Paper—Computer Network Simulation of Firewall and VoIP Performance Monitoring Computer Network Simulation of Firewall and VoIP Performance Monitoring

Fast growing in communication technology has influenced global changes and challenges appear in the field of network security issues. Security solutions must be efficient and operate in a way to deal with threats, reject and stop the network intruders and Trojans. The simulated network of Salahaddin university new campus is planned to build on an area of 3000X3000 meter square. The network consists of many primary and secondary devices. It mainly consists of one core switch that provides a very high data transfer through connecting all the collected positions by a variety of cable media to the entire network switches which are installed in each college location. The network design of the university presidency is similar to the network design at each college. The mentioned switch obtains the services from a router that isolates the network from the cloud which supports the services of internet to the network. The firewall is connected to the switch that connects the main server and cloud together. This work focuses on undertaking a simulation to analyze and examine the performance of the whole network when two scenarios are implemented. The first one when firewall devices are used and the second when the are not used, since the project of building Salahaddin University-Erbil new campus is at the initial stage. Thus, the researchers think that it is very important to figure out the drawbacks and deadlocks of using firewall upon each branch of the network and overall network performance before the submitting the final networks design that is going to be implemented and installed. This will indicate many differences on the construction, for example, the network panels ways, the cable collecting locations, network channels and many other devices that are fixing components depending on the media types. The results show that using or adding of firewall device to the university campus computer network will improve the overall network performance though increasing the data stream on many network sections and sectors. Keywords—Network Delay, Data Traffic, VoIP, Server HTTP, Computer Network Design 4 http://www.i-joe.org Paper—Computer Network Simulation of Firewall and VoIP Performance Monitoring


Introduction
Computer network capabilities and facilities are rapidly growing by wide variety of technologies and tools. Therefore, the ability and probability of intruding these computer networks are going to be much higher. Thus, computer network designers should take their role to stop intruders' ability by installing faster and intelligent devices to protect their computer networks. Accordingly, it is necessary for each computer network to use firewall for protecting its components and file resources from unwanted intrusion and unauthorized persons who attempt to change some rules or steal some significant files from computers in the entire network. Therefore, firewalls are used to block these attempts of intrusions. These are network security systems designed to prevent unauthorized access to or from private and entire networks. They can be implemented on both hardware and software or a combination of both hardware and software as a system. On the other hand, the software tools which are used for this purpose will eventually affect the computer network and as it is expected that if firewall is used, then the speed of data transfer gets decreased and the time delay gets increased. Each coming packet must be processed and checked first when the intruding process was at the initial stage.
In this research, both firewalls and VoIP application features are designed, simulated, and configured for Salahaddin University's new campus to minimize the delay and decrease the data traffic in the entire network. In addition, firewall features performance should be determined and monitored to maintain the network sufficient data transfer for all applications. Hardware components have carefully chosen considering the cost and specifications to make the network design more reliable and to achieve high performance. The purpose of choosing VoIP application which should be available with high speed on each connected node in the entire network is because it needs reliable and efficient bit rate. Therefore, VoIP application has been used as a performance monitoring gauge of this network. The main contributions of the work are: 1. Examining the impact of using firewalls on the computer network for Salahaddin University new campus data flow. 2. Scrutinizing the impact of using firewalls on the features of VoIP application 3. In addition, configuring both VoIP and firewall using OPNET to monitor and obtain the performance results of the computer networks and their branches.
The rest of the paper is organized as follows: in section 2, literature review is explained in detail. In section 3, the design of computer network for Salahaddin university new campus and its colleges are described in details. In section 4, simulation and results are described in detail. Finally, the main points of this research work are concluded.

