Abstrak : 

Perkembangan Software-Defined Networking (SDN) menghadirkan paradigma baru dalam pengelolaan jaringan melalui pemisahan antara control plane dan data plane, yang memungkinkan penerapan mekanisme keamanan jaringan secara terpusat dan terprogram. Salah satu mekanisme keamanan penting dalam SDN adalah Firewall berbasis flow rules. Penelitian ini mengimplementasikan Firewall berbasis SDN dengan memanfaatkan POX Controller sebagai control plane dan Open vSwitch (OvS) sebagai data plane. Evaluasi dilakukan melalui skenario pengujian konektivitas yang melibatkan komunikasi antara controller, OvS, dan beberapa host dalam jaringan. Hasil pengujian menunjukkan bahwa seluruh skenario berjalan sesuai dengan aturan Firewall yang dirancang. Secara kuantitatif, mekanisme pemfilteran trafik berbasis IP Address mencapai tingkat keberhasilan 100%, ditunjukkan oleh keberhasilan pemblokiran akses dan tetap terjaganya konektivitas pada jalur yang diperbolehkan. Hasil ini membuktikan bahwa integrasi POX Controller dan OvS efektif digunakan sebagai Firewall sederhana berbasis SDN serta berpotensi dikembangkan untuk mekanisme keamanan yang lebih kompleks.

==================================================

Abstract :

The development of Software-Defined Networking (SDN) introduces a new paradigm in network management by separating the control plane from the data plane, enabling centralized and programmable network security mechanisms. One essential security mechanism in SDN is a firewall based on flow rules. This study implements an SDN-based firewall using the POX Controller as the control plane and Open vSwitch (OvS) as the data plane. The system is evaluated through connectivity testing scenarios involving communication between the controller, OvS, and multiple hosts. Experimental results show that all test scenarios operate according to the defined firewall rules. Quantitatively, the IP address–based traffic filtering mechanism achieves a 100% success rate, as indicated by successful blocking of unauthorized access while maintaining permitted network connectivity. These results demonstrate that the integration of POX Controller and OvS is effective as a simple SDN-based firewall and has the potential to be extended to support more advanced network security mechanisms.

[1] B. M. Leiner et al., “A brief history of the internet,” ACM SIGCOMM Computer Communication Review, vol. 39, no. 5, pp. 22–31, Oct. 2009, doi: 10.1145/1629607.1629613.

[2] M. Castells, The Rise of the Network Society, 2nd ed. Oxford, UK: Wiley-Blackwell, 2010.

[3] T. Berners-Lee, M. Fischetti, and M. L. Foreword, Weaving the Web: The Original Design and Ultimate Destiny of the World Wide Web by Its Inventor. New York, NY, USA: Harper San Francisco, 2000.

[4] K. C. Laudon and J. P. Laudon, Management Information Systems: Managing the Digital Firm, 16th ed. Harlow, UK: Pearson Education, 2020.

[5] P. T. Jaeger, J. Lin, and J. M. Grimes, “Cloud Computing and Information Policy: Computing in a Policy Cloud?,” Journal of Information Technology & Politics, vol. 5, no. 3, pp. 269–283, Oct. 2008, doi: 10.1080/19331680802425479.

[6] M. Hilbert and P. López, “The World’s Technological Capacity to Store, Communicate, and Compute Information,” Science (1979), vol. 332, no. 6025, pp. 60–65, Apr. 2011, doi: 10.1126/science.1200970.

[7] Statista, “Countries with the largest digital populations in the world as of October 2025 (in millions),” https://www.statista.com/statistics/262966/number-of-internet-users-in-selected-countries/.

[8] Internet World Stats, “World internet usage and population statistics 2023,” https://www.internetworldstats.com/stats.htm.

[9] M. Graham and S. Dutton, Society and the Internet: How Networks of Information and Communication are Changing Our Lives. Oxford, UK: Oxford University Press, 2019.

[10] A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 5th ed. Upper Saddle River, NJ, USA: Prentice Hall, 2011.

[11] W. Stallings, Data and Computer Communications, 10th ed. Harlow, UK: Pearson, 2014.

[12] W. M. Zuberek and D. Strzeciwilk, “Modeling Quality of Service Techniques for Packet-Switched Networks,” Dependability Engineering, IntechOpen, 2017.

[13] J. A. Pérez, V. H. Zárate, and C. Cabrera, “A Network and Data Link Layer QoS Model to Improve Traffic Performance,” 2006, pp. 224–233. doi: 10.1007/11807964_23.

[14] S. Wood and S. Chatterjee, “Network Quality of Service for the Enterprise: A Broad Overview,” Information Systems Frontiers, vol. 4, no. 1, pp. 63–84, Apr. 2002, doi: 10.1023/A:1015390607862.

[15] N. Feamster, J. Rexford, and E. Zegura, “The road to SDN,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 2, pp. 87–98, Apr. 2014, doi: 10.1145/2602204.2602219.

[16] N. Ghani, A. Shami, C. Assi, and M. Y. A. Raja, “Quality of service in Ethernet passive optical networks,” in 2004 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communications, IEEE, pp. 161–165. doi: 10.1109/SARNOF.2004.1302866.

[17] M. N. A. Sheikh, I.-S. Hwang, M. S. Raza, and M. S. Ab-Rahman, “A Qualitative and Comparative Performance Assessment of Logically Centralized SDN Controllers via Mininet Emulator,” Computers, vol. 13, no. 4, p. 85, Mar. 2024, doi: 10.3390/computers13040085.

