknesses. Assess the severity of identified vulnerabilities and take appropriate measures to remediate them promptly.
- Compliance: Evaluate relevant industry standards and regulations that the platform should comply with, such as PCI-DSS [70], GDPR [71,72], ISO 27000 Series [73], NIST 800 Series [74], and Network Security Design (SS-018) [75]. Ensure the platform adheres to these standards and assess any vulnerabilities that could impact compliance. Maintaining compliance helps to protect sensitive data and maintain a high level of security within the network.
6.5.3. Cryptographic Mechanisms
- Secure Shell (SSH): Host Systems: Secure Shell (SSH) should be used to secure remote access to the host systems where GNS3 and the SEED Internet Emulator are installed. Ensure that the host systems have been configured to allow SSH connections only from trusted sources and strong authentication methods are enforced. VMs/containers: Within GNS3 and the SEED Internet Emulator, SSH can be used to securely access and manage VMs and containers. By connecting to the VMs/containers through SSH commands and using IP address filtering, you can control access and protect sensitive configurations.
- Internet Protocol Security (IPsec): Built-in capabilities: Both host systems, GNS3, and the SEED Internet Emulator, support IPsec as a suite of protocols for securing communication at the IP layer. Ensure that IPsec is correctly configured on the emulated network devices and VMs/containers to encrypt and authenticate network packets, maintaining confidentiality, and integrity.
- Transport Layer Security (TLS): Built-in capabilities: GNS3 and the SEED Internet Emulator enable secure communication using TLS. In GNS3, TLS can be utilized for encrypted communication between compatible virtual appliances and machines within the environment. SEED Internet Emulator and TLS: Although the SEED Internet Emulator does not natively provide support for TLS, you can manually configure TLS on the operating system that the SEED Internet Emulator is installed on. This ensures secure communication within the emulator environment.
- Virtual Private Network (VPN): Both platforms can be configured with either OpenVPN or IPsec VPN to establish secure network connections between physical and virtual locations. A VPN server can be set up on a virtual appliance to simulate secure communications between virtual clients and locations.
6.5.4. Summary
6.6. Usability
- Learnability: The system should be simple to understand, allowing users to start working immediately.
- Efficiency: The system should be efficient to use, enabling a high level of productivity once learned.
- Memorability: Users should be able to retain their knowledge of the system, allowing for easy re-use after a period of time.
- Errors: The system’s error rate should be low, preventing users from encountering errors during usage.
- Satisfaction: The system should provide a pleasant experience for users and generate satisfaction during interactions.
- Learnability: GNS3 is known for its ease of use and intuitive interface, making it suitable for professional training programs, such as Cisco certificates or university studies in network specialties. It features a graphical user interface that is simple and similar to Cisco Packet Tracer. On the other hand, the SEED Internet Emulator requires a deeper understanding of Linux system administration, including version control systems (e.g., Git), file permissions, Python programming, and Docker. However, once the initial setup is completed, the web client of the SEED Internet Emulator is straightforward and easy to navigate.
- Efficiency: The SEED Internet Emulator provides the opportunity for efficiency through a programmable environment, allowing for the automation of many tasks. This can be a requirement for adding more network nodes or changing communication protocols, which can be achieved through additional or different lines of code.
- Memorability: GNS3 presents a more-memorable platform for a casual user, in contrast to the SEED Internet Emulator, which is more relevant to an experienced IT professional [8].
- Errors: Challenges can arise when setting up and troubleshooting the GNS3 VM in a hypervisor environment. The software allows for a great amount of user accessibility, depending on how the user wants to configure it. The SEED Internet Emulator presents challenges around correct file permissions, programmable code, and issues with Docker. While most of the errors that can be encountered are trivial and can be mitigated easily, it does require a good knowledge of the Linux OS system administration [77].
- Satisfaction: In the short term, GNS3 can provide a more-pleasant experience for learners as it is presented in a GUI for all phases and is generally easy to use for all aspects, including design, development, and configuration [78]. The SEED Internet Emulator can initially be more difficult and complex as there is more system administration, programming, and understanding involved. However, this platform can provide enhanced satisfaction in the long term, as it has the ability to be used for a high variety of use-cases due to the nature of the platform using programming.
