Advanced firewall mechanism with OpenFlow in SDN

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    In recent years, penetration of Internet in the world is significantly increased due to technologies that enabled high speed broadband     services, social networking and cloud based services. There is considerable increase in the number of users getting connected and hence large amount of user’s vital data are flowing over Internet attracting serious threats and possible attacks from malicious users. To secure this free-flowing data, many security solutions have been presented, validated and implemented. But the majority of them are             implemented with traditional networking techniques which itself is complex and hard to manage. This techniques primarily relies on manual configuration of devices which often results in policy conflicts that compromises network’s security. This problem is addressed by Software Defined Networking, which breaks vertical integration by separating the control logic and data forwarding functionality, allowing flexible network architecture, network-wide visibility, simpler network management, etc. OpenFlow is the open standard that enables secure communication between controlling devices and data forwarding devices. In this paper, we propose and validate an approach to implement network-wide firewall in SDN by exploiting capabilities of OpenFlow standard to restrict flow of malicious and suspicious traffic flow in the network.



  • Keywords

    Access Control List; Firewall; OpenFlow; REpresentational State Transfer; Software Defined Networking.

  • References

      [1] I. Ahmad, S. Namaly, M. Ylianttilaz and A. Gurtov, Security in Software Defined Networks: A Survey, IEEE Communications Surveys & Tutorials , Volume: 17, Issue: 4,(August 2015), pp 2317 - 2346.

      [2] D. Kreutz, F. M. V. Ramos, P. Verissimo, C. E. Rothenberg, S. Azodolmolky and S. Uhlig, Software-Defined Networking: A Comprehensive Survey, Proceedings of the IEEE, (2014), 14-76.

      [3] Z. HU, M. WANG, X. YAN, Y. YIN and Z. LUO, A Comprehensive Security Architecture for SDN, 18th International Conference on Intelligence in Next Generation Networks, (February 2015), pp 30-35.

      [4] W. M. Othman, H. Chen, A. Al-moalmi and A. N. Hadi, Implementation and performance analysis of SDN firewall on POX controller,IEEE 9th International Conference on Communication Software and Networks (ICCSN), (2017), pp 1461-1466.

      [5] F. Nife and Z. Kotulski, Multi-level Stateful Firewall Mechanism for Software Defined Networks, Springer International Publishing, (June 2017), pp 271–286.

      [6] V. Visoottiviseth, S. Lertviriyasawat, P. Suppiyatrakoon, P. Chitkornkitsil and N. Yamai, REFLO: Reactive Firewall System with OpenFlow and Flow Monitoring System, Proceedings of the 2017 IEEE Region 10 Conference (TENCON), Malaysia, (December 2017), pp 2273- 2278.

      [7] S. Zerkane, D. Espes, P. Le Parc, and F. Cuppens, A Proactive Stateful Firewall for Software Defined Networking, Springer International Publishing, (March 2017), pp 123-138.

      [8] T. V. Tran and H. Ahn, Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing, International Conference on Software Networking (ICSN), (May 2016).

      [9] C. DeCusatis and P. Mueller, Virtual Firewall Performance as a Waypoint on a Software Defined Overlay Network, IEEE 6th International Symposium on Cyberspace Safety and Security (CSS), (August 2014).

      [10] A. Shieha, Application Layer Firewall Using OpenFlow, Interdisciplinary Telecommunications Graduate Theses & Dissertations, Paper 1, (2014).

      [11] Open Networking Foundation, OpenFlow Switch Specification - Version 1.5.0, (December 19, 2014).

      [12] Ryu Developing Team, Ryu Documentation, Release 4.21, (January 19, 2018).

      [13] What is Open vSwitch? [Online] – Open vSwitch

      [14] What Is REST? [Online] – REST Tutorial

      [15] Getting Started with GNS3 - EYD9 aLY8kkdhgaMB0wPCz8a38/index.html

      [16] A. Botta, A. Dainotti and A. Pescape, A tool for the generation of real-` istic network workload for emerging networking scenarios, Computer Networks (Elsevier), Volume 56, Issue 15, (2012), pp 3531-3547.

      [17] INTERNET Usage Statistics -

      [18] S.V.Manikanthan and T.Padmapriya “Recent Trends In M2m Communications In 4g Networks And Evolution Towards 5g”, International Journal of Pure and Applied Mathematics, ISSN NO: 1314-3395, Vol-115, Issue -8, Sep 2017.

      [19] S.V. Manikanthan, T. Padmapriya “An enhanced distributed evolved node-b architecture in 5G tele-communications network” International Journal of Engineering & Technology (UAE), Vol 7 Issues No (2.8) (2018) 248-254.March2018.

      [20] S.V. Manikanthan, T. Padmapriya, Relay Based Architecture For Energy Perceptive For Mobile Adhoc Networks, Advances and Applications in Mathematical Sciences, Volume 17, Issue 1, November 2017, Pages 165-179




Article ID: 12002
DOI: 10.14419/ijet.v7i2.24.12002

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.