SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
|
|
- Gwendolyn Edwards
- 6 years ago
- Views:
Transcription
1
2 SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich
3
4
5
6
7
8
9
10 This Talk
11
12
13 This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
14 This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Header obfuscation Ƶǝŝ ʡƥȵ Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
15 This thesis SDN-based Network Obfuscation
16 This thesis SDN-based Network Obfuscation Communication anonymity who is communicating with whom Volume anonymity how much traffic flows between host X and Y Topology anonymity how many hosts are in the network
17 This thesis SDN-based Network Obfuscation Software-Defined Network New network architecture Network-based approach No modifications at end-hosts
18 Software-Defined Networking Traditional network closed software [Cisco] closed hardware
19 Software-Defined Networking Traditional network SDN closed software open software standardized interface closed hardware standardized hardware [Cisco] [HP]
20 Architecture Layer 2 network
21 Architecture Layer 2 network With some SDN switches
22 Architecture Layer 2 network With some SDN switches And a central controller
23 Architecture Layer 2 network With some SDN switches And a central controller Attacked by an eavesdropper
24 Architecture Layer 2 network With some SDN switches And a central controller Attacked by an eavesdropper Protected by our system
25 Example Controller A B
26 Packet from A to B enters the network Controller A B A B
27 Ingress switch notifies controller Controller A B A B
28 Controller computes & installs flow rules Controller A B A B
29 Ingress switch obfuscates source and destination Controller A B A B ʡƥȵ
30 Core switch forwards obfuscated packet Controller A B A B ʡƥȵ ʡƥȵ
31 Egress switch de-obfuscates source and destination Controller A B A B ʡƥȵ ʡƥȵ A B
32 How does the rewriting work Controller A B A B ʡƥȵ ʡƥȵ A B
33 Rewriting as a trade-off between anonymity and scalability Anonymity Scalability
34 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Scalability
35 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Unique ID per host Scalability
36 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Our hybrid approach Unique ID per host Scalability
37 Rewriting scheme A B
38 Rewriting scheme Map source and destination to IDs A B
39 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst
40 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits
41 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID
42 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID
43 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID Set other bits to random values
44 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID Set other bits to random values ʡƥȵ
45 Evaluation Obfuscation controller compared with Floodlight in default configuration Resource usage in switches # flow table entries Switch load # flow table updates / s Controller load # flows / s Network performance RTT and bandwidth
46 Evaluation Obfuscation controller compared with Floodlight in default configuration Resource usage in switches # flow table entries Switch load # flow table updates / s Controller load # flows / s Network performance RTT and bandwidth
47 Follow-up work This thesis + Partial deployment + Improved scalability at network edge + Evaluation based on real user traffic
48 M A C s r c M A C d s t B I P s r c I P d s t Contributions Network-based design Scalable & anonymity-providing header rewriting scheme Prototype implementation (open source) Evaluation
49 M A C s r c M A C d s t B I P s r c I P d s t Contributions Network-based design Scalable & anonymity-providing header rewriting scheme Prototype implementation (open source) Evaluation Thank you! Questions
Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationOn the Difficulty of Scalably Detecting Network Attacks
On the Difficulty of Scalably Detecting Network Attacks Background Traditionally Firewall uses basic ACL rules to control the network traffic Packet filtering : ACL rules based on packet headers Stateful
More informationCSE 123: Computer Networks
CSE 123: Computer Networks Homework 3 Out: 11/19 Due: 11/26 Instructions 1. Turn in a physical copy at the beginning of the class on 11/26 2. Ensure the HW cover page has the following information clearly
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationSR for SD-WAN over hybrid networks
SR for SD-WAN over hybrid networks to optimize SD-WAN services over long distance https://datatracker.ietf.org/doc/draft-dunbar-sr-sdwan-over-hybrid-networks/ Linda.Dunbar@Huawei.com Mehmet.toy@Verizon
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationSoftware Defined Networking Data centre perspective: Open Flow
Software Defined Networking Data centre perspective: Open Flow Seminar: Prof. Timothy Roscoe & Dr. Desislava Dimitrova D. Dimitrova, T. Roscoe 04.03.2016 1 OpenFlow Specification, protocol, architecture
More informationSoftware Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University
Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationSoftware Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.
MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks http://web.uettaxila.edu.pk/cms/2017/spr2017/temcitms/ MODULE OVERVIEW Motivation behind Software
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message
More informationImplementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches
White Paper Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches White Paper October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document
More informationSoftware Defined Networking
CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc
More informationSoftware Defined Networking
Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable
More informationAdvanced Computer Networks. Network Virtualization
Advanced Computer Networks 263 3501 00 Network Virtualization Patrick Stuedi Spring Semester 2014 1 Oriana Riva, Department of Computer Science ETH Zürich Outline Last week: Portland VL2 Today Network
More informationOn the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets
Kihong Park Heejo Lee On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets SIGCOMM'01 Presented by WeeSan Lee 10/28/2004
More informationAdvanced Computer Networks. RDMA, Network Virtualization
Advanced Computer Networks 263 3501 00 RDMA, Network Virtualization Patrick Stuedi Spring Semester 2013 Oriana Riva, Department of Computer Science ETH Zürich Last Week Scaling Layer 2 Portland VL2 TCP
More informationThe Loopix Anonymity System
The Loopix Anonymity System Ania M. Piotrowska 1 Jamie Hayes 1 Tariq Elahi 2 Sebastian Meiser 1 George Danezis 1 1 University College London, UK 2 KU Leuven 1 / 19 Mixnets Background A set of cryptographic
More informationExam Questions
Exam Questions 300-101 ROUTE Implementing Cisco IP Routing https://www.2passeasy.com/dumps/300-101/ 1. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication? A. username B. password
More informationDesign and development of the reactive BGP peering in softwaredefined routing exchanges
Design and development of the reactive BGP peering in softwaredefined routing exchanges LECTURER: HAO-PING LIU ADVISOR: CHU-SING YANG (Email: alen6516@gmail.com) 1 Introduction Traditional network devices
More informationUsing NAT in Overlapping Networks
Using NAT in Overlapping Networks Document ID: 13774 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot Related Information
More informationjumbo6 v1.2 manual pages
jumbo6 v1.2 manual pages Description This tool allows the assessment of IPv6 implementations with respect to attack vectors based on IPv6 jumbograms. This tool is part of the IPv6 Toolkit v1.2: a security
More informationCSC 4900 Computer Networks: Network Layer
CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized
More informationChapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1
Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is
More informationApplied Networks & Security
Applied Networks & Security Wired Local Area Networks (LANs) http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Spring 2006/2007 John Kristoff - DePaul University 1 Local Area
More informationConfiguring the Catena Solution
This chapter describes how to configure Catena on a Cisco NX-OS device. This chapter includes the following sections: About the Catena Solution, page 1 Licensing Requirements for Catena, page 2 Guidelines
More informationDevoFlow: Scaling Flow Management for High Performance Networks
DevoFlow: Scaling Flow Management for High Performance Networks SDN Seminar David Sidler 08.04.2016 1 Smart, handles everything Controller Control plane Data plane Dump, forward based on rules Existing
More informationCybersecurity Threat Mitigation using SDN
Cybersecurity Threat Mitigation using SDN Mohd Zafran (PhD Candidate) & Koji Okamura Graduate School of Information Science and Electrical Engineering Kyushu University Kyushu University, Japan 29/9/2017
More informationSoftware-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017
Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Traditional Ethernet Challenges Plug-and-play Allow all ROOT D D D D Nondeterministic Reactive failover Difficult
More informationLesson 9 OpenFlow. Objectives :
1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.