Previous Works
A review of previous research works related to computer network is conducted in this study, and accordingly, the following key related works are described below. In the research work [1], OPNET is used to develop simulation models to determine the performance of network both with/without using firewalls. The authors decided about link utilization for receiving and leaving data to and from the router. Their research work concluded that the network performance would increase noticeably if firewall filtering was set and configured due to the filtering of unwanted traffic. This means the engagement of firewalls are significant for improving the network security and it meets the service level agreements and enhancing the quality of service (for example, availability, performance). In the research work [2] conducted in 2010, a hybrid network for various IP routing protocols in load campus network was developed and implemented. Basic LAN and WAN models were used in this network. They created simulated environment where several applications were used at a single time. They depended on OPNET IT GURU Academic Edition for designing their model. A new model appropriate for university environment was designed using OPNET. They evaluated their model against several types of applications such as ATM, Remote Login, and FTP in in Hybrid Networks. Furthermore, they used two types of IP routing protocols (IGRP and RIP) to evaluate the performance of hybrid network for various applications. In their work, OPNET demonstrated the effect of using IP routing protocol for various types of applications in hybrid network. The research work [3] conducted in 2011, showed the infrastructure of computer network for Tarumanagara University for supporting different academic and administrative actions. The constructed infrastructure covered entirely parts of the building and the floor levels. The university needed to improve LAN for accommodating their needs and meet the growing variety of services. The new infrastructure of computer network constructed to guarantee the superiority of services such as, scalability, reliability, and backing imminent extensions in the future. The most significant part before developing the network structure was the network design. They analyzed user and network necessities for developing this network. They implemented hierarchical network design with high availably backbone and user's segmentation to all users with spreads on some building. In [4] a large scale wireless LAN was designed to pose many interesting questions. Nonetheless, the chance to tackle these questions was given through the construction of Wireless Andrew Networks at Carnegie Mellon University. The research work described methods that were established for the development of related networks. A large scale wireless LAN should be considered so that every target space could have radio coverage, in other words, there must be no gaps in coverage. The design must be adequate in terms of capacity for carrying the anticipated load. A proper amalgamation of access point position, frequency assignment, and receive threshold stetting are used to meet the above general requirement. In [5] network coding in TCP/IP protocol stack implemented using OPNET Modeler. A media streaming application via LTE and WLAN networks was considered, then, the performance of their solution was assessed. Several strategies of user-network association were built through simulations in a varied wireless environment for optimizing expenses under QoS limitations. Their results displayed that network coding would help to diminish the interdependence amid the networks. Also, the threshold based online policy was found to be a better-quality policy aimed at which the network procedure cost was importantly compacted while outstanding within demands of the QoS users.
The research work conducted in 2015 in [6], indicated significance of firewall for securing communications and resources of network. On the other hand, the authors also indicated that there might be more processing of networked information which can subsidize to degrade the performance of networks. Thus, they stated that it is imperative to scrutinize the involvement of firewalls to network security, in addition, the firewalls were considered for scrutinizing their impacts on web protection. They conducted several scenarios integrating firewalls. OPNET was used for simulating and creating models to determine the performance of the network with and without firewalls. In the research work [7], the types of firewall and thier principle were discussed. They demonstrated simulations and their results of application proxy firewall via OPNET. They found that the firewall distribution had some aids and downsides. The aids of firewall were enhancement on throughput and link utilization. The key downside of using application proxy or firewall was the delay generated due to full scrutiny process. They used the parallel firewalls approach. To conclude the parallel firewall was cost effective in terms of performance. They stated that the firewall would not only deliver all security requirements of a modern network, but, it could be regarded as an initial step to solve network security. In the research work [8] conducted in 2011, OPNET was used for designing a network simulation for Mosul University. The network design was tested by adding 3 applications (File Transfer Protocol, Hyper Text Transfer Protocol, and Voice over Internet Protocol). Their results demonstrated that the suggested model produced a constructive efficacy on scheming and dealing with the targeted network. A research group at the Deptment of Electrical and Computer Engineering, University of Wyoming performed high quality research in the Mobile Ad-Hoc Networks, Net-Centric Warfare and Nano-satellite networks fields [9,10,11,12]. They developed new algorithms in localization, backbone formation, and radio propagation in the Mobile Ad-Hoc network and Net-Centric Warfare research areas. This research group used OPNET to simulate these developed theoretical algorithms for rigorous analysis.