7. Conclusions and Future Research Directions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
CML | Cisco Modeling Labs |
WAN | Wide Area Network |
QoS | Quality of Service |
GNS3 | Graphical Network Simulator-3 |
SEED IE | SEED Internet Emulator |
BGP | Border Gateway Protocol |
iBGP | internal Border Gateway Protocol |
eBGP | external Border Gateway Protocol |
NAT | Network Address Translation |
ICMP | Internet Control Message Protocol |
SME | Small–Medium Enterprise |
GUI | Graphical User Interface |
OOP | Object-Oriented Programming |
OSPF | Open Shortest Path First |
IMUNES | Integrated Multiprotocol Network Emulator/Simulator |
NIC | Network Interface Cards |
RIP | Routing Information Protocol |
P4 | Programming Protocol-independent Packet Processors |
OPOS | Open Network Operating System |
DUAL | Diffusing Update Algorithm |
EIGRP | Enhanced Interior Gateway Routing Protocol |
AS | Autonomous System |
IOS | (Cisco) Internetworking Operating System |
kWh | kilowatt-hour |
DoS | Denial of Service |
VM | Virtual Machine |
XML | Extensible Markup Language |
XACML | Extensible Access Control Markup Language |
AC | Access Control |
MAC | Mandatory Access Control |
MITM | Man-In-The-Middle |
SSH | Secure Shell |
IPsec | Internet Protocol Security |
ISP | Internet Service Provider |
TLS | Transport Layer Security |
VPN | Virtual Private Network |
MTBF | Mean Time Between Failures |
MTTR | Mean Time To Repair |
MTTF | Mean Time To Failures |
Appendix A. Requirements and Cost Analysis
CPU | CPU | RAM | HDD | Network | Other |
---|---|---|---|---|---|
Windows 7 (64-bit) | 2 or more logical cores | 4 GB | 1 GB | Cisco CLM Appliances | Virtualbox VMware |
Emulation Components | Cost (GBP) | Physical Components | Cost (GBP) |
---|---|---|---|
Physical Server (Dell R610 Spec) | 1995.60 | Cisco Firewall (ASA 5512-X) | 2510.33 |
Windows Server 2019 OS | 729.58 | Cisco Router (C1111-4P) | 939.75 |
CLM Appliances | 173.71 | Cisco Switch (WS-C2960S-48TS-S) | 1000.00 |
GNS3 Software and Virtual Machine | FOSS 0.00 | Console Cable | 6.99 |
VMware Hypervisor | FOSS 0.00 | Cat 6 Ethernet Cable | 4.04 |
Putty Software | FOSS 0.00 | ||
Total (£) | 2898.89 | Total (£) | 4461.11 |
Component | Description | Cost (GBP) |
---|---|---|
Processor (x2) | Intel Xeon E5-2699v4 (2.2 GHz/22-core/55 MB/145 W) | 1080.00 |
Memory (RAM) | 64 GB (4 × 16 GB) PC4-17000R Dual Rank Memory | 206.40 |
NIC 1 | Dell Qlogic QLE2526 8 GB Fibre Channel Dual Port PCIe | 61.20 |
NIC 2 | Dell Intel Pro/1000 VT Quad Port 1 Gbit RJ45 Ethernet PCIe | 90.00 |
Hard Drive (x2) | Dell 2 TB 7.2K 3G SATA 3.5” Hotswap Hard Drive | 134.40 |
Other | Power Supply + Case + Monitor + Mouse + Keyboard | 369.90 |
Total | 1995.60 |
Appendix B. Python Code—OSPF10.py
References
- Tancevski, L. SDN concept: From theory to network implementation. In Optical Fiber Communication Conference; Optica Publishing Group: Washington, NW, USA, 2014; p. W1E–3. [Google Scholar]
- Kreutz, D.; Ramos, F.M.; Verissimo, P.E.; Rothenberg, C.E.; Azodolmolky, S.; Uhlig, S. Software-defined networking: A comprehensive survey. Proc. IEEE 2014, 103, 14–76. [Google Scholar] [CrossRef]
- Fernandez-Fernandez, A.; Cervello-Pastor, C.; Ochoa-Aday, L. Achieving Energy Efficiency: An Energy-Aware Approach in SDN. In Proceedings of the 2016 IEEE Global Communications Conference (GLOBECOM), Washington, DC, USA, 4–8 December 2016; pp. 1–7. [Google Scholar] [CrossRef]
- Assefa, B.G.; Özkasap, Ö. A survey of energy efficiency in SDN: Software-based methods and optimization models. J. Netw. Comput. Appl. 2019, 137, 127–143. [Google Scholar] [CrossRef] [Green Version]
- Ahmad, S.; Mir, A.H. Scalability, consistency, reliability and security in SDN controllers: A survey of diverse SDN controllers. J. Netw. Syst. Manag. 2021, 29, 1–59. [Google Scholar] [CrossRef]
- Khorsandroo, S.; Sánchez, A.G.; Tosun, A.S.; Arco, J.M.; Doriguzzi-Corin, R. Hybrid SDN evolution: A comprehensive survey of the state-of-the-art. Comput. Netw. 2021, 192, 107981. [Google Scholar] [CrossRef]
- Blake, S.; Zhang, Q.; Birkner, R.; Hahm, O.; Jarray, M. Security in Software-Defined Networking: A Survey. IEEE Commun. Surv. Tutor. 2016, 18, 623–646. [Google Scholar]
