Advanced firewall mechanism with OpenFlow in SDN

Abstract

In recent years, penetration of Internet in the world is significantly increased due to technologies that enabled high speed broadband services, social networking and cloud based services. There is considerable increase in the number of users getting connected and hence large amount of user's vital data are flowing over Internet attracting serious threats and possible attacks from malicious users. To secure this free-flowing data, many security solutions have been presented, validated and implemented. But the majority of them are implemented with traditional networking techniques which itself is complex and hard to manage. This techniques primarily relies on manual configuration of devices which often results in policy conflicts that compromises network's security. This problem is addressed by Software Defined Networking, which breaks vertical integration by separating the control logic and data forwarding functionality, allowing flexible network architecture, network-wide visibility, simpler network management, etc. OpenFlow is the open standard that enables secure communication between controlling devices and data forwarding devices. In this paper, we propose and validate an approach to implement network-wide firewall in SDN by exploiting capabilities of OpenFlow standard to restrict flow of malicious and suspicious traffic flow in the network.