Automating Distributed Firewalls: A Case for Software Defined Tactical Networks

We make a case for more rapid adoption of software defined network (SDN) technology in the DoD by demonstrating that distributed firewall operation can be virtualized, automated, and assured of security properties with SDN. Specifically, we have developed and evaluated a distributed firewall application within the standard ONOS SDN control platform. The application enforces access control between arbitrary end points and intelligently distributes processing of filter rules across network devices, even after the network topology changes. The testbed evaluation results confirm the reachability control performance and show that the application and virtual switches built upon commodity computers are capable of handling more than 50,000 filter rules.