More informationCOMP211 Chapter 4 Network Layer: The Data Plane
COMP211 Chapter 4 Network Layer: The Data Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross
More informationHybrid Information-Centric Networking
Hybrid Information-Centric Networking ICN inside the Internet Protocol Luca Muscariello, Principal Engineer Giovanna Carofiglio, Distinguished Engineer Jordan Augé, Michele Papalini, Mauro Sardara, Alberto
More informationBe Fast, Cheap and in Control with SwitchKV. Xiaozhou Li
Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Goal: fast and cost-efficient key-value store Store, retrieve, manage key-value objects Get(key)/Put(key,value)/Delete(key) Target: cluster-level
More informationPIX-IE An SDN-based Programmable Internet exchange
PIX-IE An SDN-based Programmable Internet exchange Kazuya Okada The University of Tokyo/WIDE Project/NSPIXP Project okada@ecc.u-tokyo.ac.jp Internet2 1 Our Background Operating an academic IX (DIX-IE)
More informationQuiz 8 May 21, 2015 Computer Engineering 80N
Quiz 8 May 21, 2015 Computer Engineering 80N Left Neighbor: Right Neighbor: Keep this side up on your desk until you are told to turn the page over. This is a closed book quiz. No calculators. First Name
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationExploiting ICN for Flexible Management of Software-Defined Networks
Exploiting ICN for Flexible Management of Software-Defined Networks Mayutan Arumaithurai, Jiachen Chen, Edo Monticelli, Xiaoming Fu and K. K. Ramakrishnan * University of Goettingen, Germany * University
More informationSDN in TETRA Group Communication - Voice Switching
SDN in TETRA Group Communication - Voice Switching Author: Saumya Paulose Supervisor: Prof. Jukka Manner Instructor: M.Sc. Antti Tuominen Place of Work: Airbus Defence and Space, Helsinki Contents Need
More informationP 5 : A Protocol for Scalable Anonymous Communications
P 5 : A Protocol for Scalable Anonymous Communications 1 P 5 : A Protocol for Scalable Anonymous Communications Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan University of Maryland, College Park
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationOPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net
OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net 1 HUH? OPENFLOW. What is OpenFlow? From the bottom up. With big words. How OpenFlow does stuff. Then WHY we want
More informationExpeditus: Congestion-Aware Load Balancing in Clos Data Center Networks
Expeditus: Congestion-Aware Load Balancing in Clos Data Center Networks Peng Wang, Hong Xu, Zhixiong Niu, Dongsu Han, Yongqiang Xiong ACM SoCC 2016, Oct 5-7, Santa Clara Motivation Datacenter networks
More informationMoving packets. Moving datagrams. Suppose host A want to send IP to host B. Host A wants to send to host E. Generalized forwarding and SDN
Mving packets Generalized frwarding and SDN Mving datagrams 1. Surce hst fills in its address... 3. Data field is filled with paylad. CS242 Cmputer Netwrks 2.... and addresses destinatin address. Department
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationAlcatel-Lucent 4A Alcatel-Lucent Scalable IP Networks. Download Full Version :
Alcatel-Lucent 4A0-100 Alcatel-Lucent Scalable IP Networks Download Full Version : https://killexams.com/pass4sure/exam-detail/4a0-100 Answer: B QUESTION: 216 Which of the following statements best characterize
More informationtcp6 v1.2 manual pages
tcp6 v1.2 manual pages Description This tool allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on TCP/IPv6 segments. This tool is part of the IPv6 Toolkit
More informationData Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems Clayton Hassen Bell Canada
Data Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems (faiqbal@cisco.com) Clayton Hassen Bell Canada (clayton.hassen@bell.ca) Reference Topology & Conventions SR control plane is
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationBLINC: Multilevel Traffic Classification in the Dark
BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization
More informationConfiguring EtherChannels
Configuring EtherChannels This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco
More informationCommunication Networks
Communication Networks Prof. Laurent Vanbever Exercises week 6 VLAN, Internet Protocol & Forwarding VLAN The network below consists of 9 switches and hosts in two different VLANs (blue and red). Compute
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationNetFlow Configuration Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationUnderstanding Basic 802.1ah Provider Backbone Bridge
Understanding Basic 802.1ah Provider Backbone Bridge Contents Introduction Prerequisites Requirements Components Used IEEE 802.1ah Provider Backbone Bridging Overview Terminologies Used PBB Components
More informationThe Design Space of Network Mobility
The Design Space of Network Mobility Key ideas Network Mobility Seamless Mobility Overview of implementations and challenges Geomorphic model New abstraction for the network stack Helps us discuss, understand