- Du, W.; Zeng, H.; Won, K. SEED emulator: An Internet Emulator for research and education. In Proceedings of the 21st ACM Workshop on Hot Topics in Networks, Austin, TX, USA, 14–15 November 2022; pp. 101–107. [Google Scholar]
- Zhang, K.; Zhao, X.; Peng, Y.; Yan, K.; Sun, P. Analysis of Mobile Communication Network Architecture Based on SDN. J. Grid Comput. 2022, 20, 28. [Google Scholar] [CrossRef]
- Daniels, J. Server virtualization architecture and implementation. XRDS Crossroads Acm Mag. Stud. 2009, 16, 8–12. [Google Scholar] [CrossRef] [Green Version]
- Lai, J.; Tian, J.; Zhang, K.; Yang, Z.; Jiang, D. Network emulation as a service (neaas): Towards a cloud-based network emulation platform. Mob. Netw. Appl. 2021, 26, 766–780. [Google Scholar] [CrossRef]
- Sharma, P.; Chaufournier, L.; Shenoy, P.; Tay, Y. Containers and virtual machines at scale: A comparative study. In Proceedings of the 17th International Middleware Conference, Trento, Italy, 12–16 December 2016; pp. 1–13. [Google Scholar]
- Blenk, A.; Basta, A.; Reisslein, M.; Kellerer, W. Survey on network virtualization hypervisors for software defined networking. IEEE Commun. Surv. Tutor. 2015, 18, 655–685. [Google Scholar] [CrossRef] [Green Version]
- Bauman, E.; Ayoade, G.; Lin, Z. A survey on hypervisor-based monitoring: Approaches, applications, and evolutions. ACM Comput. Surv. (CSUR) 2015, 48, 1–33. [Google Scholar] [CrossRef]
- Sharma, K. An alleviated model for private cloud deployment using VMware. In Proceedings of the 2017 International Conference on Information, Communication, Instrumentation and Control (ICICIC), Indore, India, 17–19 August 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 1–3. [Google Scholar]
- Li, S.W.; Li, X.; Gu, R.; Nieh, J.; Hui, J.Z. A secure and formally verified Linux KVM hypervisor. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1782–1799. [Google Scholar]
- Durrani, A. Analysis and prevention of vulnerabilities in cloud applications. In Proceedings of the 2014 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, Pakistan, 12–13 June 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 43–46. [Google Scholar]
- Khan, R.; AlHarbi, N.; AlGhamdi, G.; Berriche, L. Virtualization Software Security: Oracle VM VirtualBox. In Proceedings of the 2022 Fifth International Conference of Women in Data Science at Prince Sultan University (WiDS PSU), Riyadh, Saudi Arabia, 28–29 March 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 58–60. [Google Scholar]
- Nguyen, S.D.; Mimura, M.; Tanaka, H. SVTester: Finding DoS vulnerabilities of virtual switches. J. Inf. Process. 2021, 29, 581–591. [Google Scholar] [CrossRef]
- Sgandurra, D.; Lupu, E. Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 2016, 48, 1–38. [Google Scholar] [CrossRef] [Green Version]
- Win, T.Y.; Tianfield, H.; Mair, Q. Virtualization security combining mandatory access control and virtual machine introspection. In Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, London, UK, 8–11 December 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 1004–1009. [Google Scholar]
- Che, Y.; Yang, Q.; Wu, C.; Ma, L. BABAC: An access control framework for network virtualization using user behaviors and attributes. In Proceedings of the 2010 IEEE/ACM Int’l Conference on Green Computing and Communications & Int’l Conference on Cyber, Physical and Social Computing, Hangzhou, China, 18–20 December 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 747–754. [Google Scholar]
- Pearce, M.; Zeadally, S.; Hunt, R. Virtualization: Issues, security threats, and solutions. ACM Comput. Surv. (CSUR) 2013, 45, 1–39. [Google Scholar] [CrossRef]
- Wu, H.; Ding, Y.; Winer, C.; Yao, L. Network security for virtual machine in cloud computing. In Proceedings of the 5th International Conference on Computer Sciences and Convergence Information Technology, Seoul, Republic of Korea, 30 November–2 December 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 18–21. [Google Scholar]
- Hyde, D. A Survey on the Security of Virtual Machines. 2009. Available online: http://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html (accessed on 3 June 2023).
