Traditional vs SDN based firewalls
Here are a few differences between traditional and SDN based firewalls: Internal traffic is not seen and cannot be filtered by a traditional firewall. An SDN based firewall works both as a packet filter and a policy checker. The first packet goes through the controller and is filtered by the SDN firewall. The subsequent packets of the flow directly match the flow policy defined in the controller. The firewall policy is centrally defined and enforced at the controller.
At the specified switch, block all traffic coming from host 10.1.2.2, if the packet’s TOS is marked with 32 and it’s destined for 10.1.3.1: At the specified switch, redirect traffic destined for 10.1.2.1 and, instead, send it to 10.1.2.2: