Date of Award


Document Type


Degree Name

Master of Science (MS)


School of Information Technology: Information Systems

First Advisor

Yongning Tang

Second Advisor

Douglas Twitchell


This study is concerned with migrating traditional networks and their inherent firewall architecture to Software Defined Networking (SDN) architecture to provide an initial attempt at preventing application downtime due to hidden firewall domain rules. In legacy organization environments the networking engineers, firewall teams, and application analysts are often silo groups, but Software Defined Networking (SDN) can blur the lines between these group silos.

This thesis first outlines the interworking of SDN, traditional firewall architecture and how it interacts with SDN, an experiment of implementation, and the resulting conclusions.

Testing with SDN shows we are approaching new environments where the edges of network are no longer dominated by firmware on switches and routers. The technologies behind SDN allow for the programmability of the entire network, which creates a logical flow of both network traffic and firewall policies that allow us to bypass traditional errors that may arise from physically segmented networks.

The physical and logical level network programming inherent in SDN allows organizations to merge and adapt skill sets of networking engineer and application developers to reduce the risk and reliance on firewall expertise.

Utilizing OpenFlow protocols and flow table concepts presented in SDN we can propagate firewall rules centrally and logically, which provides end-to-end traffic with firewall rules in our network. Using these concepts reduces the traditional firewall complexity for organizations. In this study we present a paper prototype that demonstrates that we may add in firewall rules to a centralized instance allowing our SDN controllers to provide firewall protection throughout the entire network instead of isolated risk domains or tiers. In the prototype application developers are prevented from calling incorrect ports and possibly missing hidden local firewalls not previously known. The approach described in this paper is based on a case study of several large American firms.


Imported from ProQuest Vogel_ilstu_0092N_10495.pdf


Page Count