Title :
An OpenFlow-Based Prototype of SDN-Oriented Stateful Hardware Firewalls
Author :
Collings, Jake ; Jun Liu
Author_Institution :
Comput. Sci. Dept., Univ. of North Dakota, Grand Forks, ND, USA
Abstract :
This paper describes an Open Flow-based prototype of a SDN-oriented stateful hardware firewall. The prototype of a SDN-oriented stateful hardware firewall includes an Open Flow-enabled switch and a firewall controller. The security rules are specified in the flow table in both the Open Flow-enabled switch and the firewall controller. The firewall controller is in charge of making control decisions on regulating the unidentified traffic flows. A communication channel is needed between a firewall controller and an Open Flow enabled switch. Through this channel, a switch sends to the controller with the information of unidentified flows, and the controller sends to the switch with the control decisions. Constraining this communication overhead is important to the applicability of the prototype because a high communication overhead could disturb the performance evaluation on the operation of a SDN-oriented stateful hardware firewall.
Keywords :
computer network performance evaluation; decision making; firewalls; protocols; prototypes; software defined networking; telecommunication channels; telecommunication traffic; OpenFlow protocol-based prototype; OpenFlow-enabled switch; SDN-oriented stateful hardware firewall controller; communication channel; control decisions making; flow table; performance evaluation; security rule; software defined networking; unidentified traffic flow regulation; Firewalls (computing); Hardware; Prototypes; Software; Switches; Firewalls; Flow Table; OpenFlow Protocol; Software Defined Networking;
Conference_Titel :
Network Protocols (ICNP), 2014 IEEE 22nd International Conference on
Conference_Location :
Raleigh, NC
Print_ISBN :
978-1-4799-6203-7
DOI :
10.1109/ICNP.2014.83
