Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall
|
|
- Adela Kory Ball
- 5 years ago
- Views:
Transcription
1 Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall comnet.informatik.uni-wuerzburg.de
2 SarDiNe Research Project Goal: Improve the security in enterprise and government networks based on SDN/NFV sardine-project.org Partners Associated Partners 2
3 Motivation External Network Internal Network 3
4 Motivation Active Standby External Network Internal Network 4
5 Motivation Active Standby External Network Internal Network 5
6 Motivation Active Standby External Network Internal Network 6
7 Motivation Active Standby External Network Internal Network 7
8 Motivation Active Standby External Network Internal Network 8
9 Motivation Active Standby External Network Internal Network 9
10 Motivation Active Standby External Network Internal Network 10
11 Motivation Active Standby External Network Internal Network Expensive hot standby 11
12 Motivation Active Standby External Network Internal Network Expensive hot standby Little internal defenses 12
13 Motivation Active Standby External Network Internal Network Expensive hot standby Little internal defenses Limited scalability 13
14 Motivation Active Standby External Network Internal Network 14
15 Motivation External Network Internal Network 15
16 Motivation External Network Internal Network 16
17 Motivation Active Active Active Active Active Active External Network Internal Network 17
18 Motivation Active Active Active Active Active Active External Network Internal Network Omni-present protection 18
19 Motivation Active Active Active Active Active Active External Network Internal Network Omni-present protection Scalable and resilient security solution 19
20 Motivation Active Active Active Active Active Active External Network Internal Network Omni-present protection Scalable and resilient security solution SDN and NFV provide the necessary means 20
21 Agenda Motivation Background Software-defined Networking (SDN) Network Function Virtualization (NFV) Omni-present SDN Firewall Fine-grained access control Scalable & resilient stateful firewalling Firewall offloading Demo Conclusion 21
22 BACKGROUND 22
23 Software-defined Networking (SDN) Key principles Separation of control and data plane Logically centralized control plane Open Interfaces Programmability Features Protocol independence Ability to dynamically adapt network parameters Granularity Elasticity Control Plane Southbound API Data Plane Use cases Cloud orchestration Network management Network security 23
24 SDN Packet Handling & Table Structure Rule Action Stats Forward packet to zero or more ports Encapsulate and forward to controller Send to normal processing pipeline Modify Fields Any extensions you add! Packet + Byte Counters Switch Port ICMPv4 Type Switch Phy Port ICMPv4 Code Meta data TCP Src ETH Dst TCP Dst ETH Src UDP Src ETH Type UDP Dst VLAN VID SCTP Src VLAN PCP SCTP Dst IP DSCP ARP OP IP ECN ARP SPA IP Proto ARP TPA IPv4 Src ARP SHA IPv4 Dst ARP THA Mask for match fields 24
25 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) A *.* B CP 25
26 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) A *.* B CP 26
27 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) A *.* B CP 27
28 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) A *.* B CP 28
29 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) A *.* B CP 29
30 SDN Modes of Operation Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP A B 30
31 SDN Modes of Operation Control Plane (CP) Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP Proactive Southbound API Match Action Data Plane (DP) *.* CP A B A B 31
32 SDN Modes of Operation Control Plane (CP) Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP Proactive Southbound API Match Action Data Plane (DP) *.* CP A B A B 32
33 SDN Modes of Operation Control Plane (CP) Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP Proactive Southbound API Match Action Data Plane (DP) *.* B CP A B A B 33
34 SDN Modes of Operation Control Plane (CP) Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP Proactive Southbound API Match Action Data Plane (DP) *.* B CP A B A B 34
35 SDN Modes of Operation Control Plane (CP) Control Plane (CP) Reactive Southbound API Match Action Data Plane (DP) *.* B CP Proactive Southbound API Match Action Data Plane (DP) *.* B CP A B A B 35
36 Network Function Virtualization (NFV) Legacy networks are full of middle boxes Specialized hardware Deployed in the data path Limited scalability Load Balancers Network Monitoring Firewalls Traffic Shapers Network Function Virtualization Virtual applications Executed on COTS servers Cloud-ready 36
37 OMNI-PRESENT SDN FIREWALL 37
38 Fine-granular Access Control On-demand personalized virtual network BYOD scenario Strict flow isolation Minimized attack surface Technical implementation 2FA Authentication No MDM required 38