The above enlightenment shows that there is a requirement to develop network resourcefully and simulate it using some software tools such as OPNET before practically building it. OPNET is a powerful network design and simulation tool that has increased reputation in industry and academia. This research work is relying on OPNET to design a computer network for Salahaddin University Campus measuring computer performance parameters for the same network topology, connection mechanisms, connected devices, and configuration service values for two case scenarios, (the first one contains firewall and the second one doesn't) and determine which case is the better to achieve higher computer network performance parameters, such as, throughput and time delay and the obtained results will confirm which one of them gets increased or decreased and by what value.

Campus Network Interconnection
The computer network is installed on an area of 3000X3000 square meter, the colleges are distributed around a central building of the university presidency (department of academic administration). The computer network topology, design, the network configuration, devices, and cables (media) types of the department of academic administration network are assumed to be the same as for each of the college networks (See Figures 1 and 2). This network will be the middle cable distribution point of the university campus, and all the other college networks are located or installed around it. Then, overall number of the installed network will be 17 college networks including the presidency network. This design is sufficient to the Salahaddin university hierarchy configurations. In this way, it is noticed that each college switch is of 900m distance from the central switch which is located in the presidency building. This network topology fulfils the cable media specification of physical layer including the cable allowed distance and data speed. The fiber optic cable 1000BaseX can connect computers disparities by each other for a distance up to 950m. In the simulator, cloud is used to provide services to the users of the entire network. The network is then configured to produce many services such as HTTP, VoIP, packet transferred per second, and delay in the profile definition. Moreover, each computer that requires to get result should be configured to simulate the mentioned services.
To explain the network interconnection, it is important to count its hardware components as follows: 17 switches, each with 48 ports or RJ 45 suited to connect with STP cables as signals transfer more safely from the adjacent noise signals, temperature noise, signal distortion, and signal dissipation in this type of cable. Each switch is fixed in its specified (college) location to distribute services to the college using cat 6 STP cable (100 Base T). Also, all these switches are connected via 1000BaseX fiber optic cable with the core switch located at the center of the university campus (presidency network) as shown in Figures 1 and 2. This represents the backbone of the network. Six core fiber optic cables (single mode) are connecting the college switches to the core switch. The core switch is connected to a server to get the services such as VoIP, email, and HTTP. The core switch is connected to the router to isolate the university network from the outside cloud which provides the internet service to the network project. To increase the security, firewall is connecting the cloud to the router which is connected to the core switch. Firewall is used to protect entire network computers from intruders and hackers. The server can be connected with a router in order to achieve more security and provide many applications, and administrating issues.
The capability of this design to add wireless distribution services is in such an easy way via just replacing college switches by wireless router to distribute wireless services to the entire college network users with maintaining efficient speed and connectivity. Table 1, shows the used components in this project.   On OPNET Modeler 14.5 simulation software interface, there are some very important items to make the simulation work such as "Application Definition" and "Profile Definition" which are used in the simulator for configuring the applications operated in the network. Thus, for example, if the "Profile Definition" has not configured specifically in the OPNET simulator, the network will not work and its parameters will not be achieved, consequently, no results will be determined.
The application needed to be simulated in this network project is configured by the "Profile Definition". Also, the server should be configured to get this application profiles. Similarly, this application should be configured on each node (PCs), or else, the PC cannot get benefit from that specific and configured application. Conversely, no results will be obtained. Addresses can be configured to all devices in the third layer (the network layer) of OSI reference model. In this project, IP addresses should be configured to each device in the network project.

Simulation and Results
A server is connected to the router through a switch and configured to support the applications that need to work in the network. Before supporting the internet services to the entire network, firewall is installed and configured to protect the entire network. The main switch is used to connect the smaller networks (representing the college networks) where switches are fixed in each college network for connecting the computers. The "100BaseT" "cat6" twisted pair cable is used to link the network components in all sectors of the network, with exception to the link between the college switches and the main switch. This cable is sufficient to fulfil the bit stream demand which is required by each user. Fiber optic cable is used to link the college switches to the main switch. This provides two benefits to the entire network; the first one is the high bandwidth that could be achieved because of the fiber optic specifications, the second one is the longer distance between the main switch and the college switches could also be achieved. It is worth noticing that the use of "100BaseT" "cat6" will not cause deadlocks since the bandwidth needed for the entire college network is fulfilled by the speed of 100Mbps.