- Althobaiti, A.F.S. Analyzing security threats to virtual machines monitor in cloud computing environment. J. Inf. Secur. 2017, 8, 1. [Google Scholar] [CrossRef] [Green Version]
- Brooks, T.T.; Caicedo, C.; Park, J.S. Security vulnerability analysis in virtualized computing environments. Int. J. Intell. Comput. Res. 2012, 3, 277–291. [Google Scholar] [CrossRef]
- Chelladhurai, J.; Chelliah, P.R.; Kumar, S.A. Securing docker containers from denial of service (dos) attacks. In Proceedings of the 2016 IEEE International Conference on Services Computing (SCC), San Francisco, CA, USA, 27 June–2 July 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 856–859. [Google Scholar]
- Lombardi, F.; Di Pietro, R. A security management architecture for the protection of kernel virtual machines. In Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology, Bradford, UK, 29 June–1 July 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 948–953. [Google Scholar]
- Wu, J.; Lei, Z.; Chen, S.; Shen, W. An access control model for preventing virtual machine escape attack. Future Internet 2017, 9, 20. [Google Scholar] [CrossRef] [Green Version]
- Dong, Y.; Lei, Z. An access control model for preventing virtual machine hopping attack. Future Internet 2019, 11, 82. [Google Scholar] [CrossRef] [Green Version]
- Jimenez, J.M.; Romero Martínez, J.O.; Rego Máñez, A.; Lloret, J. Analyzing the performance of software defined networks vs real networks. Int. J. Adv. Netw. Serv. 2016, 9, 107–116. [Google Scholar]
- Kh, D.R.; Botirov, S.; Juraev, F. A simulation model of a cloud data center based on traditional networks and Software-defined network. In Proceedings of the 2021 International Conference on Information Science and Communications Technologies (ICISCT), Tashkent, Uzbekistan, 3–5 November 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 1–4. [Google Scholar]
- Gelberger, A.; Yemini, N.; Giladi, R. Performance analysis of software-defined networking (SDN). In Proceedings of the 2013 IEEE 21st International Symposium on Modelling, Analysis and Simulation of Computer and Telecommunication Systems, San Francisco, CA, USA, 14–16 August 2013; IEEE: Piscataway, NJ, USA, 2013; pp. 389–393. [Google Scholar]
- Amin, R.; Reisslein, M.; Shah, N. Hybrid SDN networks: A survey of existing approaches. IEEE Commun. Surv. Tutor. 2018, 20, 3259–3306. [Google Scholar] [CrossRef]
- Wang, W.; He, W.; Su, J. Boosting the benefits of hybrid SDN. In Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, 5–8 June 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 2165–2170. [Google Scholar]
- Galán-Jiménez, J.; Polverini, M.; Lavacca, F.G.; Herrera, J.L.; Berrocal, J. Joint energy efficiency and load balancing optimization in hybrid IP/SDN networks. Ann. Telecommun. 2022, 78, 13–31. [Google Scholar] [CrossRef]
- Xu, H.; Li, X.Y.; Huang, L.; Deng, H.; Huang, H.; Wang, H. Incremental deployment and throughput maximization routing for a hybrid SDN. IEEE/ACM Trans. Netw. 2017, 25, 1861–1875. [Google Scholar] [CrossRef]
- Saadeh, H.; Almobaideen, W.; Sabri, K.E.; Saadeh, M. Hybrid SDN-ICN architecture design for the Internet of things. In Proceedings of the 2019 Sixth International Conference on Software Defined Systems (SDS), Rome, Italy, 10–13 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 96–101. [Google Scholar]
- Vissicchio, S.; Vanbever, L.; Bonaventure, O. Opportunities and research challenges of hybrid software defined networks. ACM SIGCOMM Comput. Commun. Rev. 2014, 44, 70–75. [Google Scholar] [CrossRef] [Green Version]
- Luo, S.; Xing, H.; Li, K. Near-optimal multicast tree construction in leaf-spine data center networks. IEEE Syst. J. 2019, 14, 2581–2584. [Google Scholar] [CrossRef] [Green Version]
- Jimson, E.R.; Nisar, K.; bin Ahmad Hijazi, M.H. Bandwidth management using software defined network and comparison of the throughput performance with traditional network. In Proceedings of the 2017 International Conference on Computer and Drone Applications (IConDA), Kuching, Malaysia, 9–11 November 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 71–76. [Google Scholar]
- Basagni, S.; Petrioli, C.; Petroccia, R.; Stojanovic, M. Choosing the packet size in multi-hop underwater networks. In Proceedings of the OCEANS’10 IEEE SYDNEY, Sydney, NSW, Australia, 24–27 May 2010; IEEE: Piscataway, NJ, USA, 2010; pp. 1–9. [Google Scholar]
- Kuzlu, M.; Pipattanasomporn, M.; Gurses, L.; Rahman, S. Performance analysis of a hyperledger fabric blockchain framework: Throughput, latency and scalability. In Proceedings of the 2019 IEEE international conference on blockchain (Blockchain), Atlanta, GA, USA, 14–17 July 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 536–540. [Google Scholar]
- Balestrieri, E.; Picariello, F.; Rapuano, S.; Tudosa, I. Review on jitter terminology and definitions. Measurement 2019, 145, 264–273. [Google Scholar] [CrossRef]
- Matthews, H.S.; Hendrickson, C.T.; Chong, H.M.; Loh, W.S. Energy impacts of wired and wireless networks. In Proceedings of the Conference Record 2002 IEEE International Symposium on Electronics and the Environment (Cat. No. 02CH37273), San Francisco, CA, USA, 6–9 May 2002; IEEE: Piscataway, NJ, USA, 2002; pp. 44–48. [Google Scholar]
- Vetriselvan, V.; Patil, P.R.; Mahendran, M. Survey on the RIP, OSPF, EIGRP routing protocols. Int. J. Comput. Sci. Inf. Technol. 2014, 5, 1058–1065. [Google Scholar]
- de Souza, F.R.; Miers, C.C.; Fiorese, A.; de Assunção, M.D.; Koslovski, G.P. Qvia-sdn: Towards qos-aware virtual infrastructure allocation on sdn-based clouds. J. Grid Comput. 2019, 17, 447–472. [Google Scholar] [CrossRef]
- Held, G. Quality of Service in a Cisco Networking Environment; John Wiley & Sons: New York City, NY, USA, 2002. [Google Scholar]
- Shukla, V.H.; Deshmukh, S.B. Implementing QOS Policy in MPLS Network. Int. J. Comput. Appl. 2015, 975, 8887. [Google Scholar]
- Masruroh, S.U.; Fiade, A.; Iman, M.F.; Amelia. Performance evaluation of routing protocol RIPv2, OSPF, EIGRP with BGP. In Proceedings of the 2017 International Conference on Innovative and Creative Information Technology (ICITech), Salatiga, Indonesia, 2–4 November 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 1–7. [Google Scholar]
- Nugroho, A.S.; Safitri, Y.D.; Setyawan, T.A. Comparison analysis of software defined network and OSPF protocol using virtual media. In Proceedings of the 2017 IEEE International Conference on Communication, Networks and Satellite (Comnetsat), Semarang, Indonesia, 5–7 October 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 106–111. [Google Scholar]
- Baggan, V.; Chaturvedi, S.P.; Snehi, J.; Snehi, M. An Efficient Model of IGP for Network-based Communication: A Comparison. In Proceedings of the 2021 10th International Conference on System Modeling & Advancement in Research Trends (SMART), Moradabad, India, 10–11 December 2021; IEEE: Piscataway, NJ, USA, 2021; pp. 223–228. [Google Scholar]
- Biradar, A.G. A comparative study on routing protocols: RIP, OSPF and EIGRP and their analysis using GNS-3. In Proceedings of the 2020 5th IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE), Jaipur, India, 1–3 December 2020; IEEE: Piscataway, NJ, USA, 2020; pp. 1–5. [Google Scholar]
- Kundel, R.; Blendin, J.; Viernickel, T.; Koldehofe, B.; Steinmetz, R. P4-codel: Active queue management in programmable data planes. In Proceedings of the 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Verona, Italy, 27–29 November 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 1–4. [Google Scholar]
- Sedar, R.; Borokhovich, M.; Chiesa, M.; Antichi, G.; Schmid, S. Supporting emerging applications with low-latency failover in P4. In Proceedings of the 2018 Workshop on Networking for Emerging Applications and Technologies, Budapest, Hungary, 20 August 2018; pp. 52–57. [Google Scholar]
- Kaur, S.; Kumar, K.; Aggarwal, N. A review on P4-Programmable data planes: Architecture, research efforts, and future directions. Comput. Commun. 2021, 170, 109–129. [Google Scholar] [CrossRef]
- Rezaee, M.; Moghaddam, M.H.Y. SDN-based quality of service networking for wide area measurement system. IEEE Trans. Ind. Inform. 2019, 16, 3018–3028. [Google Scholar] [CrossRef]
- Khan, A.A.; Zafrullah, M.; Hussain, M.; Ahmad, A. Performance analysis of OSPF and hybrid networks. In Proceedings of the 2017 International Symposium on Wireless Systems and Networks (ISWSN), Lahore, Pakistan, 19–22 November 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 1–4. [Google Scholar]
- Arifwidodo, B.; Oktavian, D.A.; Ginting, J.G.A. The Performance Analysis of Hybrid SDN–IP Reactive Routing on ONOS Controller in Tree Topologies. In Proceedings of the 2022 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT), Solo, Indonesia, 3–5 November 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 118–122. [Google Scholar]
- Salman, O.; Elhajj, I.H.; Chehab, A.; Kayssi, A. QoS guarantee over hybrid SDN/non-SDN networks. In Proceedings of the 2017 8th International Conference on the Network of the Future (NOF), London, UK, 22–24 November 2017; IEEE: Piscataway, NJ, USA, 2017; pp. 141–143. [Google Scholar]
- Al-Harbi, A.; Bahnasse, A.; Louhab, F.E.; Talea, M. Towards an efficient resource allocation based on software-defined networking approach. Comput. Electr. Eng. 2021, 92, 107066. [Google Scholar] [CrossRef]
- Shirmarz, A.; Ghaffari, A. Automatic Software Defined Network (SDN) performance management using topsis decision-making algorithm. J. Grid Comput. 2021, 19, 16. [Google Scholar] [CrossRef]
- Ur-Rehman, A.; Gondal, I.; Kamruzzaman, J.; Jolfaei, A. Vulnerability modelling for hybrid industrial control system networks. J. Grid Comput. 2020, 18, 863–878. [Google Scholar] [CrossRef]
- Dhiab, I.; Barouni, Y.; Khalfallah, S.; Ben Hadj Slama, J. Performance evaluation of a hybrid IP/SDN network in data centre network architectures. IET Commun. 2019, 13, 1185–1191. [Google Scholar] [CrossRef]
- De Oliveira, R.L.S.; Schweitzer, C.M.; Shinoda, A.A.; Prete, L.R. Using mininet for emulation and prototyping software-defined networks. In Proceedings of the 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), Bogota, Colombia, 4–6 June 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 1–6. [Google Scholar]
- Chen, Y.; Chen, Y.; Cao, Q.; Yang, X. PacketCloud: A cloudlet-based open platform for in-network services. IEEE Trans. Parallel Distrib. Syst. 2015, 27, 1146–1159. [Google Scholar] [CrossRef]
- GNS3. GNS3 Security. 2023. Available online: https://docs.gns3.com/docs/using-gns3/administration/gns3-security (accessed on 2 June 2023).