[18] S. A. Ibrahim Hussein, F. W. Zaki, and M. M. Ashour, “Performance evaluation of software‐defined wide area network based on queueing theory,” IET Networks, vol. 11, no. 3–4, pp. 128–145, May 2022, doi: 10.1049/ntw2.12039.

[19] K. T. Mehmood, S. Atiq, I. A. Sajjad, M. M. Hussain, and M. M. A. Basit, “Examining the Quality Metrics of a Communication Network with Distributed Software-Defined Networking Architecture,” Computer Modeling in Engineering & Sciences, vol. 141, no. 2, pp. 1673–1708, 2024, doi: 10.32604/cmes.2024.053903.

[20] D. K. Ryait and M. Sharma, “Performance Evaluation of SDN Controllers,” 2023, pp. 1009–1021. doi: 10.1007/978-981-99-5166-6_68.

[21] I. Ali, S. Hong, and T. Cheung, “Quality of Service and Congestion Control in Software-Defined Networking Using Policy-Based Routing,” Applied Sciences, vol. 14, no. 19, p. 9066, Oct. 2024, doi: 10.3390/app14199066.

[22] I. Alsmadi and D. Xu, “Security of Software Defined Networks: A survey,” Comput Secur, vol. 53, pp. 79–108, Sep. 2015, doi: 10.1016/j.cose.2015.05.006.

[23] H. Ahmadvand, C. Lal, H. Hemmati, M. Sookhak, and M. Conti, “Privacy-Preserving and Security in SDN-Based IoT: A Survey,” IEEE Access, vol. 11, pp. 44772–44786, 2023, doi: 10.1109/ACCESS.2023.3267764.

[24] S. Scott-Hayward, G. O’Callaghan, and S. Sezer, “Sdn Security: A Survey,” in 2013 IEEE SDN for Future Networks and Services (SDN4FNS), IEEE, Nov. 2013, pp. 1–7. doi: 10.1109/SDN4FNS.2013.6702553.

[25] K. Kalkan, G. Gur, and F. Alagoz, “Defense Mechanisms against DDoS Attacks in SDN Environment,” IEEE Communications Magazine, vol. 55, no. 9, pp. 175–179, 2017, doi: 10.1109/MCOM.2017.1600970.

[26] K. Kurniabudi et al., “Network anomaly detection research: a survey,” Indonesian Journal of Electrical Engineering and Informatics (IJEEI), vol. 7, no. 1, Mar. 2019, doi: 10.52549/ijeei.v7i1.773.

[27] S. P., B. P. Kavin, S. R. Srividhya, R. V., K. C., and W.-C. Lai, “Performance Evaluation of Stateful Firewall-Enabled SDN with Flow-Based Scheduling for Distributed Controllers,” Electronics (Basel), vol. 11, no. 19, p. 3000, Sep. 2022, doi: 10.3390/electronics11193000.

[28] A. Mardaus, E. Biernacka, R. Wójcik, and J. Domżał, “Open Source Software-Defined Networking Controllers—Operational and Security Issues,” Electronics (Basel), vol. 13, no. 12, p. 2329, Jun. 2024, doi: 10.3390/electronics13122329.

[29] C. Jayawardena, J. Chen, A. Bhalla, and L. Bui, “Comparative Analysis of POX and RYU SDN Controllers in Scalable Networks,” International journal of Computer Networks & Communications, vol. 17, no. 2, pp. 35–51, Mar. 2025, doi: 10.5121/ijcnc.2025.17203.

[30] Y. Meng, C. Ke, and Z. Huang, “A model transformation based security policy automatic management framework for software-defined networking,” Comput Secur, vol. 142, p. 103850, Jul. 2024, doi: 10.1016/j.cose.2024.103850.

[31] M. Rahouti, K. Xiong, Y. Xin, S. K. Jagatheesaperumal, M. Ayyash, and M. Shaheed, “SDN Security Review: Threat Taxonomy, Implications, and Open Challenges,” IEEE Access, vol. 10, pp. 45820–45854, 2022, doi: 10.1109/ACCESS.2022.3168972.

[32] J. G. V. Pena and W. E. Yu, “Development of a distributed firewall using software defined networking technology,” in 2014 4th IEEE International Conference on Information Science and Technology, IEEE, Apr. 2014, pp. 449–452. doi: 10.1109/ICIST.2014.6920514.

[33] A. Kanwal, M. Nizamuddin, W. Iqbal, W. Aman, Y. Abbas, and S. Mussiraliyeva, “Exploring Security Dynamics in SDN Controller Architectures: Threat Landscape and Implications,” IEEE Access, vol. 12, pp. 56517–56553, 2024, doi: 10.1109/ACCESS.2024.3390968.

[34] Ahmad Turmudi Zy, Isarianto, A. M. Rifa’i, A. Nugroho, and A. Ghofir, “Enhancing Network Security: Evaluating SDN-Enabled Firewall Solutions and Clustering Analysis Using K-Means through Data-Driven Insights,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 9, no. 1, pp. 69–76, Jan. 2025, doi: 10.29207/resti.v9i1.6056.

[35] I. P. Hariyadi, I. M. Y. Dharma, R. Azhar, and S. Suriyati, “Implementasi Software-Defined Network Terintegrasi Firewall pada Proxmox untuk Pengontrolan Konfigurasi Jaringan dan Pengamanan Layanan Container,” JTIM : Jurnal Teknologi Informasi dan Multimedia, vol. 7, no. 1, pp. 107–122, Jan. 2025, doi: 10.35746/jtim.v7i1.644.