The Design And Implementation Of The Distributed Firewall System Based On OpenFlow Networks

In recent years, the rise of the mobile Internet, e-commerce,big data services,has put forward higher requirements on the construction of IT infrastructure.It is hoped to supply with demand,to change with request, to be flexible and robust. The appearing of SDN(Software Defined Networking, software-defined network) technology is adapted to the ITing of networks, softwaring of equipment and standardization of hardware. In this new network architecture, some of the traditional network applications such as firewalls, load balancing, etc., should be bound to the corresponding transformation and improvement.OpenFlow technology is an implementation of the SDN architecture. It is a new network model. It uses a flow meter(Flow Table) to complete freedom to control user traffic handling. Network devices are no longer bound by a fixed agreement. This reflects the core idea of the separation of control and data in SDN. Firstly, OpenFlow network technology development status and the current network firewall needs were discussed. Then, the related technologies are briefly introduced in the paper. According to the characteristics of OpenFlow network architecture, we propose and design a new OpenFlow-based distributed firewall system. The system use a Web application firewall as a policy entry, via REST API to firewall controller based on Ryu controller, then some policy rules are issued into each individual firewall in the OpenFlow networks.Finally,the flows are controlled by these firewalls.The system is a good solution to single point problem and the problem of internal attacks in the traditional firewall. By building a small network topology to verify the distributed firewall system and test the result.It is proved to be a good typical application of distributed firewall. The foreseeable future OpenFlow technology has a more broad space for development.