An analytical model to achieve elasticity for cloud-based firewalls

Elasticity for cloud-based services and applications has been studied in the literature to some extent. However, the literature is lacking thorough study on elasticity for cloud-based firewalls. This paper proposes an architectural framework for an elastic virtual firewall service to be deployed at cloud datacenters. The paper presents an analytical model based on Markov chain and queueing theory that can be used to achieve elasticity for cloud-based firewalls. In particular, the model captures the behavior of a cloud-based firewall service comprising a load balancer and a variable number of virtual firewalls. From the analytical model, we then derive closed-form formulas to estimate the minimal number of virtual firewalls required to satisfy a given SLA response time. The model takes as input key system input parameters that include workload, processing capacity of load balancer and virtual machines, as well as firewall rulebase interrogation.