More informationConfiguring ARP CHAPTER4
CHAPTER4 This chapter describes how the Address Resolution Protocol (ARP) on the ACE can manage and learn the mapping of IP to Media Access Control (MAC) information to forward and transmit packets. The
More informationDecision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA
Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Weirong Jiang, Viktor K. Prasanna University of Southern California Norio Yamagaki NEC Corporation September 1, 2010 Outline
More informationIP Premium Agenda. - Status of IP Premium definition. - open issues - general - technical. - What s next. M. Campanella - TF-TNG - Prague - 2 Apr 2001
IP Premium Agenda - Status of IP Premium definition - open issues - general - technical - What s next 1 IP Premium status - Diffserv Architecture - Expedited Forwarding Per Hop Behavior - manual provisioning
More informationTo Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xiaowei Yang Duke Unversity Denial of Service (DoS) flooding attacks Send packet floods to a targeted victim Exhaust
More informationCS164 Final Exam Winter 2013
CS164 Final Exam Winter 2013 Name: Last 4 digits of Student ID: Problem 1. State whether each of the following statements is true or false. (Two points for each correct answer, 1 point for each incorrect
More informationConfiguring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER
CHAPTER 5 This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on Cisco NX-OS devices. This chapter includes the following sections: Information About WCCPv2,
More informationELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition
ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Presentation 2 Security/Privacy Presentations Nov 3 rd, Nov 10 th, Nov 15 th Upload slides to Canvas by midnight
More informationConfiguring EtherChannels
This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco NX-OS. It contains the following
More informationMPLS, THE BASICS CSE 6067, UIU. Multiprotocol Label Switching
MPLS, THE BASICS CSE 6067, UIU Multiprotocol Label Switching Basic Concepts of MPLS 2 Contents Drawbacks of Traditional IP Forwarding Basic MPLS Concepts MPLS versus IP over ATM Traffic Engineering with
More informationPacket Tracer - Investigating the TCP/IP and OSI Models in Action (Instructor Version Optional Packet Tracer)
(Instructor Version Optional Packet Tracer) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding
More informationConfiguring Local SPAN and ERSPAN
This chapter contains the following sections: Information About ERSPAN, page 1 Licensing Requirements for ERSPAN, page 5 Prerequisites for ERSPAN, page 5 Guidelines and Limitations for ERSPAN, page 5 Guidelines
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationRouting Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols
Routing Basics 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 Addresses are 32 bits long Range from 1.0.0.0 to 223.255.255.255 0.0.0.0
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationthis security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities
INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks
More informationCisco Extensible Network Controller
Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies
More informationProgramming Network Policies by Examples: Platform, Abstraction and User Studies
Programming Network Policies by Examples: Platform, Abstraction and User Studies Boon Thau Loo University of Pennsylvania NetPL workshop @ SIGCOMM 2017 Joint work with Yifei Yuan, Dong Lin, Siri Anil,
More informationOutline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things
8-5: Introduction to Telecommunication Networks Lectures : Virtual Things Peter Steenkiste Spring 05 www.cs.cmu.edu/~prs/nets-ece Outline Circuit switching refresher Virtual Circuits - general Why virtual
More informationCommon Components. Cisco Unified Border Element (SP Edition) Configuration Profile Examples 5 OL
The following components of the Cisco Unified Border Element are common to all of the configuration profile examples in this document. Secure Media Adjacencies Call Policies CAC Policies SIP Profiles 5
More informationAdversarial Network Forensics in Software Defined Networking
Computer Science and Engineering, Pennsylvania State University University Park, PA 16802 {sachleitner,tlp,tjaeger,mcdaniel}@cse.psu.edu ABSTRACT Software Defined Networking (SDN), and its popular implementation
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationNetwork Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport
Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy
More informationCommunication Networks
Prof. Laurent Vanbever Spring 08 Laurent Vanbever nsg.ee.ethz.ch ETH Zürich (D-ITET) March 6 08 Materials inspired from Scott Shenker & Jennifer Rexford Last week on How do local computers communicate?
