Design And Implementation Of Firewall Based On SDN Controller

With the deployment of the large-scale network of data centers, the development of the network virtualization, and the diversification of business needs, higher requirement are put forwarded for the needs of flexible deployment of the network and centralized control. Since the traditional network management is relatively dispersed, the network cannot response to deployment of new business quickly. In this situation, SDN(Soft Defined Network) is proposed, whose main idea is to separate the network control layer from the forwarding layer resulting in centralized controlled to the entire network. thus making the network control and management much easier, and the network can quickly respond to changes in the industry's demand. deployment of network become rapidly and neatly. SDN controller is the realization of SDN thought, and follows SDN thought of separation of control and forwarding and centralized control thought. This paper based on the open source SDN controller of Flood Light for a modular development, adding firewall configeration function on based functions of SDN controller. The main function is to configure and deploy the firewall in the network through SDN controller. This paper mainly discusses the REST(Representational State Transfer) interface, data persistence and high availability. The main works are as follows.1)Designing and implementing the REST interfaces of the firewall module. Designing and implementing the REST interfaces of the firewall module using REST style. These interfaces can provide creating firewall configurations function, getting firewall configurations function, modifying firewall configurations function and deleting firewall configurations function. And calling the lower functions by these REST interfaces.2)Designing and implementing the data persistence function of firewall module. The firewall module obtain the configuration through the REST interfaces, then the configurations are processed, making the running dates of the firewall module achieve persistent storage.3)Designing and implementing the high availability of firewall module. The main equipment did not work standby equipment took over the job in order to achieve high availability. The high availability of the firewall module is based on the cluster module. Real time message backup is to change the data into the other members of the cluster when the main device is configured. The bulk backup is the master device sends the bulk of the data to a new controller when a new controller join the cluster. The design and implementation of these polices ensure the high availability of firewall.4)Designing and implementing the Service-Path function.The Service-Path module convert firewall configurations into XML file, then getting connection with equipment and send the XML file.Through this paper, the firewall configuration module can be used for the firewall data processing and deployment, and the controller can also work well with other modules.