The college networks consist of 20 computers distributed around each college location. The college computer network should be wired by STP cable which interconnects each computer to a central college switch by 48 RJ-45 Port switch which can be ready for future expansions as shown in the Figures 1 and 2.
All the college switches are connected to the main switch by a fiber optic cable 1000BaseX. The main switch is connected to the router and the firewall.
The global characteristics Ethernet delay for the two cases are equal, therefore, there is no need to show the curves as results. The global statistics FTP data received per second is slightly decreased when firewall was used (See Figure 3).
For the FTP service, the indication value reaches 50000 Byte/sec as maximum. Then, it is stabilized at approximately 20000 Byte/sec using firewall. Then after, it decreases by 0.03 as shown in Table 2. Figure 4 shows a slightly higher indication when firewall used for the received HTTP which is the opposite case of Figure 3. Figure 5. Shows Global Characteristics HTTP Traffic Sent Transferred measured by Byte/sec, using firewall gives a higher value of data traffic for the HTTP service by approximately 1600 Byte/sec.  Voice service is also differing for the two scenarios, this can be shown in Figure 6, and the global statistics voice traffic received byte per second. However, if firewall is used, this parameter is decreased by 20,000 bytes per second.
The same minor difference can be noticed in Figures 7 and 9 between two scenarios in which a decrease was noticed when firewall is used.  Figure 7 shows the object statistics campus network server average IP traffic received reach 3900 packet/sec with and without using firewall, this value decreased reaching 3750 packet /sec when firewall used. Figure 8 shows a slight decrease of the object statistics campus network server IP traffic received packet/sec in case when using the firewall compared to not using it by average of 175 packet/sec.   Figure 8, shows object statistics campus network server traffic received packet/sec. It is noticed that in the beginning that the scenario of the network design without firewall has greater values and after two minutes from starting, it is increasing for the two scenarios, the second scenario gives a larger value by one packet per second than the first one. The same thing happens for Figure 9 for TCP Packet/sec. Figure 10 Shows increasing by approximately 1 session/sec greater for the second scenario of using the firewall.

Conclusion
Installing firewall or using it in the network has a tremendous effect and impacts on many network parameters like throughput, data transfer, delay, packet transfer etc. otherwise it does not make any changes on the others. In this paper using of firewall and its influence were discussed, some of these network parameters showed increasing values and others showed decreasing ones for the two scenarios. The measurements that were obtained started after four minutes, this is shown clearly in the curves which displayed the obtained results. This period is caused by all the network components for addressing and identifying the clients, servers, routers and hosts each by its address. After those four minutes period, the network is started to work and the results (curves) started rapidly to reach their maximum values. A minor difference showed in all results (curves) obtained such as the Global Characteristics Average FTP Traffic Received Transferred Byte/sec which showed a little higher values when firewall was not implemeted. This differnce was aproximatly 1500 Byte/sec, which can be negleced. The differences between the two scenarios (with/without firewall) upon this discussed parameters was very tiny. The ratio of difference in all results was less than 1. This can be seen by the last two columns in Table 2. Though this difference has two roles increasing or decreasing, but generally, for all cases the difference has no influence on the whole network performance. Theoretically, it is clear that the firewall has an influence to the network such as decreasing the network speed, this is because, for example, the firewall has to check every incoming or outgoing packet where a packet is a unit of data shape that transferred between all network nodes. This is ideally true, but practically, when the simulation was undertaken, not all these predictions were noticed.
As mentioned previously, the results determined by the simulation demonstrated that the number of VoIP service users can simultaneously reach up to 300 computers when the network uses IP Telephony. Thus, the VoIP service can be used instead of the PSTN public system telephony network infrastructure with better quality and lower cost. The results obtained showed that adding firewall device won't affect the network speed and has no bad influence on the VoIP application and its parameters.