More informationConfigure Virtual LANs in Layer 2 VPNs
The Layer 2 Virtual Private Network (L2VPN) feature enables Service Providers (SPs) to provide L2 services to geographically disparate customer sites. A virtual local area network (VLAN) is a group of
More informationProgrammable Overlays with VPP
Programmable Overlays with LinuxCon 2016, Toronto Florin Coras, Vina Ermagan Cisco Systems Overlay Network Engine Objective Enable programmable, software defined, overlays Data driven control-plane protocol
More informationComputer Networks. Sándor Laki ELTE-Ericsson Communication Networks Laboratory
Computer Networks Sándor Laki ELTE-Ericsson Communication Networks Laboratory ELTE FI Department Of Information Systems lakis@elte.hu http://lakis.web.elte.hu Based on the slides of Laurent Vanbever. Further
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationOTSDN What is it? Does it help?
OTSDN What is it? Does it help? Dennis Gammel Schweitzer Engineering Laboratories, Inc. Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security cred-c.org Important Aspects
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationConfiguring Switched Port Analyzer
This document describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the router. Finding Feature Information, page 1 Prerequisites for Configuring Local Span and RSPAN,
More informationSoftware Systems for Surveying Spoofing Susceptibility
Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ NANOG68, October 18th 2016 www.caida.o
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationConfiguring NetFlow BGP Next Hop Support for Accounting and Analysis
Configuring NetFlow BGP Next Hop Support for Accounting and Analysis This document provides information about and instructions for configuring NetFlow Border Gateway Protocol (BGP) next hop support. This
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationECE 697J Advanced Topics in Computer Networks
ECE 697J Advanced Topics in Computer Networks Network Measurement 12/02/03 Tilman Wolf 1 Overview Lab 3 requires performance measurement Throughput Collecting of packet headers Network Measurement Active
More informationSDNRacer. Concurrency Analysis for SDNs. Ahmed El-Hassany Jeremie Miserez Pavol Bielik Laurent Vanbever Martin Vechev.
SDNRacer Concurrency Analysis for SDNs Ahmed El-Hassany Jeremie Miserez Pavol Bielik Laurent Vanbever Martin Vechev http://sdnracer.ethz.ch ETH Zürich April 29 th, 2016 1 Load Balancer Application 2 Load
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationInternetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview
Internetwork Expert s CCNP Bootcamp Hierarchical Campus Network Design Overview http:// Hierarchical Campus Network Design Overview Per Cisco, a three layer hierarchical model to design a modular topology
More informationSDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks
SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks Laura Galluccio, Sebastiano Milardo, Giacomo Morabito, Sergio Palazzo University of Catania, Catania,
More informationClassBench-ng: Recasting ClassBench After a Decade of Network Evolution
ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution Jiří Matoušek 1, Gianni Antichi 2, Adam Lučanský 3 Andrew W. Moore 2, Jan Kořenek 1 1 Brno University of Technology 2 University
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 9 Verifying Port Channel Configuration, page 16 Verifying the Load-Balancing Outgoing Port ID, page 17 Feature
More information