Netinfo Security ›› 2015, Vol. 15 ›› Issue (11): 47-52.doi: 10.3969/j.issn.1671-1122.2015.11.008

Previous Articles     Next Articles

Design and Implementation of Stateful Firewall Based on Software-defined Networking

LIU Qi, CHEN Yun-fang, ZHANG Wei   

  1. Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
  • Received:2015-09-01 Online:2015-11-25 Published:2015-11-20

Abstract:

Compared with the traditional network architecture, the control and data planes are decoupled in software-defined networking, which provide a new solution for research on new network applications and future Internet technologies. However, according to the recent research and progress of SDN, security problem has not been addressed, which will be a significant issue. Traditional firewalls in the face of constantly updating a large number of network attacks are still loopholes, the urgent need for innovative mechanisms firewall in the face of danger situation. SDN is a new control and forwarding separation and direct programmable network architecture, the main idea is to decouple traditional tight coupling network equipment to get forwarding plane and control plane, network management staffissued can send the firewall policy to the switches in the network through a central controller. In this paper, after introducing the relevant knowledge of SDN firewall architecture, a stateful firewall policies be designed by a software-defined network programming language pyretic based on IP address recognition, and deployed in the control plane. In order to fully show the flexibility and control of fine-grained firewall policy in software-defined network environments, a stateful firewall policy is deployed and issued in the virtual network.

Key words: software-defined networking, controller, stateful firewall

CLC Number: