Go, change the world

RV College of
Engineering

1
 PRESENTATION CONTENTS Go, change the world
RV College of
Engineering

• Demonstration of the work

• Results and its Analysis
• Report Writing
• Conclusion and Future Enhancements
• References

2
RV College of
Engineering Demonstration of the work Go, change the world

• Demonstration of project is in Linux operating System.

• To show the Implementation of Firewall in Software Defined Network, we made use of Linux
names spaces to set up our network, and installed faucet controller to write all access control lists.
(
• Gauge Controller was installed and used to monitor the network traffic of the software defined
network.

• ACL was written on host 3 and it was observed that ICMP traffic to host3 was blocked as per the
ACL Rules written in the faucet configuration and other traffic were not affected.

• All the dropped packets were successfully mirrored to host 4 without any modification.

3
 RV College of
Engineering Demonstration of the work Go, change the world

Fig 1:Connectivity Test Fig 2: Traffic Generation from host 4 to 1

• Above fig 1 shows the basic connectivity between • Above fig 2 shows Traffic generation between host
hosts. This is done to check if our network is in 1 to 4. Traffic generation is done to identify the
working condition. bandwidth available between two communicating
parties.
4
 RV College of
Engineering Results and its Analysis Go, change the world

Fig 3:Firewall testing

• Above fig 3 shows the Firewall testing.
• Host 3 is blocking all the incoming packets as per the firewire policy.
5
 RV College of
Engineering Results and its Analysis Go, change the world

Fig 4: Mirroring analysis

• Using tcpdump we are capturing the packets which are dropped in host 3 and those same packets are mirrored to
6
host 4. This activity is done to for monitoring of Network traffic
 RV College of
Engineering Results and its Analysis Go, change the world

Fig 5:Analysis on host 1 Fig 6: Analysis on host 3

• Above fig 6 shows the packets sent and

• Above fig 5 shows the packets sent and received
received of host 3, Since we have written acl
of host 1, all the packets are been successfully
on host 3 all the packets are been dropped and
sent and received since there is no packet drop.
there is no positive bar, since there is no
acceptance of packets

7
 RV College of
Engineering Results and its Analysis Go, change the world

Fig 7: Analysis on host 4

• Above fig 7 shows the number packets dropped and received in host 4. Dropped packets of host 3 are also
displayed in the above statistical graph packet as it is configured has the admin. Green bars indicates
successfully transmitted packets and the orange bars which are less than 0 indicates dropped packets.
8
RV College of
Engineering Report Writing Go, change the world

https://docs.google.com/document/d/
1jGYTEyXsCcJG79gTypI3dv54is6PTOyg/edit?
usp=sharing&ouid=106101122371608189403&rtpof=true
&sd=true0

9
RV College of
Engineering Conclusion and Future Enhancements Go, change the world

• A firewall is used as a barrier to protect networked computers by blocking malicious network traffic

• Integrating Firewall with Software defined network emphasizes the separation of the network and
the control plane.

• ACL was written on host 3 and it was observed that ICMP traffic to host3 was blocked as per the
ACL Rules written in the faucet configuration and other traffic were not affected.

• All the dropped packets were successfully mirrored to host 4 without any modification

• Limitation of the faucet controller is that it only supports inbound rules, it doesn’t work with
outbound rules

• Future work can focus on connecting the software defined network to the internet and write Firewall
policies.

10
 Go, change the world
References
RV College of
Engineering

[1] Mitali Sinha, Padmalochan Bera, Manoranjan Satapathy “An Anamaly Free Distrubutive Firewall System for SDN” in 2nd International Conference on
cyber Security awareness on Data Analysis and Assesment , 2021.

[2]Young-Mi Kim et al. “Formal Verification of SDN-based firewalls by using TLA+” in IEEE Access,Februrary 19,2020

[3]Wei Ren et al. “SILedger: A Blockchain and ABE-based Access Control for Applications in SDN-IoT Networks” in IEEE TRANSACTIONS ON
NETWORK AND SERVICE MANAGEMENT, VOL. 18, NO. 4, DECEMBER 2021.

[4]Sajad Shirali- Shahreza et al. “Protecting Home User Devices with an SDN-Based Firewall”in IEEE TRANSACTIONS ON CONSUMER
ELECTRONICS, VOL. 64, NO. 1, FEBRUARY 2018.

[ [5]Rasid Amin et al. “Auto-Configuration of ACL Policy in Case of Topology Change in Hybrid SDN” in IEEE Access,December 19,2016.

[6] K. Kaur, J. Singh, K. Kumar, and N. S. Ghumman “Programmable firewall using Software Defined Networking,” in Proceedings of the 2nd International
Conference on Computing for Sustainable Global Development, INDIACom 2015, pp. 2125–2129, IEEE, India, March 2015.

[7] S. Morzhov, I. Alekseev, and M. Nikitinskiy “Firewall application for FloodLight SDN controller,” in Proceedings of the International Siberian Conference
on Control and Communications, SIBCON 2016, Russia, May 2016.

[8] A. Kumar and N. K. Srinath “Implementing a firewall functionality for mesh networks using SDN controller,” in Proceedings of the 1st IEEE International
Conference on Computational Systems and Information Technology for Sustainable Solutions, CSITSS2016, pp. 168–173, IEEE, India, October 2016.

[9] K. Kaur, J. Singh, K. Kumar, and N. S. Ghumman “Programmable firewall using Software Defined Networking,” in Proceedings of the 2nd International
Conference on Computing for Sustainable Global Development, INDIACom 2015, pp. 2125–2129, IEEE, India, March 2015.

[10] S. Morzhov, I. Alekseev, and M. Nikitinskiy “Firewall application for Floodlight SDN controller,” in Proceedings of the International Siberian11
Conference on Control and Communications, SIBCON 2016, Russia, May 2016.