39 Shared State Scalable & Resilient Stateful Firewalling NFV-based stateful firewall Run as software in the cloud Dynamic n+1 protection Technical implementation SDN switch as load balancer State decoupled from workers SDN Controller Configuration & Health Checks FW-VNF OpenFlow FW-VNF FW-VNF SDN Switch FW-VNF Private Cloud 39
40 Firewall Offloading Dynamic firewall offloading Offload trusted flows to relief VNFs No noticeable service degradation Technical implementation Optimizer selects flows with a high performance impact Switches act as stateless packet filters Performed in the fast path at line rate 40
41 Omni-present SDN Firewall SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF SDN Switch SDN Switch Services Private Cloud 41
42 Omni-present SDN Firewall SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF SDN Switch SDN Switch Services Private Cloud 42
43 Omni-present SDN Firewall Available Services SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF SDN Switch SDN Switch Services Private Cloud 43
44 Omni-present SDN Firewall Available Services SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF SDN Switch SDN Switch Services Private Cloud 44
45 Omni-present SDN Firewall Available Services SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF FW VNF Shared State SDN Switch SDN Switch Services Private Cloud 45
46 Omni-present SDN Firewall Available Services SDN Controller Network Management System Cloud Management System Internal Network AAA FW VNF FW VNF Shared State SDN Switch SDN Switch Services Private Cloud 46
47 Demo Setup 47
48 Fine-granular Access Control Network Services Access Control SDN Controller 48
49 NFV Monitoring Virtual Network Functions 49
50 Fast Failover Firewall VNF Resiliency 50
51 Offloading of Trusted Flows Firewall VNF Offloading 51
52 CONCLUSION 52
53 Conclusion 53
54 Conclusion Advanced DDoS Mitigation Fine-granular Flow Control Scalable Security Solutions Reduced Management Efforts 54
55 Conclusion Complex Architecture Fast development rates New Technology Large Software Projects Advanced DDoS Mitigation Fine-granular Flow Control Scalable Security Solutions Reduced Management Efforts 55
56 Conclusion Complex Architecture Fast development rates New Technology Large Software Projects Advanced DDoS Mitigation Fine-granular Flow Control Scalable Security Solutions Reduced Management Efforts Both sides of the scale need to be addressed 56
57 Conclusion Complex Architecture Fast development rates New Technology Large Software Projects Advanced DDoS Mitigation Fine-granular Flow Control Scalable Security Solutions Reduced Management Efforts Both sides of the scale need to be addressed In our opinion the benefits will outweigh the challenges Tight integration of quality assurance in the deployment stage Adaptation of software testing methods to the networking domain 57
58 Sources Michael Jarschel, Thomas Zinner, Tobias Hoßfeld, Phuoc Tran-Gia, Wolfgang Kellerer, Interfaces, Attributes, and Use Cases: A Compass for SDN, IEEE Communications Magazine, 52, 2014 Gebert, S., Zinner, T., Gray, N., Durner, R., Lorenz, C., Lange, S., Demonstrating a Personalized Secure-By-Default Bring Your Own Device Solution Based on Software Defined Networking, International Teletraffic Congress (ITC 28), 2016 Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Zinner, T., Tran-Gia, P., An SDN/NFV-enabled Enterprise Network Architecture Offering Fine-Grained Security Policy Enforcement, IEEE Communications Magazine. 55, (2017) Gray, N., Lorenz, C., Müssig, A., Gebert, S., Zinner, T., Tran-Gia, P., A Priori State Synchronization for Fast Failover of Stateful Firewall VNFs, Workshop on Software-Defined Networking and Network Function Virtualization for Flexible Network Management, SDNFlex 2017 Pfaff B., Scherer J., Hock D., Gray N., Zinner T., Tran-Gia P., Durner R., Kellerer R., Lorenz C., SDN/NFV-enabled Security Architecture for Fine-grained Policy Enforcement and Threat Mitigation for Enterprise, ACM SIGCOMM Computer Communication Review,
State Synchronization for Fast Failover of Stateful Firewall VNF
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia State Synchronization for Fast Failover of Stateful Firewall VNF, Claas Lorenz, Alexander Müssig, Steffen Gebert,
More informationFirewall offloading based on SDN and NFV
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich Firewall offloading based on SDN and NFV ITG 5.2.2/5.2.4 05.12.2016 Raphael Durner r.durner@tum.de
More informationLeveraging SDN & NFV to Achieve Software-Defined Security
Leveraging SDN & NFV to Achieve Software-Defined Security Zonghua Zhang @imt-lille-douai.fr NEPS: NEtwork Performance and Security Group 2 Topics Anomaly detection, root cause analysis Security evaluation
More informationSoftware-Defined Networking (SDN) Overview
Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationSoftware Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.
MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks http://web.uettaxila.edu.pk/cms/2017/spr2017/temcitms/ MODULE OVERVIEW Motivation behind Software
More informationSoftware-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017
Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Traditional Ethernet Challenges Plug-and-play Allow all ROOT D D D D Nondeterministic Reactive failover Difficult
More informationSDN Workshop. Contact: WSDN01_v0.1
SDN Workshop Contact: training@apnic.net WSDN01_v0.1 Issue Date: [Date] Revision: [xx] OpenFlow SDN Workshop WSDN01_v0.1 Issue Date: [Date] Revision: [xx] SDN architectural framework Application Plane
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationInvestigating the Impact of Network Topology on the Processing Times of SDN Controllers
Investigating the Impact of Network Topology on the Processing Times of SDN Controllers Christopher Metter, Steffen Gebert, Stanislav Lange, Thomas Zinner, Phuoc Tran-Gia, Michael Jarschel University of
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationSoftware Defined Networking
CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc
More informationEnabling Efficient and Scalable Zero-Trust Security
WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support
More informationTowards Flexible Networking in Dynamically Changing Environments
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich Towards Flexible Networking in Dynamically Changing Environments Wolfgang Kellerer Technical
More informationHands on SDN and BRO
Hands on SDN and BRO Malware Research Conference 2016 Ian Welch, School of Engineering and Computer Science Victoria University of Wellington 11th July 2016 Who am I? Lecturer at Victoria University of
More informationSDN Workshop. Contact: TSDN01_v0.1. [xx] Revision:
SDN Workshop Contact: training@apnic.net Issue Date: [Date] TSDN01_v0.1 Revision: [xx] Routers Two key roles: Determining network paths Packet forwarding 2 Today s router Management High Availability FCAPS
More informationChair of Communication Networks University of Würzburg
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Chair of Communication Networks University of Würzburg Thomas Zinner Institute of Computer Science Universität Würzburg
More informationSoftware Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University
Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application
More informationSDN Applications and Use Cases. Copyright 2015 ITRI
SDN Applications and Use Cases Copyright 20 ITRI Bachelor B Ph.D (IR) (ITRI) Engineer 20 Copyright 20 ITRI 2 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall
More informationThe Function Placement Problem (FPP)
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich The Function Placement Problem (FPP) Wolfgang Kellerer Technical University of Munich Dagstuhl,
More informationSDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018
SDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018 Queen s University Belfast Lanyon Building Est. 1845 Centre for Secure Information Technologies
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationBuilding Security Services on top of SDN
Building Security Services on top of SDN Gregory Blanc Télécom SudParis, IMT 3rd FR-JP Meeting on Cybersecurity WG7 April 25th, 2017 Keio University Mita Campus, Tokyo Table of Contents 1 SDN and NFV as
More informationAGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou
NET1523BE INTEGRATING NSX AND CLOUD FOUNDRY Usha Ramachandran Staff Product Manager, Pivotal Sai Chaitanya Product Line Manager, VMware VMworld 2017 Content: Not for publication #VMworld AGENDA 1 2 3 4
More information1 University of Würzburg. Institute of Computer Science Research Report Series. A Compass Through SDN Networks
University of Würzburg Institute of Computer Science Research Report Series A Compass Through SDN Networks Thomas Zinner 1, Michael Jarschel 1, Tobias Hossfeld 1, Phuoc Tran-Gia 1 and Wolfgang Kellerer
More informationContainer Network Functions: Bringing NFV to the Network Edge
Container Network Functions: Bringing NFV to the Network Edge Richard Cziva University of Glasgow Richard.Cziva@glasgow.ac.uk SDN / NFV WORLD CONGRESS 2017, The Hague, Netherlands About Netlab University
More informationAdvanced threats. "Software defined" everything. Internet of Things. SDDC/Cloud. HTTP is the new TCP. Mobile. F5 Networks, Inc 2
F5 Software Defined Application Services F5 Synthesis Fred Wu Technical Director of F5 Networks China Advanced threats "Software defined" everything SDDC/Cloud Internet of Things Mobile HTTP is the new
More informationDaoliNet A Simple and Smart Networking Technology for Docker Applications
DaoliNet A Simple and Smart Networking Technology for Docker Applications DaoliNet An Open Source Project www.daolinet.org May, 2016 Docker is Awesome! A Linux Container Engine Build, Ship and Run Any
