隨著網路使用者的增加，網頁伺服器所要承受的負擔也隨之增加。加上現在對於網路連線的安全意識提升，都會使用 HTTPS 協定做加密的傳輸，如果要透過檢查封包內容的方式來增加系統的安全性，傳統的連線會使用了反向代理的技術來達成目標。由於傳統連線時各項網路設備之間為了確保連線的安全性，彼此之間需要使用 HTTPS 協定連線，如此一來便會造成封包反覆地被加解密，增加一個請求被處理時的運作成本。

為了解決上述提到的問題，本論文基於網路功能虛擬化的技術，將網頁伺服器與其他相關的虛擬網路功能結合形成服務鏈，除了能夠得到一般網路功能虛擬化的好處之外，也因為同一台主機內的網路功能之間能夠傳送明文封包，能夠在服務鏈前段提前解密，減少封包需要被加解密的次數，來增加系統的效能。

在前幾項實驗發現，原本設計的系統效能在資源分配量增加時，系統效能會遇到瓶頸停止增加，反而使效能比傳統連線低。因此本研究又提出了一個改良後的新架構，實驗結果顯示，新的架構能夠有效減少單一請求處理的時間，且每秒請求量也能夠顯著的增加，超越了傳統連線時的每秒請求量。經過實驗後，證明了使用這種方法確實能夠有效的增加在高流量的網路環境時，網頁伺服器的效能表現。

As the number of Internet users increases, the workload on the web server also increases. In addition, because of the awareness of network security nowadays, we use HTTPS protocol for encrypted connection. If we want to increase network security by checking the payload of packets, using reverse proxy is a way to achieve this goal. However, to insure the security of the connections, we have to use HTTPS connection between each network device, using reverse proxy in this scenario will cause the packet decrypted and encrypted repeatedly, and increase the cost of processing a request.

In order to solve the problem we mentioned above, this study based on Network Function Virtualization (NFV), combine the web server with other software based network functions into a service chain that runs on the same server. Because every network function runs on the same server, we can decrypt the packets first, then transmit plaintext packets in the service chain, reduce the times that packets need to be decrypted and increase the system performance.

Through the experiment, we found that the original system architecture would encounter bottleneck when we distributed more resource to the web server, and got lower performance than the traditional connection. So we made another system architecture, and experiment showed that the new system architecture can significantly decrease the request processing time and increase requests per second, proved that the new design can effectively increase the performance of the web server in high traffic network.

