SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Size: px
Start display at page:

Download "SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich"

Transcription

1

2 SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich

3

4

5

6

7

8

9

10 This Talk

11

12

13 This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ

14 This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Header obfuscation Ƶǝŝ ʡƥȵ Hi Bob, Hi Bob, Payload encryption ǾǼōĦ

15 This thesis SDN-based Network Obfuscation

16 This thesis SDN-based Network Obfuscation Communication anonymity who is communicating with whom Volume anonymity how much traffic flows between host X and Y Topology anonymity how many hosts are in the network

17 This thesis SDN-based Network Obfuscation Software-Defined Network New network architecture Network-based approach No modifications at end-hosts

18 Software-Defined Networking Traditional network closed software [Cisco] closed hardware

19 Software-Defined Networking Traditional network SDN closed software open software standardized interface closed hardware standardized hardware [Cisco] [HP]

20 Architecture Layer 2 network

21 Architecture Layer 2 network With some SDN switches

22 Architecture Layer 2 network With some SDN switches And a central controller

23 Architecture Layer 2 network With some SDN switches And a central controller Attacked by an eavesdropper

24 Architecture Layer 2 network With some SDN switches And a central controller Attacked by an eavesdropper Protected by our system

25 Example Controller A B

26 Packet from A to B enters the network Controller A B A B

27 Ingress switch notifies controller Controller A B A B

28 Controller computes & installs flow rules Controller A B A B

29 Ingress switch obfuscates source and destination Controller A B A B ʡƥȵ

30 Core switch forwards obfuscated packet Controller A B A B ʡƥȵ ʡƥȵ

31 Egress switch de-obfuscates source and destination Controller A B A B ʡƥȵ ʡƥȵ A B

32 How does the rewriting work Controller A B A B ʡƥȵ ʡƥȵ A B

33 Rewriting as a trade-off between anonymity and scalability Anonymity Scalability

34 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Scalability

35 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Unique ID per host Scalability

36 Rewriting as a trade-off between anonymity and scalability Unique ID per flow Anonymity Our hybrid approach Unique ID per host Scalability

37 Rewriting scheme A B

38 Rewriting scheme Map source and destination to IDs A B

39 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst

40 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits

41 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID

42 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID

43 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID Set other bits to random values

44 Rewriting scheme Map source and destination to IDs A B Match-fields with arbitrary bitmasks MAC src MAC dst IP src IP dst Interpret as bit-string of 160 bits Randomly select bits that are used for source and destination ID Add source and destination ID Set other bits to random values ʡƥȵ

45 Evaluation Obfuscation controller compared with Floodlight in default configuration Resource usage in switches # flow table entries Switch load # flow table updates / s Controller load # flows / s Network performance RTT and bandwidth

46 Evaluation Obfuscation controller compared with Floodlight in default configuration Resource usage in switches # flow table entries Switch load # flow table updates / s Controller load # flows / s Network performance RTT and bandwidth

47 Follow-up work This thesis + Partial deployment + Improved scalability at network edge + Evaluation based on real user traffic

48 M A C s r c M A C d s t B I P s r c I P d s t Contributions Network-based design Scalable & anonymity-providing header rewriting scheme Prototype implementation (open source) Evaluation

49 M A C s r c M A C d s t B I P s r c I P d s t Contributions Network-based design Scalable & anonymity-providing header rewriting scheme Prototype implementation (open source) Evaluation Thank you! Questions

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC) Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:

More information

On the Difficulty of Scalably Detecting Network Attacks

On the Difficulty of Scalably Detecting Network Attacks On the Difficulty of Scalably Detecting Network Attacks Background Traditionally Firewall uses basic ACL rules to control the network traffic Packet filtering : ACL rules based on packet headers Stateful

More information

CSE 123: Computer Networks

CSE 123: Computer Networks CSE 123: Computer Networks Homework 3 Out: 11/19 Due: 11/26 Instructions 1. Turn in a physical copy at the beginning of the class on 11/26 2. Ensure the HW cover page has the following information clearly

More information

Interdomain Routing Design for MobilityFirst

Interdomain Routing Design for MobilityFirst Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network

