计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (15): 84-90.DOI: 10.3778/j.issn.1002-8331.1703-0411

• 网络、通信与安全 • 上一篇    下一篇

基于OpenFlow的SDN状态防火墙

王  鹃1,2,3,刘世辉2,3,文  茹2,3,洪  智2,3,王  江4,樊成阳3,张浩喆3   

  1. 1.软件工程国家重点实验室,武汉 430072
    2.空天信息安全与可信计算教育部重点实验室,武汉 430072
    3.武汉大学 计算机学院,武汉 430072
    4.清华大学 计算机科学与技术系,北京 100084
  • 出版日期:2018-08-01 发布日期:2018-07-26

State firewall of SDN based on OpenFlow

WANG Juan1,2,3, LIU Shihui2,3, WEN Ru2,3, HONG Zhi2,3, WANG Jiang4, FAN Chengyang3, ZHANG Haozhe3   

  1. 1.State Key Laboratory of Software Engineering, Wuhan 430072, China
    2.Key Laboratory of Aerospace Information Security and Trust Computing, Ministry of Education, Wuhan 430072, China
    3.Computer School of Wuhan University, Wuhan 430072, China
    4.Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China
  • Online:2018-08-01 Published:2018-07-26

PDF

摘要: 提出了一种基于OpenFlow的状态检测防火墙系统,该方案通过在SDN控制器和交换机中添加状态表和变换流表,并根据包的类型分别制定相应的状态转换规则,实现对SDN网络状态的监测。最后,在开源控制器Floodlight和Open vSwitch上实现了一个基于状态检测的防火墙系统,并对该防火墙的性能进行了评估,结果表明基于OpenFlow的SDN状态检测防火墙能够识别不同类型的包并实现现有SDN防火墙不能实现的基于状态的细粒度访问控制。

关键词: 软件定义网络, OpenFlow协议, 状态检测, 防火墙

Abstract: A new SDN state inspection firewall system on OpenFlow protocol is proposed. In this scheme, state tables and shifted flow tables are added into SDN controller and switch, and corresponding state transition rules are also formulated on the basis of packet type, so firewall is able to inspect SDN network state. SDN state inspection firewall is implemented on opensource controller Floodlight and Open vSwitch. The performance evaluation result shows that the SDN state inspection firewall can recognize the type of packets, moreover, it achieves the fine-grained access control which present SDN firewall cannot offer.

Key words: Software Defined Network(SDN), OpenFlow protocol, state inspection, firewall

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数