- Docker. Docker Docs. 2023. Available online: https://docs.docker.com/engine/security (accessed on 2 June 2023).
- PCI Security Standards Council. Payment Card Industry Data Security Standard. Available online: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf (accessed on 20 July 2023).
- European Parliament; Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). 2016. Available online: https://data.europa.eu/eli/reg/2016/679/oj (accessed on 20 July 2023).
- UK Government. Data Protection Act 2018. 2018. Available online: https://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf (accessed on 20 July 2023).
- International Organization for Standardization. ISO/IEC 27001:2022(en) Information Security, Cybersecurity and Privacy Protection. 2022. Available online: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-3:v1:en (accessed on 20 July 2023).
- National Institute of Standards and Technology. Security and Privacy Controls for Information Systems and Organizations. 2022. Available online: https://doi.org/10.6028/NIST.SP.800-53r5 (accessed on 20 July 2023).
- Chief Security Office, Department of Work and Pensions (UK). Security Standard Network Security Design (SS-018). 2020. Available online: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/882774/dwp-ss018-security-standard-network-security-design-v1.4.pdf (accessed on 20 July 2023).
- Nielsen, J. Usability Engineering; Morgan Kaufmann: Cambridge, MA, USA, 1994. [Google Scholar]
- Zeng, H. SEEDEMU: The SEED Internet Emulator. Ph.D. Thesis, Syracuse University, Syracuse, NY, USA, 2021. [Google Scholar]
- Wangchuk, T. Study on the usability of GNS3 for teaching and learning system and network administration. Int. J. Sci. Technol. Eng. 2018, 4, 34–37. [Google Scholar]
Literature Reviewed | Vulnerability | Exploitation | Remediation Techniques |
---|---|---|---|
Pearce et al., 2013 [23] | Overloading network interface cards using a two-layer bridge, resulting in all traffic passing through it. | Compromised VMs used to launch attacks against other VMs or the hypervisor, spreading attacks across networks (Hyperjacking, Hyperjumping). | Host intrusion detection system: monitors specific activities and communications, audits file integrity, identifies insider threats, and detects modifications of file permissions. |
Wu et al., 2010 [24] | Virtual network sniffing and virtual network spoofing. | “Bridge Mode” creates a virtual hub for network communication, allowing VMs to sniff the virtual network using tools such as Wireshark, leading to denial of service attacks. | Firewall and shared network layer: firewalls prevent spoofing attacks by identifying the network ID specified in the configuration file. A Shared Network Layer can block communication between shared VMs. |
Hyde and Doug 2009 [25] | Unauthorized access to VM contents through file-level vulnerabilities and unrestricted resource allocation, resulting in VM crashes. | Unauthorized users with inappropriate file permissions can steal and observe VM contents. Improper resource allocation during VM creation can lead to theft and denial of service attacks. | Restricting file permissions and implementing appropriate resource allocation can secure against these attacks. |
Althobaiti et al., 2017 [26] | Software-based vulnerabilities in VMs, including VM hopping, VM Escape, and VM mobility. | VM hopping can cause denial of service by blocking user access to resources. VM Escape allows a Guest VM to attack the host. VM mobility across physical machines can result in data breaches. | Access control solutions can restrict access to the VCCI by implementing Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control (RBAC), and virtual firewalls that provide packet filtering and monitoring services. |
