Abstract
The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affects the whole security of the SDN facilities. To address the challenges for flow table security, this paper proposes and implements a flow table security framework, named as SecFT-SDN, on the carrier-grade open source SDN controller (ONOS). SecFT-SDN installs flow rule test set, with latency penalty varied from 10.98 milliseconds to 7.17 milliseconds and throughput penalty of 6%-14%(for 1-4 controller node clusters), and it barely affects the network performance. To sum up, SecFT-SDN enhances the security protection facilities on ONOS controller, while incurs an acceptable overhead as a cost-effective trade-off.