Securing Local Area Networks with OpenFlow

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu | Master's thesis
Ask about the availability of the thesis by sending email to the Aalto University Learning Centre
Degree programme
TLT - Master’s Programme in Communications Engineering (TS2005)
In the traditional network architecture, the data flow is controlled by switches and routers which make it difficult to meet the ever growing requirements of the present network environment. The popularity of network virtualization and cloud services, and a rapid growth of mobile devices and contents have made the control of the network challenging and complicated. Software Defined Networking (SDN) paradigm offers a suitable solution by separating the forwarding hardware from the control decisions with the use of a logically centralized programmable controller. OpenFlow protocol is the present SDN standard to facilitate communication between the switch and the controller. SDN controllers can use OpenFlow protocol to modify the flow table of the switches to control and manage the flow of packets in the network. Firewall has become an integral part of every network infrastructure and play a major role in preserving network security. Firewalls prevent the network from unauthorized external access by implementing security policies. The capability of the OpenFlow architecture to control the network traffic creates an opportunity to replace the traditional firewall with software based programmable firewall. In this thesis work, the possibility of enhancing network security with an OpenFlow based firewall is demonstrated. A python based OpenFlow controller known as POX has been used to design and implement a firewall. The implemented firewall examines the incoming packets against the preset firewall rules to filters packets. The rules have been based on the source and destination MAC/IP addresses to prevent unauthorized communication between the hosts, and to restrain an intruder from gaining access to the network. The rules have also been based on physical port number to prevent specific types of service on a host. Analysis is carried out to evaluate the functionality and the performance of the firewall in a virtual network. Although the analysis have been carried out in a virtual environment, the results show that the firewall is successfully able to carry out the designed security functionality such as blocking traffic based on predefined rules. It also illustrates the prospects of additional research and improvement; the firewall module could be further developed to deal with more complex security issues and be deployed in real environment.
Manner, Jukka
Thesis advisor
Kiravuo, Timo
OpenFlow, software defined networking, firewall, network security, POX
Other note