摘要
本文介绍了传统网络防火墙在软件定义网络(SDN)中存在的问题,设计了一种基于OpenFlow的SDN防火墙。这种防火墙通过SDN控制器启动,用户可以综合考虑网络协议类型、操作类型及优先级等因素,制定防火墙规则,由SDN控制器转换成不同的流表项,下发给对应交换机,从而实现可定制的智能防火墙功能。此外,针对单级流表和多级流表的不同场景,分别设计了对应的防火墙规则下发流程,并详细描述了防火墙应用的具体实施方式。本设计适用于所有种类SDN交换机的防火墙,通用性强。
The problems of traditional network firewalls in software defined network(SDN)are introduced in this paper.A firewall for SDN is proposed based on OpenFlow who is started by the controller of SDN.Users can decide rules of firewall according to the network protocol,operation type,priority and other factors.These rules will be translated to flow tables by the controller who sends flow tables to the switch.It can be achieved intelligent and customized firewall by this method.In view of the difference between the single level flow table and the multilevel flow table,the processes of firewall rules are designed respectively.And the implementations of this firewall are described thoroughly.This design has good versatility and can be applied to the firewalls for all types of SDN switches.
作者
雷明涛
柯昌骏
朱昊
李晓禹
Lei Mingtao;Ke Changjun;Zhu Hao;Li Xiaoyu(The 28th Research Institute of China Electronics Technology Group Corporation, Nanjing 210007, China)
出处
《信息化研究》
2018年第2期29-34,共6页
INFORMATIZATION RESEARCH
