NetWatch: Empowering software-defined network switches for packet filtering

Software Defined Network (SDN) is one of the emerging architecture that has captured the attention of networking technology enthusiasts and organizations worldwide. SDN enables programmability of the network, simplifies network management and provides better scope for research. The programmability of the network has made it possible to create software based network components such as hubs, switches and firewalls. In this paper, we propose that an SDN Switch can be made to act like a firewall which implements a set of security rules for the network. The switch is configured to explicitly forward only those flows that are allowed by the controller. We have named this module as NetWatch. NetWatch works for POX controller and can be used to not only protect, but also to control the communication between devices within the network. The module has the capability to intercept TCP and UDP packets. We have demonstrated the effectiveness of NetWatch through emulations in MiniNet.