The constant increase in data traffic over carrier networks has led to the design of more complex networks. This has generated a need for efficient technologies to handle traffic in large-scale networks. Software-defined networking (SDN) is one such technology that separates the data plane from the control plane and allows dynamic network configuration through a centralized network controller. Every network requires an efficient defense mechanism for robust and reliable functioning. A firewall allows for the enforcement of security policies in the network, thus controlling network traffic.

Firewalls have been used in traditional networks for a long time, and the same concept is adapted for SDN-based networks. However, because of changes in network architecture and functionality, legacy firewall designs do not suit SDN-based networks. It is essential that the firewall solutions developed for SDN-based networks keep the network controller’s design and functionality in mind. The challenge here is that there are no implementation standards for network controllers, and often the network controllers are implemented differently. This paper presents challenges to the design and implementation of SDN-based firewalls and studies their preparedness in achieving network security and reliability. The authors compare the capabilities of the seven most popular SDN-based firewall solutions and implement one of them (FlowGuard) in a practical network to study its capabilities and performance.

The paper gives an overview of SDN-based firewall designs for enterprise and large-scale networks without discussing implementation details. It will prove helpful to designers of firewall solutions for SDN-based network controllers and researchers working on SDN security.