Brooks et al., 2012 [27] | Footprinting, botnets, hypervisor traversal attacks, and virtual code injection attacks. | Footprinting identifies virtualized operating systems. Botnets can be exploited in VMs for DDoS attacks. Hypervisor traversal attacks modify contents of VM image libraries. Malicious code can be injected into VMs through MITM attacks. | Security wrappers and application firewalls: reject packets incoming from the Internet containing internal IP addresses in the header and outgoing packets with external IP addresses in the header. |
Chelladhurai et al., 2016 [28] | ARP Spoofing and MAC Flooding Attacks due to the bridge forwarding all incoming packets without filtering. | Containers’ direct communication with the host kernel facilitates attacks on the host system. | Sockets and API, security hardening, Mandatory Access Control (MAC), Type Enforcement (TE), Multi-Category Security (MCS), Docker security policies, and best practices. Security mechanisms for enhanced security for Docker containers include process, file, system, device, IPC, and network isolation to defend the virtualized environment from denial of service. |
Lombardi et al., 2010 [29] | Malware vulnerabilities creating backdoors in the system. | Malware provides remote control of the system through malicious code execution. | Kernel-based virtual machine intrusion detection system: secures VMs by checking data integrity and detecting modification of critical system files and data structures. |
Wu et al., 2017 [30] | VM Escape attacks conducted at the Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and Platform-as-a-Service (PaaS) layers. Malicious applications aid attackers in gaining the highest privilege of VMs. | Attack steps include “Placement” (placing malicious VMs on the same physical machine as the hypervisor) and “Extracting Information” (accessing key permissions of the hypervisor or hosts and extracting information from other VMs, host, and hypervisor). | Bell–LaPadula adaptation for Prevent Virtual Machine Escape (PVME): applies basic security principles and adapts security axioms to prevent VM Escape attacks. |
Dong et al., 2019 [31] | VM hopping attacks, where the attacker gains access to VMs on the same hypervisor. | The attacker uses a malicious VM to discreetly access or control other VMs on the hypervisor through communication between them. The attacker may also try to access the host OS, potentially destroying other VMs. | Bell–LaPadula adaptation for PVMH: secures and prevents VM hopping attacks. |
Router | P. NICs | Physical | E. NICs | GNS3|SEED Internet Emulator |
---|---|---|---|---|
R1 | 1 | 10.180.1.1 | 3 | 10.150.0.254|10.150.6.254|10.150.10.254 |
R2 | 2 | 10.180.1.2/10.180.2.1 | 4 | 10.150.0.253|10.150.1.254|10.150.8.254|10.150.9.253 |
R3 | 2 | 10.180.2.2/10.180.3.1 | 3 | 10.150.1.253|10.150.2.254|10.150.7.253 |
R4 | N/A | 3 | 10.150.2.253|10.150.3.254|10.150.8.253 | |
R5 | N/A | 4 | 10.150.3.253|10.150.4.254|10.150.10.253|10.150.7.254 | |
R6 | N/A | 3 | 10.150.4.253|10.150.6.253|10.150.9.254 |
System Benchmarks | Explanation |
---|---|
Bandwidth | Measured in bits/second, it represents the maximum rate at which data can be transferred. |
Throughput | The actual rate at which data are being transferred. |
Latency | The delay between the sender and receiver in a transmission, which is a function of the signal’s travel and processing time at any nodes the information traverses. |
Jitter | Variation in packet delay at the receiver end of the communication. |
Energy Consumption | The energy consumed when running different network models. |
Routing Protocols | A set of defined rules that allow different devices on the network to communicate with each other. |
