A Case for Software-Defined Networking in the United States Marine Corps: Automating Distributed Firewalls

Abstract

Software Defined Networking (SDN) is a field in computer science that has seen rapid adoption in industry and academia. SDN reduces network administration and cost, empowers fine grain network control, and enables programmability and innovation in a relatively stagnant area of computer science. In this research, we make a case for more rapid adoption of software defined network (SDN) technology in the DoD by demonstrating that distributed firewall operation can be virtualized, automated, and assured of security properties with SDN. Specifically, we have developed and evaluated a distributed firewall application within the standard ONOS SDN control platform. The application enforces access control between arbitrary end points and intelligently distributes processing of filter rules across network devices, even after the network topology changes. The test bed evaluation results confirm the reachability control performance and show that the application and virtual switches built upon commodity computers are capable of handling more than 50,000 filter rules. The automated distributed firewall is a viable proof of concept that provides flexibility and improved security in a world where ubiquitous, ad hoc, and zero-trust networking are becoming the new normal. Lastly, we provide an acquisition heuristic for purchasing and fielding SDN solutions to the Marine Corps operating forces.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2019

Accession Number

AD1080321

Entities

Tags