Академический Документы
Профессиональный Документы
Культура Документы
2012/
2
013
By:
Fathonah Tri Hastuti. / NIM. 23514048
MAGISTER OF INFORMATICS
SCHOOL OF ELECTRICAL DAN INFORMATICS ENGINEERING
INSTITUTE OF TECHNOLOGY BANDUNG
2015
ABSTRACT
This research discuss about simulation firewall over the floodlight controller.
i
TABLE OF CONTENT
ii
3.2.2. IDENTIFY AUTOMATION SYSTEM .......................................................
Error! Bookmark not defined.
3.2.3. MODEL CANDIDATE SERVICES ............................................................
Error! Bookmark not defined.
3.3. PERFORM SERVICE-ORIENTED DESIGN .......................................................
Error! Bookmark not defined.
REFERENCES ..............................................................................................................
Error! Bookmark not defined.
iii
LIST OF TABLES
iv
LIST OF FIGURES
v
I. INTRODUCTION/ MOTIVATION
The idea of SDN continues to grow until 2011, forming the organization OpenFlow
Network Foundation pioneered by various companies in the world. Some boards
include Google, Yahoo, and NTT. While as a member there are CISCO, Juniper, IBM,
DELL, HP, etc. The various background why the global IT companies join in
OpenFlow Network Foundation due to see the great potential of the transition to a
future era of SDN.
There are many types of controllers on OpenFlow SDN include: NOX, POX, SNAC,
Beacon, Trema, Maestro, Floodlight, and Open-daylight. Each has its own
characteristic ranging from programming languages used, platform used, up to a virtual
machine that can be used. Basically almost all OpenFlow controller that has the same
function as the center and as a remote configuration settings to the device in the
network that have implemented the concept of SDN OpenFlow.
Traditional network architecture is less effective performance due to the amount of time
required to perform the configuration of all devices must be configured manually or one
by one. In tradisional architecture also restrict new innovation in the network, it’s make
more difficult to develop.
However, by using the SDN OpenFlow on a network can simplify the configuration of
all devices that performed centrally on the controller that manages all the devices that
exist underneath. SDN OpenFlow architecture also does not restrict any new
innovations on the network and can be developed by the user so that it can improve the
performance of network devices using OpenFlow SDN. OpenFlow-based applications
proposed essentially to simplify network configuration, to facilitate network settings.
Attacks targeting single computers as well as whole network are very frequent
nowdays. Everyone, home users as well as business companies and states, has to secure
1
their devices against data theft or unpermitted usage. The needed measures of
protection are based on the formulation of a security concept which is put into action
using a component called firewall.
The importance of security in the network led researchers to conduct research on the
firewall. The previous research discussed about the packet filtering in SDN topology.
The other research discussed about fungsionality testing. To increase the understanding
about firewall over the controller, this research present more scenario firewall testing
than the previous research. Controller that will be used in this research is based on java
Floodlight. VirtualBox and mininet used to create SDN network topology.
The have been many research that discuss about OpenFlow SDN. OpenFlow-based
architectures have specific capabilities that can be exploited by researchers to
experiment with new ideas and test novel applications[1]. Cost saving approach for on
demand elastic Network design and active FlowPlacement in SDN environment was
discuss by Julius Mueler et al[3].
An SDN controller instruct the switches as to what action they should take via what is
commonly called the southbound API. SDN controller is a new class of data
networking product[4]. The ten key characteristics that IT organizations should look for
when evaluating an SDN controller are: OpenFlow Support, Network Virtualization,
Network Functionaliy, Scalability, Performance, Network Programmability, Reliability,
Security oof the Network, Centralized Monitoring and Visualization, and the SDN
Controller Vendor.
2
SDN [1][2][3]
Performance
Controller Testing [4]
Pengujian Firewall
[5][6][7][8]
This Research
Pembuatan topologi
Connection Testing
Isolation Network
File Sharing
Packet Filtering
On Floodlight controller
When users want to exchange data over a computer network this done by using data
packets[7]. These contain-in addition to the payload-information regarding sender and
receiver or the route which the packet has passed on its way between them. Large data
stream are devided into smaller part and put together by the receiver.
3
Security problem arise with this concept because the sender is able to set the
information of the packet without restaint, thus being able to hide the true origin packet.
The use of firewall is helpfull for countering this type of attack.
Firewall describe the general concept, and a software product called a packet filter
which is anstalled on a separate host is used to implement it. Firewall is essential in
keeping the network safe from outside attacks[5].
There are two approaches considered in implementing the firewall: 1) pre-installing the
rules onto the switch’s flow table and 2) handing the packet direcly as they come in.
The logic of firewall is as follows: each packet headers are checked against the firewall
rule, and perform specified action once matcing field are found in the rule, any
unmatched packets are dropped.
A. Software
In order to test the functionality of firewall in this research, the following software
were used:
6. Visio and VND, help the reasearcher figure the network topology.
4
B. Network Topology
The Network topology designed for this research based on SDN OpenFlow still
using simple configuration. The Topology consists of:
C0
S1 S3
S2
H1 H2 H3 H7 H8 H9
H4 H5 H6
Figure 2. Network Topology
The IP address that used for each point in network topology can be seen in Table 1.
Table 1. IP Address
5
10.1.2.1/24
10.1.3.1/24
2. Connection testing
b. Ping all testing, to shows that all hosts in the network is connected.
6
Host 5 not connected
Host 6 not connected
Network 3 Host 7 not connected
Host 8 not connected
Host 9 not connected
Network traffic to
validate
No match
No match
No match
Drop
7
The detailed packet filtering in this research dercribed in Table 4.
Mas yg bagian ini, membuat skenario packet filtering biar nyambung dengan flow
diatas agak kurang paham, boleh minta tolong diisiin? Tq before
V. RESULT
VI. CONCLUSION
8
REFERENCE
[1] Andrian Lara, Anisha Kolasani, and Byrav Ramamurthy, “ Network Innovation using
OpenFlow: A Survey”, IEEE COMMUNICATIONS SURVEYS & TUTORIALS,
VOL. 16, NO. 1, FIRST QUARTER 2014
[3] Julius Mueller, Andreas Wierz, et al., “Elastic Network Design and Adaptive Flow
Placement in Software Define Network”, IEEE, 2013.
[4] Aston, Metzler and Asociates, “ Ten Things to Look for in an SDN Controller”,
https://www.necam.com/docs/?id=23865bd4-f10a-49f7-b6be-a17c61ad6fff.
[5] Michelle Suh, Sae Hyong Park, Byungjoon Lee, Sunhee Yang, “ Building Firewall over
the Software-Defined Network Controller”, ICACT2014, february 16-19.
[6] Justin Gregory V. Pena and William Emmanuel Yu, “Development of a Distributed
Firewall Using Software Defined Networking Technology”, IEEE, 2014.
[7] Stephan Windmuller, “ Offline Validation of Firewall”, 34th IEEE, Softare Engineering
Workshop, 2011.
[8] JeeHyun Hwang, Tao Xie, et al., “Systematic Structural Testing of Firewall Policies”,
IEEE, Symposium on Reliable Distributed Systems, 2008.