Implementation And Performance Analyisis Of SDN Firewall On POX Controller

Software Defined Network(SDN)is a revolutionary and emerging networking paradigm system in which network control plane is separated from data plane and assigned to a devoted software program called controller running at a control layer.Decoupling control plane and data plane brings an advantage of an abstraction model which makes it easier for both control and data planes to develop separately as well as the ability to easily manage and program a distributed underlying network(data plane).SDN shows signs of significantly facilitating network management and empowers novelty,innovation,and advancement.SDN makes networks wholly controlled and managed through software applications and gives a hope to change the limitations of current networks infrastructures.Since the emergence of SDN,it has provided many benefits and introduced a radical change in network architecture which simplified the control and management of networks,but on the other hand many challenges have arisen.One of the fundamental issues which exposed due to the new architecture of SDN is security risks.Network firewall is an indispensable and essential component for securing data traffic by enforcing security policies.This study aims to implement some firewall functionalities on SDN through writing some firewall applications that run on the top of the SDN POX controller.The firewall application which is working at Layer 2,Layer 3 and Layer 4 of OSI model capable of detecting the traffic of those three layers and enforcing specified policies and rules.It also enforces virtual port security by blocking an access to certain virtual ports.Our firewall filters packets based on their parsed headers and matches them against the pre-defined policies.If there is matching found,the packet is dropped otherwise it is forwarded.We have selected POX a python-based SDN controller and Open vSwitch for the experiment.The experiments were conducted using VirtualBox which is used for the virtualization.We set up a Virtual Machine(VM),running Mininet on the top of an Ubuntu OS.For creating the network topology,Mininet emulator was used.Wireshark and Iperf have been used to analyze the performance of our firewall module.In this study,we cover the implementation details of our firewall application,experimentation results,performance analysis of the firewall module as well as providing a discussion on the results.Based on the results we've got,our firewall module considered being the best alternative of traditional physical firewall in those three layers in terms of security,management,deployment and cost.