[1] “Digital 2022 : Global Overview Report”, [Online]. Available:https://datareportal.com/reports/digital-2022-global-overview-report [Accessed: June, 2022]
[2] “Most popular websites worldwide as of November 2021, by total visits”, [Online]. Available: https://www.statista.com/statistics/1201880/most-visited-websites-worldwide/ [Accessed: June, 2022]
[3] Dias, Daniel M., et al. "A scalable and highly available web server." COMPCON'96. Technologies for the Information Superhighway Digest of Papers. IEEE, 1996.
[4] Liu, Alex X., and Mohamed G. Gouda. "Diverse firewall design." IEEE Transactions on Parallel and Distributed Systems 19.9 (2008): 1237-1251.
[5] Aweya, James. "IP router architectures: an overview." International Journal of Communication Systems 14.5 (2001): 447-475.
[6] Wang, Zongjian, and Xiaobo Li. "Intrusion prevention system design." Proceedings of the International Conference on Information Engineering and Applications (IEA) 2012. Springer, London, 2013.
[7] Clincy, Victor, and Hossain Shahriar. "Web application firewall: Network security models and configuration." 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC). Vol. 1. IEEE, 2018.
[8] Sommerlad, Peter. "Reverse Proxy Patterns." EuroPLoP. 2003.
[9] Herrera, Juliver Gil, and Juan Felipe Botero. "Resource allocation in NFV: A comprehensive survey." IEEE Transactions on Network and Service Management 13.3 (2016): 518-532.
[10] Hawilo, Hassan, et al. "NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC)." IEEE network 28.6 (2014): 18-26.
[11] Jiang, Yimin, et al. "Speedybox: Low-latency nfv service chains with cross-nf runtime consolidation." 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2019.
[12] Katsikas, Georgios P., et al. "SNF: Synthesizing high performance NFV service chains." PeerJ Computer Science 2 (2016): e98.
[13] Bremler-Barr, Anat, Yotam Harchol, and David Hay. "OpenBox: a software-defined framework for developing, deploying, and managing network functions." Proceedings of the 2016 ACM SIGCOMM Conference. 2016.
[14] Dierks, Tim, and Eric Rescorla. The transport layer security (TLS) protocol version 1.2. No. rfc5246. 2008.
[15] “NGINX: Advanced Load Balancer, Web Server, & Reverse Proxy”, [Online]. Available: https://www.nginx.com/ [Accessed: June, 2022]
[16] “Welcome! - The Apache HTTP Server Project”, [Online]. Available: https://httpd.apache.org/ [Accessed: June, 2022]
[17] “Check if a site's connection is secure”, [Online]. Available: https://support.google.com/chrome/answer/95617?hl=en#zippy=%2Cnot-secure-or-dangerous [Accessed: June, 2022]
[18] Simmons, Gustavus J. "Symmetric and asymmetric encryption." ACM Computing Surveys (CSUR) 11.4 (1979): 305-330.
[19] Muzaki, Rizki Agung, et al. "Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall." 2020 International Workshop on Big Data and Information Security (IWBIS). IEEE, 2020.
[20] “DPDK: Home”, [Online]. Available: https://www.dpdk.org/ [Accessed: June, 2022]
[21] Valois, John D. "Lock-free linked lists using compare-and-swap." Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing. 1995.
[22] Zhang, Wei, et al. "OpenNetVM: A platform for high performance network service chains." Proceedings of the 2016 workshop on Hot topics in Middleboxes and Network Function Virtualization. 2016.
[23] “Docker: Home”, [Online]. Available: https://www.docker.com/ [Accessed: June, 2022]
[24] “Kernel NIC Interface”, [Online]. Available: https://doc.dpdk.org/guides/prog_guide/kernel_nic_interface.html [Accessed: June, 2022]
[25] “KNI in DPDK”. [Online]. Available: https://hustcat.github.io/kni-in-dpdk/ [Accessed: June, 2022]
[26] “A very simple web server using DPDK”, [Online]. Available: https://github.com/bg6cq/dpdk-simple-web [Accessed: June, 2022]
[27] Jeong, EunYoung, et al. "{mTCP}: a Highly Scalable User-level {TCP} Stack for Multicore Systems." 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). 2014.
[28] “Home - Lighttpd - fly light”, [Online]. Available: https://www.lighttpd.net/ [Accessed: June, 2022]
[29] “F-Stack | High Performance Network Framework Based On DPDK”, [Online]. Available: http://www.f-stack.org/ [Accessed: June, 2022]
[30] Kobayashi, Masayoshi, Tutomu Murase, and Atsushi Kuriyama. "A longest prefix match search engine for multi-gigabit IP processing." 2000 IEEE international conference on communications. ICC 2000. Global convergence through communications. Conference record. Vol. 3. IEEE, 2000.
[31] Purdy, Gregor N. Linux iptables Pocket Reference: Firewalls, NAT & Accounting. " O'Reilly Media, Inc.", 2004.
[32] Hubert, Bert. "Linux advanced routing & traffic control HOWTO." Netherlabs BV 1 (2002): 99-107.
[33] “ip-sysctl.txt - The Linux Kernel Archives”, [Online]. Available: https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt [Accessed: June, 2022]
[34] “ab - Apache HTTP server benchmarking tool”, [Online]. Available: https://httpd.apache.org/docs/2.4/programs/ab.html [Accessed: June, 2022]
[35] “wg/wrk: Modern HTTP benchmarking tool”, [Online]. Available: https://github.com/wg/wrk [Accessed: June, 2022]