In an high-performance computing (HPC), supercomputing service environment, the security of infrastructure nodes that are points of contact for researchers is very important. We have applied various security devices such as anti-DDoS, IPS, firewall, web application firewall, and etc. on an HPC service network to provide more secure supercomputing services. Firewalls are a common and essential element of network security devices with the ability to block network traffic according to pre-defined rules. With the increasing demands for services, cyberattacks, as well as overheads on firewall policies have also increased. To reduce this overhead, in our previous research, we analyzed dropped packets log and performed a method on the firewall as Abnormal IP that can detect and deny anomalous IPs in real-time. As the number of abnormal IPs increased, the performance of the firewall significantly deteriorated. To solve this problem, we applied access control list (ACL) at the front-end of the firewall to perform pre-filtering, thereby improving the performance of the firewall on the HPC service network. This research is expected to contribute as a preliminary study in the HPC field by deriving pre-filtering ACL to reduce the CPU load of firewall server by showing the result of about 21.5% improvement in performance.

中文翻译：

---

HPC业务网络应用预过滤ACL防火墙的流量及开销分析

在高性能计算 (HPC)、超级计算服务环境中，作为研究人员联系点的基础设施节点的安全性非常重要。我们在HPC服务网络上应用了DDoS、IPS、防火墙、Web应用防火墙等多种安全设备，提供更安全的超级计算服务。防火墙是网络安全设备的常见且必不可少的元素，能够根据预定义的规则阻止网络流量。随着对服务的需求不断增加，网络攻击以及防火墙策略的开销也随之增加。为了减少这种开销，在我们之前的研究中，我们分析了丢包日志，并在防火墙上执行了一种方法作为异常 IP，可以实时检测和拒绝异常 IP。随着异常IP数量的增加，防火墙的性能显着恶化。为了解决这个问题，我们在防火墙前端应用访问控制列表（ACL）进行预过滤，从而提高防火墙在HPC业务网络上的性能。该研究通过推导预过滤 ACL 以降低防火墙服务器的 CPU 负载，显示性能提高约 21.5% 的结果，有望作为 HPC 领域的初步研究做出贡献。