Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing

Abstract

The introduction of Software Defined Networking (SDN) enables possibilities for the next generation of network where the network logic operation is separated from the constraints of underlying hardware. However, the new architecture of SDN also exposes many security risks such as controller DoS attack, configuration channel compromise. This paper analyzes the challenges of stateful firewall realization in SDN environment and presents FlowTracker - a novel stateful firewall solution focusing on maintaining the accuracy and agility of stateful firewall with reduced controller processing and communication overhead between control and data plane. The GENI test bed experiments validates FlowTracker its stateful packet tracking and acceptable level of latency increase.