6533b7d9fe1ef96bd126c075

RESEARCH PRODUCT

Firewall as a service in SDN OpenFlow network

Andis Arins

subject

Firewall (construction)OpenFlowNetwork packetbusiness.industryComputer scienceServerComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSForwarding planeThe InternetDenial-of-service attackSoftware-defined networkingbusinessComputer network

description

Protecting publicly available servers in internet today is a serious challenge, especially when encountering Distributed denial-of-service (DDoS) attacks. In traditional internet, there is narrow scope of choices one can take when ingress traffic overloads physical connection limits. This paper proposes Firewall as a service in internet service providers (ISP) networks allowing end users to request and install match-action rules in ISPs edge routers. In proposed scenario, ISP runs Software Defined Networking environment where control plane is separated from data plane utilizing OpenFlow protocol and ONOS controller. For interaction between end-users and SDN Controller author defines an Application Programming Interface (API) over a secure SSL/TLS connection. The Controller is responsible for translating high-level logics in low-level rules in OpenFlow switches. This study runs experiments in OpenFlow test-bed researching a mechanism for end-user to discard packets on ISP edge routers thus minimizing their uplink saturation and staying on-line.

yearjournalcountryeditionlanguage
2015-11-012015 IEEE 3rd Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE)
https://doi.org/10.1109/aieee.2015.7367309