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationCloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer
Cloud, SDN and BIGIQ Philippe Bogaerts Senior Field Systems Engineer Virtual Editions TMOS/LTM 12.0 Highlights 1 NIC support Azure Marketplace Kernel Independent driver Enhanced Hypervisor support F5 Networks,
More informationCS-580K/480K Advanced Topics in Cloud Computing. Software-Defined Networking
CS-580K/480K Advanced Topics in Cloud Computing Software-Defined Networking 1 An Innovation from Stanford Nick McKeown In 2006, OpenFlow is proposed, which provides an open protocol to program the flow-table
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationXen*, SDN and Apache Cloudstack. Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit
Xen*, SDN and Apache Cloudstack Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit Outline A bit about CloudStack A bit about SDN A bit about OpenVswitch Some bits about SDN
More informationlecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00
lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00 Network Virtualization in multi-tenant Datacenters Teemu Koponen.,
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationAdversarial Network Forensics in Software Defined Networking
Computer Science and Engineering, Pennsylvania State University University Park, PA 16802 {sachleitner,tlp,tjaeger,mcdaniel}@cse.psu.edu ABSTRACT Software Defined Networking (SDN), and its popular implementation
More informationA Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu
4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) A Software-Defined Networking Security Controller Architecture Fengjun Shang, Qiang Fu College of Computer Science
More informationSD-Access Wireless: why would you care?
SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress
More informationNetwork Function Virtualization. CSU CS557, Spring 2018 Instructor: Lorenzo De Carli
Network Function Virtualization CSU CS557, Spring 2018 Instructor: Lorenzo De Carli Managing middleboxes Middlebox manifesto (ref. previous lecture) pointed out the need for automated middlebox management
More informationSource Address Validation: from the Current Network Architecture to SDN-based Architecture
Source Address Validation: from the Current Network Architecture to SDN-based Architecture Jun Bi Tsinghua University/CERNET GFI 2013 Nov. 20, 2013 1 Content Source Address Validation Architecture (SAVA)
More informationLecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 10.1 A real SDN implementation: the Google B4 case Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it WAN WAN = Wide Area Network WAN features: Very expensive (specialized high-end
More informationEnd to End SLA for Enterprise Multi-Tenant Applications
End to End SLA for Enterprise Multi-Tenant Applications Girish Moodalbail, Principal Engineer, Oracle Inc. Venugopal Iyer, Principal Engineer, Oracle Inc. The following is intended to outline our general
More informationONUG SDN Federation/Operability
ONUG SDN Federation/Operability Orchestration A white paper from the ONUG SDN Federation/Operability Working Group May, 2016 Definition of Open Networking Open networking is a suite of interoperable software
More informationAccelerating SDN and NFV Deployments. Malathi Malla Spirent Communications
Accelerating SDN and NFV Deployments Malathi Malla Spirent Communications 2 Traditional Networks Vertically integrated Closed, proprietary Slow innovation 3 Infinite Complexity of Testing Across virtual
More informationSecurity Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017
Security Everywhere Within Juniper Networks Mobile Cloud Architecture Mobile World Congress 2017 Agenda Challenges and Trends Use Cases and Solutions Products and Services Proof Points Juniper s Mobile
More informationIdentity-Defined Networking. TDDD17, LiU
Identity-Defined Networking Andrei Gurtov IDA, Linköping University Erik Giesa, Marc Kaplan TemperedNetworks TDDD17, LiU Contents Traditional Networking: Challenging and Complex Identity-Defined Networking
More informationResearch on Firewall in Software Defined Network
Advances in Computer, Signals and Systems (2018) 2: 1-7 Clausius Scientific Press, Canada Research on Firewall in Software Defined Cunqun Fan a, Manyun Lin, Xiangang Zhao, Lizi Xie, Xi Zhang b,* National
More informationProgrammable data planes, P4, and Trellis
Programmable data planes, P4, and Trellis Carmelo Cascone MTS, P4 Brigade Leader Open Networking Foundation October 20, 2017 1 Outline Introduction to P4 and P4 Runtime P4 support in ONOS Future plans
More informationTowards SDN-Defined Programmable BYOD (Bring Your Own Device) Security
Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu SUCCESS Lab Texas A&M University Outline Introduction & Motivation