More information

SR for SD-WAN over hybrid networks

SR for SD-WAN over hybrid networks SR for SD-WAN over hybrid networks to optimize SD-WAN services over long distance https://datatracker.ietf.org/doc/draft-dunbar-sr-sdwan-over-hybrid-networks/ Linda.Dunbar@Huawei.com Mehmet.toy@Verizon

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite

More information

Software Defined Networking Data centre perspective: Open Flow

Software Defined Networking Data centre perspective: Open Flow Software Defined Networking Data centre perspective: Open Flow Seminar: Prof. Timothy Roscoe & Dr. Desislava Dimitrova D. Dimitrova, T. Roscoe 04.03.2016 1 OpenFlow Specification, protocol, architecture

More information

Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University

Software Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application

More information

Software-Defined Networking (Continued)

Software-Defined Networking (Continued) Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations

More information

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks. MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks http://web.uettaxila.edu.pk/cms/2017/spr2017/temcitms/ MODULE OVERVIEW Motivation behind Software

More information

Chapter 5 Network Layer: The Control Plane

Chapter 5 Network Layer: The Control Plane Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you

More information

CSC 401 Data and Computer Communications Networks

CSC 401 Data and Computer Communications Networks CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message

More information

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches White Paper Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches White Paper October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document

More information

Software Defined Networking

Software Defined Networking CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable

More information

Advanced Computer Networks. Network Virtualization

Advanced Computer Networks. Network Virtualization Advanced Computer Networks 263 3501 00 Network Virtualization Patrick Stuedi Spring Semester 2014 1 Oriana Riva, Department of Computer Science ETH Zürich Outline Last week: Portland VL2 Today Network

More information

On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets

On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park Heejo Lee On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets SIGCOMM'01 Presented by WeeSan Lee 10/28/2004

More information

Advanced Computer Networks. RDMA, Network Virtualization

Advanced Computer Networks. RDMA, Network Virtualization Advanced Computer Networks 263 3501 00 RDMA, Network Virtualization Patrick Stuedi Spring Semester 2013 Oriana Riva, Department of Computer Science ETH Zürich Last Week Scaling Layer 2 Portland VL2 TCP

More information

The Loopix Anonymity System

The Loopix Anonymity System The Loopix Anonymity System Ania M. Piotrowska 1 Jamie Hayes 1 Tariq Elahi 2 Sebastian Meiser 1 George Danezis 1 1 University College London, UK 2 KU Leuven 1 / 19 Mixnets Background A set of cryptographic

More information

Exam Questions

Exam Questions Exam Questions 300-101 ROUTE Implementing Cisco IP Routing https://www.2passeasy.com/dumps/300-101/ 1. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication? A. username B. password

More information

Design and development of the reactive BGP peering in softwaredefined routing exchanges

Design and development of the reactive BGP peering in softwaredefined routing exchanges Design and development of the reactive BGP peering in softwaredefined routing exchanges LECTURER: HAO-PING LIU ADVISOR: CHU-SING YANG (Email: alen6516@gmail.com) 1 Introduction Traditional network devices

More information

Using NAT in Overlapping Networks

Using NAT in Overlapping Networks Using NAT in Overlapping Networks Document ID: 13774 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot Related Information

More information

jumbo6 v1.2 manual pages

jumbo6 v1.2 manual pages jumbo6 v1.2 manual pages Description This tool allows the assessment of IPv6 implementations with respect to attack vectors based on IPv6 jumbograms. This tool is part of the IPv6 Toolkit v1.2: a security

More information

CSC 4900 Computer Networks: Network Layer

CSC 4900 Computer Networks: Network Layer CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized

More information

Chapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1

Chapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1 Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is

More information

Applied Networks & Security

Applied Networks & Security Applied Networks & Security Wired Local Area Networks (LANs) http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Spring 2006/2007 John Kristoff - DePaul University 1 Local Area

More information

Configuring the Catena Solution

Configuring the Catena Solution This chapter describes how to configure Catena on a Cisco NX-OS device. This chapter includes the following sections: About the Catena Solution, page 1 Licensing Requirements for Catena, page 2 Guidelines

