A Network Topology-aware Selectively Distributed Firewall Control in SDN

Software defined networking (SDN) and its enabling standards, OpenFlow promise flexible and faster evolving networks, by separating the control plane from data plane so that the control plane becomes more responsive to the changes in topology, load balancing requirement, and suspicious traffics. To ever-changing security attacks, SDN also offers new potentials to handle security threats in more robust and reactive way. The previous SDN firewall proposals suffer from firewall long setup up latency and controller overhead. This paper presents a topology aware selective firewall distribution solution, which sends only necessary firewall configuration rules considering the traffic flows and network topology. The Mininet simulation results in various network sizes show the proposed solution reduces the firewall setup traffic and lessens the firewall-violated traffic travel route significantly, so suitable for large-scale SDN networks.