More informationDraft Recommendation X.sdnsec-3 Security guideline of Service Function Chain based on software defined network
Draft Recommendation X.sdnsec-3 Security guideline of Service Function Chain based on software defined network Summary This recommendation is to analyze the security threats of the SDN-based Service Function
More informationCLOUD SECURITY: THE CHALLENGES FOR THE DATA CENTRE AND IT ENVIRONMENT NOVEMBER 2016
CLOUD SECURITY: THE CHALLENGES FOR THE DATA CENTRE AND IT ENVIRONMENT NOVEMBER 2016 1 ENTERPRISE IT STRATEGY DEFINED BY VARIOUS STAKEHOLDERS CIO CFO CISO Business User Become provider of choice Need easy
More informationCSC 4900 Computer Networks: Network Layer
CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationThe New Net, Edge Computing, and Services. Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare May 2018
The New Net, Edge Computing, and Services Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare MNELSON@CLOUDFLARE.COM or @MikeNelson May 2018 We are helping build a better Internet Cloudflare is an Edge
More informationOverview on FP7 Projects SPARC and UNIFY
Overview on FP7 Projects SPARC and UNIFY Mario Kind, Telekom Innovation Laboratories, Deutsche Telekom AG UNIFY is co-funded by the European Commission DG CONNECT in FP7 Recent activities on SDN, NFV FP7
More informationOpenADN: Service Chaining of Globally Distributed VNFs
OpenADN: Service Chaining of Globally Distributed VNFs Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Software Telco Congress, Santa Clara,
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationCentec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R
Centec V350 Product Introduction Centec Networks (Suzhou) Co. Ltd R1.6 2016-03 V350 Win the SDN Idol@ONS V350 win the SDN Idol@ONS award in ONS 2013 2016 Centec Networks (Suzhou) Co., Ltd. All rights reserved.
More informationStateless Network Functions:
Stateless Network Functions: Breaking the Tight Coupling of State and Processing Murad Kablan, Azzam Alsudais, Eric Keller, Franck Le University of Colorado IBM Networks Need Network Functions Firewall
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationSDN Software Switch Lagopus enables SDN/NFV transformation
SDN Software Switch Lagopus enables SDN/NFV transformation Hitoshi Masutani NTT Network Innovation Labs. Nov 25 th 2016 0 Agenda 1. Background & motivation 2. SDN Software switch Lagopus 3. NFV Node with
More informationJN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.
JN0-210.juniper Number: JN0-210 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 Which protocol does Juniper Networks recommend to provide real-time updates of the network topology to the NorthStar
More informationNetwork Virtualization Based on Flows
TERENA NETWORKING CONFERENCE 2009 June 9, 2009 Network Virtualization Based on Flows Peter Sjödin Markus Hidell, Georgia Kontesidou, Kyriakos Zarifis KTH Royal Institute of Technology, Stockholm Outline
More informationSoftware Defined Networks and OpenFlow
Tecnologie e Protocolli per Internet 1 Prof. Stefano Salsano e-mail: stefano.salsano@uniroma2.it AA2012/13 Blocco 5 v1 1 Software Defined Networks and OpenFlow 2 Acknowledgements Next slides are taken
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationJuniper JN0-410 Exam. Volume: 65 Questions. Question No: 1 What are two valid service VMs in a service chain? (Choose two.) A.
Volume: 65 Questions Question No: 1 What are two valid service VMs in a service chain? (Choose two.) A. gateway B. load balancer C. orchestrator D. firewall Answer: B,D Question No: 2 Which role does OpenStack
More informationCross-Site Virtual Network Provisioning in Cloud and Fog Computing
This paper was accepted for publication in the IEEE Cloud Computing. The copyright was transferred to IEEE. The final version of the paper will be made available on IEEE Xplore via http://dx.doi.org/10.1109/mcc.2017.28
More informationCisco Designing the Cisco Cloud (CLDDES) Download Full version :
Cisco 300-465 Designing the Cisco Cloud (CLDDES) Download Full version : http://killexams.com/pass4sure/exam-detail/300-465 out from the VM. F. Operates by allocating disk storage space in a flexible manner
More informationSDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe
SDN TO BE OR NOT TO BE Uwe Richter SE Director Russia/CIS, East and South East Europe uwe@juniper.net FUNDAMENTAL PROBLEMS TO SOLVE Want more innovation in networking Want it more quickly too Want more
More informationCisco Extensible Network Controller
Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies
More informationNEC Virtualized Evolved Packet Core vepc
TE-524262 NEC Virtualized Evolved Packet Core vepc Design Concepts and Benefits INDEX Leading the transformation into Mobile Packet Core Virtualization P.3 vepc System Architecture Overview P.4 Elastic
More informationLecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.