Nodes | Min Hops | Max | Min | Avg | StdDev | Median | Jitter |
---|---|---|---|---|---|---|---|
R1-R2 | 1 | 119.00 | 13.00 | 41.45 | 21.39 | 35.00 | 16.99 |
R1-R3 | 2 | 183.00 | 26.00 | 70.39 | 32.79 | 66.00 | 24.97 |
R3-R2 | 1 | 134.00 | 15.00 | 52.75 | 23.62 | 50.00 | 29.73 |
R3-R6 | 2 | 132.00 | 21.00 | 59.55 | 24.65 | 54.50 | 19.41 |
R1-R6 | 1 | 127.00 | 16.00 | 48.22 | 21.24 | 44.00 | 15.86 |
R2-R5 | 2 | 138.00 | 18.00 | 55.97 | 23.54 | 48.50 | 17.94 |
R4-R5 | 1 | 150.00 | 15.00 | 49.62 | 28.73 | 43.00 | 20.57 |
R4-R6 | 2 | 147.00 | 9.00 | 50.17 | 27.62 | 42.00 | 20.65 |
R6-R1 | 1 | 155.00 | 10.00 | 49.88 | 27.01 | 45.50 | 20.10 |
Nodes | Min Hops | Max | Min | Avg | StdDev | Median | Jitter |
---|---|---|---|---|---|---|---|
R1-R2 | 1 | 0.304 | 0.054 | 0.110 | 0.025 | 0.107 | 0.016 |
R1-R3 | 2 | 0.579 | 0.052 | 0.108 | 0.030 | 0.104 | 0.018 |
R3-R2 | 1 | 0.393 | 0.053 | 0.109 | 0.029 | 0.104 | 0.019 |
R3-R6 | 2 | 0.420 | 0.054 | 0.109 | 0.031 | 0.105 | 0.020 |
R1-R6 | 1 | 1.040 | 0.054 | 0.112 | 0.042 | 0.105 | 0.020 |
R2-R5 | 2 | 0.332 | 0.052 | 0.109 | 0.027 | 0.105 | 0.018 |
R4-R5 | 1 | 1.250 | 0.054 | 0.118 | 0.053 | 0.105 | 0.026 |
R4-R6 | 2 | 1.980 | 0.074 | 0.148 | 0.071 | 0.136 | 0.031 |
R6-R1 | 1 | 0.255 | 0.055 | 0.111 | 0.027 | 0.107 | 0.019 |
Nodes | Min Hops | Max | Min | Avg | StdDev | Median | Jitter |
---|---|---|---|---|---|---|---|
R1-cR1 | 3 | 192.00 | 11.00 | 50.69 | 29.43 | 42.00 | 20.91 |
R1-cR2 | 4 | 171.00 | 22.00 | 65.86 | 26.45 | 63.00 | 19.59 |
R1-cR3 | 5 | 107.00 | 23.00 | 51.52 | 17.07 | 47.50 | 13.01 |
R2-cR1 | 2 | 162.00 | 6.00 | 33.38 | 27.28 | 25.50 | 18.55 |
R2-cR2 | 3 | 147.00 | 9.00 | 37.26 | 19.64 | 32.00 | 13.59 |
R2-cR3 | 4 | 141.00 | 10.00 | 40.76 | 23.83 | 35.00 | 16.23 |
R3-cR1 | 2 | 201.00 | 16.00 | 59.96 | 30.26 | 56.50 | 20.73 |
R3-cR2 | 3 | 78.00 | 14.00 | 37.97 | 14.96 | 35.50 | 11.46 |
R3-cR3 | 4 | 149.00 | 22.00 | 47.51 | 23.72 | 40.50 | 17.09 |
R4-cR1 | 1 | 197.00 | 18.00 | 59.05 | 29.88 | 54.50 | 21.50 |
R4-cR2 | 2 | 156.00 | 4.00 | 29.56 | 26.26 | 19.00 | 16.78 |
R4-cR3 | 3 | 105.00 | 5.00 | 30.02 | 18.66 | 25.50 | 13.97 |
R5-cR1 | 2 | 165.00 | 12.00 | 62.15 | 29.66 | 56.00 | 23.16 |
R5-cR2 | 3 | 168.00 | 8.00 | 40.76 | 23.63 | 36.00 | 15.96 |
R5-cR3 | 4 | 152.00 | 9.00 | 40.89 | 20.27 | 38.00 | 13.71 |
R6-cR1 | 3 | 248.00 | 13.00 | 59.13 | 37.67 | 50.50 | 25.41 |
R6-cR2 | 4 | 159.00 | 19.00 | 58.52 | 25.75 | 54.00 | 17.27 |
R6-cR3 | 5 | 144.00 | 19.00 | 51.97 | 22.34 | 47.50 | 17.05 |
Network | Energy (kWh) | |
---|---|---|
(Base System) | ||
Physical (3 Nodes) | 0.037 | 0.074 |
Physical (6 Nodes) | 0.074 | 0.148 |
Emulated (GNS3) | 0.151 | 0.302 |
Host Server | 0.143 | 0.286 |
Emulated (Net) | 0.008 | 0.016 |
Hybrid Emulated System (Emulated/Physical) | 0.196 | N/A |
Emulated/Physical Ratio | 0.077 | 0.154 |
Emulated (SEED Internet Emulator) | 0.146 | 0.292 |
Host Server | 0.143 | 0.286 |
Emulated (Net) | 0.003 | 0.006 |
Internet Emulator/Physical Ratio | 0.071 | 0.145 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Golightly, L.; Modesti, P.; Chang, V. Deploying Secure Distributed Systems: Comparative Analysis of GNS3 and SEED Internet Emulator. J. Cybersecur. Priv. 2023, 3, 464-492. https://doi.org/10.3390/jcp3030024
Golightly L, Modesti P, Chang V. Deploying Secure Distributed Systems: Comparative Analysis of GNS3 and SEED Internet Emulator. Journal of Cybersecurity and Privacy. 2023; 3(3):464-492. https://doi.org/10.3390/jcp3030024
Chicago/Turabian StyleGolightly, Lewis, Paolo Modesti, and Victor Chang. 2023. "Deploying Secure Distributed Systems: Comparative Analysis of GNS3 and SEED Internet Emulator" Journal of Cybersecurity and Privacy 3, no. 3: 464-492. https://doi.org/10.3390/jcp3030024