More information

DevoFlow: Scaling Flow Management for High Performance Networks

DevoFlow: Scaling Flow Management for High Performance Networks DevoFlow: Scaling Flow Management for High Performance Networks SDN Seminar David Sidler 08.04.2016 1 Smart, handles everything Controller Control plane Data plane Dump, forward based on rules Existing

More information

Cybersecurity Threat Mitigation using SDN

Cybersecurity Threat Mitigation using SDN Cybersecurity Threat Mitigation using SDN Mohd Zafran (PhD Candidate) & Koji Okamura Graduate School of Information Science and Electrical Engineering Kyushu University Kyushu University, Japan 29/9/2017

More information

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Traditional Ethernet Challenges Plug-and-play Allow all ROOT D D D D Nondeterministic Reactive failover Difficult

More information

Lesson 9 OpenFlow. Objectives :

Lesson 9 OpenFlow. Objectives : 1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.

More information

COMP211 Chapter 4 Network Layer: The Data Plane

COMP211 Chapter 4 Network Layer: The Data Plane COMP211 Chapter 4 Network Layer: The Data Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross

More information

Hybrid Information-Centric Networking

Hybrid Information-Centric Networking Hybrid Information-Centric Networking ICN inside the Internet Protocol Luca Muscariello, Principal Engineer Giovanna Carofiglio, Distinguished Engineer Jordan Augé, Michele Papalini, Mauro Sardara, Alberto

More information

Be Fast, Cheap and in Control with SwitchKV. Xiaozhou Li

Be Fast, Cheap and in Control with SwitchKV. Xiaozhou Li Be Fast, Cheap and in Control with SwitchKV Xiaozhou Li Goal: fast and cost-efficient key-value store Store, retrieve, manage key-value objects Get(key)/Put(key,value)/Delete(key) Target: cluster-level

More information

PIX-IE An SDN-based Programmable Internet exchange

PIX-IE An SDN-based Programmable Internet exchange PIX-IE An SDN-based Programmable Internet exchange Kazuya Okada The University of Tokyo/WIDE Project/NSPIXP Project okada@ecc.u-tokyo.ac.jp Internet2 1 Our Background Operating an academic IX (DIX-IE)

More information

Quiz 8 May 21, 2015 Computer Engineering 80N

Quiz 8 May 21, 2015 Computer Engineering 80N Quiz 8 May 21, 2015 Computer Engineering 80N Left Neighbor: Right Neighbor: Keep this side up on your desk until you are told to turn the page over. This is a closed book quiz. No calculators. First Name

More information

0x1A Great Papers in Computer Security

0x1A Great Papers in Computer Security CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,

More information

Exploiting ICN for Flexible Management of Software-Defined Networks

Exploiting ICN for Flexible Management of Software-Defined Networks Exploiting ICN for Flexible Management of Software-Defined Networks Mayutan Arumaithurai, Jiachen Chen, Edo Monticelli, Xiaoming Fu and K. K. Ramakrishnan * University of Goettingen, Germany * University

More information

SDN in TETRA Group Communication - Voice Switching

SDN in TETRA Group Communication - Voice Switching SDN in TETRA Group Communication - Voice Switching Author: Saumya Paulose Supervisor: Prof. Jukka Manner Instructor: M.Sc. Antti Tuominen Place of Work: Airbus Defence and Space, Helsinki Contents Need

More information

P 5 : A Protocol for Scalable Anonymous Communications

P 5 : A Protocol for Scalable Anonymous Communications P 5 : A Protocol for Scalable Anonymous Communications 1 P 5 : A Protocol for Scalable Anonymous Communications Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan University of Maryland, College Park

More information

ENEE 459-C Computer Security. Security protocols (continued)

ENEE 459-C Computer Security. Security protocols (continued) ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p

More information

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net 1 HUH? OPENFLOW. What is OpenFlow? From the bottom up. With big words. How OpenFlow does stuff. Then WHY we want

More information

Expeditus: Congestion-Aware Load Balancing in Clos Data Center Networks

Expeditus: Congestion-Aware Load Balancing in Clos Data Center Networks Expeditus: Congestion-Aware Load Balancing in Clos Data Center Networks Peng Wang, Hong Xu, Zhixiong Niu, Dongsu Han, Yongqiang Xiong ACM SoCC 2016, Oct 5-7, Santa Clara Motivation Datacenter networks

More information

Moving packets. Moving datagrams. Suppose host A want to send IP to host B. Host A wants to send to host E. Generalized forwarding and SDN

Moving packets. Moving datagrams. Suppose host A want to send IP to host B. Host A wants to send to host E. Generalized forwarding and SDN Mving packets Generalized frwarding and SDN Mving datagrams 1. Surce hst fills in its address... 3. Data field is filled with paylad. CS242 Cmputer Netwrks 2.... and addresses destinatin address. Department

More information

A SIMPLE INTRODUCTION TO TOR

A SIMPLE INTRODUCTION TO TOR A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that

More information

Alcatel-Lucent 4A Alcatel-Lucent Scalable IP Networks. Download Full Version :

Alcatel-Lucent 4A Alcatel-Lucent Scalable IP Networks. Download Full Version : Alcatel-Lucent 4A0-100 Alcatel-Lucent Scalable IP Networks Download Full Version : https://killexams.com/pass4sure/exam-detail/4a0-100 Answer: B QUESTION: 216 Which of the following statements best characterize

More information

tcp6 v1.2 manual pages

tcp6 v1.2 manual pages tcp6 v1.2 manual pages Description This tool allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on TCP/IPv6 segments. This tool is part of the IPv6 Toolkit

More information

Data Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems Clayton Hassen Bell Canada

Data Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems Clayton Hassen Bell Canada Data Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems (faiqbal@cisco.com) Clayton Hassen Bell Canada (clayton.hassen@bell.ca) Reference Topology & Conventions SR control plane is

More information

Chapter 4 Network Layer: The Data Plane

Chapter 4 Network Layer: The Data Plane Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see

More information

RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with

RAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides

More information

BLINC: Multilevel Traffic Classification in the Dark

BLINC: Multilevel Traffic Classification in the Dark BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization

More information

Configuring EtherChannels

Configuring EtherChannels Configuring EtherChannels This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco

More information

Communication Networks

Communication Networks Communication Networks Prof. Laurent Vanbever Exercises week 6 VLAN, Internet Protocol & Forwarding VLAN The network below consists of 9 switches and hosts in two different VLANs (blue and red). Compute

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

NetFlow Configuration Guide

NetFlow Configuration Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION

More information

Understanding Basic 802.1ah Provider Backbone Bridge

Understanding Basic 802.1ah Provider Backbone Bridge Understanding Basic 802.1ah Provider Backbone Bridge Contents Introduction Prerequisites Requirements Components Used IEEE 802.1ah Provider Backbone Bridging Overview Terminologies Used PBB Components

More information

The Design Space of Network Mobility

The Design Space of Network Mobility The Design Space of Network Mobility Key ideas Network Mobility Seamless Mobility Overview of implementations and challenges Geomorphic model New abstraction for the network stack Helps us discuss, understand

More information

Configuring ARP CHAPTER4

Configuring ARP CHAPTER4 CHAPTER4 This chapter describes how the Address Resolution Protocol (ARP) on the ACE can manage and learn the mapping of IP to Media Access Control (MAC) information to forward and transmit packets. The

More information

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA

Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Weirong Jiang, Viktor K. Prasanna University of Southern California Norio Yamagaki NEC Corporation September 1, 2010 Outline

More information

IP Premium Agenda. - Status of IP Premium definition. - open issues - general - technical. - What s next. M. Campanella - TF-TNG - Prague - 2 Apr 2001

IP Premium Agenda. - Status of IP Premium definition. - open issues - general - technical. - What s next. M. Campanella - TF-TNG - Prague - 2 Apr 2001 IP Premium Agenda - Status of IP Premium definition - open issues - general - technical - What s next 1 IP Premium status - Diffserv Architecture - Expedited Forwarding Per Hop Behavior - manual provisioning

More information

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity

To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xiaowei Yang Duke Unversity Denial of Service (DoS) flooding attacks Send packet floods to a targeted victim Exhaust

More information

CS164 Final Exam Winter 2013

CS164 Final Exam Winter 2013 CS164 Final Exam Winter 2013 Name: Last 4 digits of Student ID: Problem 1. State whether each of the following statements is true or false. (Two points for each correct answer, 1 point for each incorrect

More information

Configuring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER

Configuring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER CHAPTER 5 This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on Cisco NX-OS devices. This chapter includes the following sections: Information About WCCPv2,

More information

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Presentation 2 Security/Privacy Presentations Nov 3 rd, Nov 10 th, Nov 15 th Upload slides to Canvas by midnight

More information

Configuring EtherChannels

Configuring EtherChannels This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco NX-OS. It contains the following

More information

MPLS, THE BASICS CSE 6067, UIU. Multiprotocol Label Switching

MPLS, THE BASICS CSE 6067, UIU. Multiprotocol Label Switching MPLS, THE BASICS CSE 6067, UIU Multiprotocol Label Switching Basic Concepts of MPLS 2 Contents Drawbacks of Traditional IP Forwarding Basic MPLS Concepts MPLS versus IP over ATM Traffic Engineering with

More information

Packet Tracer - Investigating the TCP/IP and OSI Models in Action (Instructor Version Optional Packet Tracer)

Packet Tracer - Investigating the TCP/IP and OSI Models in Action (Instructor Version Optional Packet Tracer) (Instructor Version Optional Packet Tracer) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding

More information

Configuring Local SPAN and ERSPAN

Configuring Local SPAN and ERSPAN This chapter contains the following sections: Information About ERSPAN, page 1 Licensing Requirements for ERSPAN, page 5 Prerequisites for ERSPAN, page 5 Guidelines and Limitations for ERSPAN, page 5 Guidelines

More information

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each

More information

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097 Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils

More information

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.

More information

Routing Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols

Routing Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols Routing Basics 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 Addresses are 32 bits long Range from 1.0.0.0 to 223.255.255.255 0.0.0.0

More information

CIT 380: Securing Computer Systems. Network Security Concepts

CIT 380: Securing Computer Systems. Network Security Concepts CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines

More information

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks

More information

Cisco Extensible Network Controller

Cisco Extensible Network Controller Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies

More information

Programming Network Policies by Examples: Platform, Abstraction and User Studies

Programming Network Policies by Examples: Platform, Abstraction and User Studies Programming Network Policies by Examples: Platform, Abstraction and User Studies Boon Thau Loo University of Pennsylvania NetPL workshop @ SIGCOMM 2017 Joint work with Yifei Yuan, Dong Lin, Siri Anil,

More information

Outline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things

Outline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things 8-5: Introduction to Telecommunication Networks Lectures : Virtual Things Peter Steenkiste Spring 05 www.cs.cmu.edu/~prs/nets-ece Outline Circuit switching refresher Virtual Circuits - general Why virtual

More information

Common Components. Cisco Unified Border Element (SP Edition) Configuration Profile Examples 5 OL

Common Components. Cisco Unified Border Element (SP Edition) Configuration Profile Examples 5 OL The following components of the Cisco Unified Border Element are common to all of the configuration profile examples in this document. Secure Media Adjacencies Call Policies CAC Policies SIP Profiles 5

More information

Adversarial Network Forensics in Software Defined Networking

Adversarial Network Forensics in Software Defined Networking Computer Science and Engineering, Pennsylvania State University University Park, PA 16802 {sachleitner,tlp,tjaeger,mcdaniel}@cse.psu.edu ABSTRACT Software Defined Networking (SDN), and its popular implementation

More information

Routing Basics ISP/IXP Workshops

Routing Basics ISP/IXP Workshops Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to

More information

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy

More information

Communication Networks

Communication Networks Prof. Laurent Vanbever Spring 08 Laurent Vanbever nsg.ee.ethz.ch ETH Zürich (D-ITET) March 6 08 Materials inspired from Scott Shenker & Jennifer Rexford Last week on How do local computers communicate?

More information

Configure Virtual LANs in Layer 2 VPNs

Configure Virtual LANs in Layer 2 VPNs The Layer 2 Virtual Private Network (L2VPN) feature enables Service Providers (SPs) to provide L2 services to geographically disparate customer sites. A virtual local area network (VLAN) is a group of

More information

Programmable Overlays with VPP

Programmable Overlays with VPP Programmable Overlays with LinuxCon 2016, Toronto Florin Coras, Vina Ermagan Cisco Systems Overlay Network Engine Objective Enable programmable, software defined, overlays Data driven control-plane protocol

More information

Computer Networks. Sándor Laki ELTE-Ericsson Communication Networks Laboratory

Computer Networks. Sándor Laki ELTE-Ericsson Communication Networks Laboratory Computer Networks Sándor Laki ELTE-Ericsson Communication Networks Laboratory ELTE FI Department Of Information Systems lakis@elte.hu http://lakis.web.elte.hu Based on the slides of Laurent Vanbever. Further

More information

SD-WAN Deployment Guide (CVD)

SD-WAN Deployment Guide (CVD) SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces

More information

OTSDN What is it? Does it help?

OTSDN What is it? Does it help? OTSDN What is it? Does it help? Dennis Gammel Schweitzer Engineering Laboratories, Inc. Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security cred-c.org Important Aspects

More information

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design

More information

Configuring Switched Port Analyzer

Configuring Switched Port Analyzer This document describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the router. Finding Feature Information, page 1 Prerequisites for Configuring Local Span and RSPAN,

More information

Software Systems for Surveying Spoofing Susceptibility

Software Systems for Surveying Spoofing Susceptibility Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ NANOG68, October 18th 2016 www.caida.o

More information

Routing Basics ISP/IXP Workshops

Routing Basics ISP/IXP Workshops Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to

More information

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis

Configuring NetFlow BGP Next Hop Support for Accounting and Analysis Configuring NetFlow BGP Next Hop Support for Accounting and Analysis This document provides information about and instructions for configuring NetFlow Border Gateway Protocol (BGP) next hop support. This

More information

Computer Science 461 Final Exam May 22, :30-3:30pm

Computer Science 461 Final Exam May 22, :30-3:30pm NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge

More information

ECE 697J Advanced Topics in Computer Networks

ECE 697J Advanced Topics in Computer Networks ECE 697J Advanced Topics in Computer Networks Network Measurement 12/02/03 Tilman Wolf 1 Overview Lab 3 requires performance measurement Throughput Collecting of packet headers Network Measurement Active

More information

SDNRacer. Concurrency Analysis for SDNs. Ahmed El-Hassany Jeremie Miserez Pavol Bielik Laurent Vanbever Martin Vechev.

SDNRacer. Concurrency Analysis for SDNs. Ahmed El-Hassany Jeremie Miserez Pavol Bielik Laurent Vanbever Martin Vechev. SDNRacer Concurrency Analysis for SDNs Ahmed El-Hassany Jeremie Miserez Pavol Bielik Laurent Vanbever Martin Vechev http://sdnracer.ethz.ch ETH Zürich April 29 th, 2016 1 Load Balancer Application 2 Load

More information

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097 Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms

More information

Internetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview

Internetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview Internetwork Expert s CCNP Bootcamp Hierarchical Campus Network Design Overview http:// Hierarchical Campus Network Design Overview Per Cisco, a three layer hierarchical model to design a modular topology

More information

SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks

SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks Laura Galluccio, Sebastiano Milardo, Giacomo Morabito, Sergio Palazzo University of Catania, Catania,

More information

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution

ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution ClassBench-ng: Recasting ClassBench After a Decade of Network Evolution Jiří Matoušek 1, Gianni Antichi 2, Adam Lučanský 3 Andrew W. Moore 2, Jan Kořenek 1 1 Brno University of Technology 2 University

More information

Configuring Port Channels

Configuring Port Channels This chapter contains the following sections: Information About Port Channels, page 1, page 9 Verifying Port Channel Configuration, page 16 Verifying the Load-Balancing Outgoing Port ID, page 17 Feature

More information