More informationWeb-Based User Interface for the Floodlight SDN Controller
3175 Web-Based User Interface for the Floodlight SDN Controller Hakan Akcay Department of Computer Engineering, Istanbul University, Istanbul Email: hknakcay@gmail.com Derya Yiltas-Kaplan Department of
More informationRed Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide
Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight OpenStack Team Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight
More informationOPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net
OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net 1 HUH? OPENFLOW. What is OpenFlow? From the bottom up. With big words. How OpenFlow does stuff. Then WHY we want
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationTender 10/ dated Reply to Pre-bid Queries
Compliance Queries Suggested changes Reply Please specify if this is mandatory or Optional? 1 27/6.2 System should have capability to integrate with new/forthcoming network technologies such as it should
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message
More informationOpenFlow Ronald van der Pol
OpenFlow Ronald van der Pol Outline! Goal of this project! Why OpenFlow?! Basics of OpenFlow! Short Demo OpenFlow Overview! Initiative of Stanford University! Run network research experiments
More informationSDN/NFV for Cloud Data Centers: Case Study
SDN/NFV for Cloud Data Centers: Case Study June, 2014 안종석 (JongSeog Ahn) Senior Managing Director NAIM Networks james@naimnetworks.com 내용 NFV/SDN ONF의 SDN NFV NFV/SDN Use Cases and PoC NFV and SDN Industry
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationSecurity in Cloud Environments
Security in Cloud Environments Security Product Manager Joern Mewes (joern.mewes@nokia.com) 16-11-2016 1 Cloud transformation happens in phases and will take 5+ years Steps into the cloud Now 2016+ 2020+
More informationVirtualized Network Services SDN solution for service providers
Virtualized Network Services SDN solution for service providers Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise customers
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationLesson 9 OpenFlow. Objectives :
1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.
More informationVishal Shirodkar Technology Specialist Microsoft India Session Code:
Vishal Shirodkar Technology Specialist Microsoft India Session Code: Session Objectives And Takeaways Explain how DirectAccess differs from a traditional VPN Identify some of the key requirements for installing
More informationIoT privacy risk management in ANASTACIA project
ANASTACIA has received funding from the European Union s Horizon 2020 Research and Innovation Programme under Grant Agreement N 731558 and from the Swiss State Secretariat for Education, Research and Innovation.
More informationO3 Project Network Business Innovation by SDN WAN Technologies
O3 Project Network Business Innovation by SDN WAN Technologies 16 October, 2014 Yoshiaki Kiriha O3 project (NEC, NTT, NTT Communications, Fujitsu, Hitachi) Agenda Trend on Future Information Networking
More informationA Hybrid Hierarchical Control Plane for Software-Defined Network
A Hybrid Hierarchical Control Plane for Software-Defined Network Arpitha T 1, Usha K Patil 2 1* MTech Student, Computer Science & Engineering, GSSSIETW, Mysuru, India 2* Assistant Professor, Dept of CSE,
More informationMaking Network Functions Software-Defined
Making Network Functions Software-Defined Yotam Harchol VMware Research / The Hebrew University of Jerusalem Joint work with Anat Bremler-Barr and David Hay Appeared in ACM SIGCOMM 2016 THE HEBREW UNIVERSITY
More informationIxia Test Solutions to Ensure Stability of its New, LXC-based Virtual Customer Premises Equipment (vcpe) Framework for Residential and SMB Markets
Innovate, Integrate, Transform Ixia Test Solutions to Ensure Stability of its New, LXC-based Virtual Customer Premises Equipment (vcpe) Framework for Residential and SMB Markets www.altencalsoftlabs.com
More informationImproving Network Security by SDN OrchSec and AutoSec Architectures
Improving Network Security by SDN OrchSec and AutoSec Architectures Dr.-Ing. Kpatcha Bayarou Head of Mobile Networks, Fraunhofer Institute for Secure Information Technology SIT 04. 09. September 2016,
More information