State firewall of SDN based on OpenFlow

doi:10.3778/j.issn.1002-8331.1703-0411

Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (15): 84-90.DOI: 10.3778/j.issn.1002-8331.1703-0411

Previous Articles Next Articles

State firewall of SDN based on OpenFlow

WANG Juan1，2，3, LIU Shihui2，3, WEN Ru2，3, HONG Zhi2，3, WANG Jiang4, FAN Chengyang3, ZHANG Haozhe3

1.State Key Laboratory of Software Engineering, Wuhan 430072, China
2.Key Laboratory of Aerospace Information Security and Trust Computing, Ministry of Education, Wuhan 430072, China
3.Computer School of Wuhan University, Wuhan 430072, China
4.Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China

Online:2018-08-01 Published:2018-07-26

基于OpenFlow的SDN状态防火墙

王鹃1，2，3，刘世辉2，3，文茹2，3，洪智2，3，王江4，樊成阳3，张浩喆3

1.软件工程国家重点实验室，武汉 430072
2.空天信息安全与可信计算教育部重点实验室，武汉 430072
3.武汉大学计算机学院，武汉 430072
4.清华大学计算机科学与技术系，北京 100084

Abstract

Abstract: A new SDN state inspection firewall system on OpenFlow protocol is proposed. In this scheme, state tables and shifted flow tables are added into SDN controller and switch, and corresponding state transition rules are also formulated on the basis of packet type, so firewall is able to inspect SDN network state. SDN state inspection firewall is implemented on opensource controller Floodlight and Open vSwitch. The performance evaluation result shows that the SDN state inspection firewall can recognize the type of packets, moreover, it achieves the fine-grained access control which present SDN firewall cannot offer.

Key words: Software Defined Network（SDN）, OpenFlow protocol, state inspection, firewall

摘要： 提出了一种基于OpenFlow的状态检测防火墙系统，该方案通过在SDN控制器和交换机中添加状态表和变换流表，并根据包的类型分别制定相应的状态转换规则，实现对SDN网络状态的监测。最后，在开源控制器Floodlight和Open vSwitch上实现了一个基于状态检测的防火墙系统，并对该防火墙的性能进行了评估，结果表明基于OpenFlow的SDN状态检测防火墙能够识别不同类型的包并实现现有SDN防火墙不能实现的基于状态的细粒度访问控制。

关键词: 软件定义网络, OpenFlow协议, 状态检测, 防火墙

WANG Juan1，2，3, LIU Shihui2，3, WEN Ru2，3, HONG Zhi2，3, WANG Jiang4, FAN Chengyang3, ZHANG Haozhe3. State firewall of SDN based on OpenFlow[J]. Computer Engineering and Applications, 2018, 54(15): 84-90.

王鹃1，2，3，刘世辉2，3，文茹2，3，洪智2，3，王江4，樊成阳3，张浩喆3. 基于OpenFlow的SDN状态防火墙[J]. 计算机工程与应用, 2018, 54(15): 84-90.

[1]	WU Bo, WU Jing, LUO Wei, ZHU Jie. Service-Related Routing Method Based on Programmable Data Plane [J]. Computer Engineering and Applications, 2020, 56(3): 106-112.
[2]	WANG Jun, WANG Menglin, WANG Yue, LIU Junjie. Load Balancing Scheme Based on Flow Classification for SDN Data Center Network [J]. Computer Engineering and Applications, 2019, 55(24): 75-83.
[3]	LIU Junjie, WANG Jun, WANG Menglin, WANG Yue. DDoS Attack Detection Based on C4.5 in SDN [J]. Computer Engineering and Applications, 2019, 55(20): 84-88.
[4]	ZHOU Feijie, ZHANG Kunli, WANG Guoqing, ZHUANG Lei. Research of Adaptive SDN Routing Algorithm Based on Genetic Mechanism [J]. Computer Engineering and Applications, 2019, 55(2): 86-91.
[5]	XIANG Bo, YU Liyang. Research and design on SDN multi-controller fault tolerance [J]. Computer Engineering and Applications, 2018, 54(23): 81-88.
[6]	ZHOU Huan1，2, LIU Hui1. Research on SDN controller based on Floodlight [J]. Computer Engineering and Applications, 2016, 52(24): 137-147.
[7]	CAO Shaohua, ZHANG Xin. Research of application-towards bandwidth guarantee in SDN network [J]. Computer Engineering and Applications, 2016, 52(22): 127-132.
[8]	LI Li1，ZHAI Zhengde2. Web security enhancement scheme based on Web application firewall [J]. Computer Engineering and Applications, 2011, 47(25): 104-106.
[9]	HOU Zhengfeng，PANG Youxiang. Latency analysis of multi-core firewall in hierarchical content filtering [J]. Computer Engineering and Applications, 2011, 47(12): 93-96.
[10]	LUO Xin,ZHANG Yan-yuan,MA Wei-na. Research of strategies to enhance VPN’s adaptability [J]. Computer Engineering and Applications, 2008, 44(22): 129-131.
[11]	WANG Shao-peng,SUN Min. Research of image content filtering firewall based on Web page logo [J]. Computer Engineering and Applications, 2008, 44(1): 119-122.
[12]	WEN Jun-hao,JI Kai,GAO Cun-zhi,HAO Jian-wei. Firewall system based on embedded linux OS [J]. Computer Engineering and Applications, 2007, 43(28): 144-146.
[13]	DENG Wen-jun¹,LIANG Yi-wen². Semantic method to analyze firewall policy [J]. Computer Engineering and Applications, 2007, 43(26): 135-137.
[14]	ZHANG Zhao-li，HONG Fan，XIAO Hai-jun. Firewall rule conflict discovery algorithm [J]. Computer Engineering and Applications, 2007, 43(15): 111-113.
[15]	,Fei Hu,,,. Design and Implementation of Distributed Intrusion Detection System Based on Combines Knowledge and Anomaly Technique [J]. Computer Engineering and Applications, 2005, 41(35期): 0-.

State firewall of SDN based on OpenFlow

基于OpenFlow的SDN状态防火墙

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics