REFLO: Reactive firewall system with OpenFlow and flow monitoring system

Abstract

© 2017 IEEE. To maintain the high level of security, many organizations use Deep Packet Inspection (DPI) firewalls to filter anomaly traffic coming into their networks. However, a DPI firewall with a large volume of traffic can lead to a high packet drop rate, high delay, and the poor network throughput. One possible way to relieve the firewall workload is to deploy multiple firewalls and select only suspicious traffic to check with the firewall. To perform this task, we apply the Software Defined Network (SDN) concept by using the OpenFlow standard. We develop a system called Reactive Firewall System with OpenFlow and Flow Monitoring System (REFLO) to distribute traffic to multiple firewalls and bypass non-suspicious traffic. REFLO system is able to select the most appropriate firewall for each data flow based on the contents of the flow and rules set by administrators on the OpenFlow controller. In addition, REFLO allows administrators to easily monitor the network by visualizing the flow summarization and flow statistics on our web application. To verify the effectiveness of our system, we deploy OpenFlow switches by using the low-cost Raspberry Pi boards and deploy OpenFlow controller and the web application on an Ubuntu PC. Experimental results also confirm that REFLO can achieve the lower average packet delay and higher throughput than that of the existing firewall system.