Using Event-Driven SDN for Dynamic DDoS Mitigation
|
|
- Bonnie Gordon
- 5 years ago
- Views:
Transcription
1 Using Event-Driven SDN for Dynamic DDoS Mitigation Craig Hill Distinguished SE, US Federal CCIE #1628 1
2 Concept and Content Creators The Cisco Engineering Team: Jason King Steven Carter Chris Hocker Tae Hwang Jim Kotantoulas 2
3 Business Imperative Cost per Object must Agility must Operations must Adapt Virtualization = explosion in Objects 50%+ of outages from mis-config Speed to activation too slow Mechanization of logic in CCIE brains Peering of Controller & Network Element Intelligence Evolving choices in abstraction CLI API GUI Easy Button 3
4 Traditional Control Plane Architecture (Distributed) Control plane is tightly coupled to the network device Minimal application programmability of network devices (CLI, SNMP, NETCONF) EX: Cisco Routers, Catalyst L2/L3 switches, Nexus switches, etc Application Distributed Control Plane Centralized Control Plane Data Plane APIs 4
5 SDN Control Plane Architecture (Centralized) OpenFlow Control plane is centralized Control plane abstracted from the forwarding HW Communications channel exists between control plane and forwarding HW (OpenFlow agent on device) EX: OpenFlow Model (controller, agent on network element) Application Distributed Control Plane Centralized Control Plane Data Plane APIs 5
6 Hybrid Control Plane Models Source: ONF Hybrid WG Centralize When Needed, Default Distributed Control Plane for All Else Applications Network Devices: On-Box Control Plane Application Distributed Control Plane Centralized Control Plane Data Plane APIs 6
7 Hybrid SDN Model Distributed and Centralized (via controller) Control Plane + Standards Data Plane SDN Control Plane Architecture (Hybrid) NB API s Communication Channel To Network Element IP/MPLS BGP/OSPF Packet Hardware + CP Packet Hardware + CP Packet Hardware + CP Network Element (Phy, Virt), with Distributed CP + programming capabilities through Southbound API 2013 Cisco Systems, Inc. All rights reserved.
8 Hybrid SDN Model Distributed and Centralized (via controller) Control Plane + Standards Data Plane SDN Control Plane Architecture (Hybrid) NB API s Communication Channel To Network Element Controller Operating System controlling specific functions of the network IP/MPLS BGP/OSPF Packet Hardware + CP Packet Hardware + CP Packet Hardware + CP Network Element (Phy, Virt), with Distributed CP + programming capabilities through Southbound API 2013 Cisco Systems, Inc. All rights reserved.
9 Hybrid SDN Model Distributed and Centralized (via controller) Control Plane + Standards Data Plane SDN Control Plane Architecture (Hybrid) NB API s Communication Channel To Network Element Controller South Bound control and API Operating System controlling specific functions of the network NETCONF, BGPLS, PCEP, OpenFlow, OVSDB, CLI IP/MPLS BGP/OSPF Packet Hardware + CP Packet Hardware + CP Packet Hardware + CP Network Element (Phy, Virt), with Distributed CP + programming capabilities through Southbound API 2013 Cisco Systems, Inc. All rights reserved.
10 Hybrid SDN Model Distributed and Centralized (via controller) Control Plane + Standards Data Plane SDN Control Plane Architecture (Hybrid) App App App App Applications layered on top NB API s Communication Channel To Network Element North Bound control and API Controller South Bound control and API (AAA Auth) REST Operating System controlling specific functions of the network NETCONF, BGPLS, PCEP, OpenFlow, OVSDB, CLI IP/MPLS BGP/OSPF Packet Hardware + CP Packet Hardware + CP Packet Hardware + CP Network Element (Phy, Virt), with Distributed CP + programming capabilities through Southbound API 2013 Cisco Systems, Inc. All rights reserved.
11 Programmability: Network Automation Interfaces Application Frameworks, Management Systems, Controllers,... OnePK C/Java Python NETCONF REST OpenFlow ACI Fabric OpenStack Puppet Protocols RESTful Management Orchestra8on Network Services Control Device Puppet Neutron OpFlex OpenFlow XML/JSON Network Device Plug-Ins API (OnePK) and Data Models (YANG) Opera8ng Systems IOS / NX-OS / IOS-XR YANG Protocols BGP, PCEP,... 11
12 Hybrid SDN Model What Are Examples These Applications? SDN Control Plane Architecture (Hybrid) App App App App Applications layered on top NB API s Communication Channel To Network Element IP/MPLS BGP/OSPF 2013 Cisco Systems, Inc. All rights reserved. WAN Automation Application QoS, Plug n Play, PathTrace OpenFlow, NETCONF, BGPLS, config tool Cloud Platform API s (OpenStack Neutron) Integrated Services Engine (ISE) 3 rd party developed interfacing to published REST API s Eco-System Applications Splunk, Lancope, LiveAction Orchestration engines (Tail-f)
13 Expose Network Intelligence Bi-Directionally Analyze data and response with action Workflow and Intent Applications (Splunk) Network Intelligence, Guidance Harvest Network Intelligence, Telemetry, and Events Services Orchestration (Traffic Steering, Blocking) Policy (Application + Network + Security) Analytics (Splunk) Program for Blocking and Steering of Traffic to End-points Programmability Network Statistics, States, Objects and Events 16
14 Event-Driven SDN - Solution Overview 17
15 Event-Driven SDN for DDoS - Concept Event Driven = no operator intervention to react to a vulnerability Leverage the automation, programmability, and open API s to simplify a multi-system and multi-operator process in the network Leverage open source and open standard across the system Trigger system automation based on events in the application (Splunk) Leverage customers existing investment application (Splunk in this case) Target other 3 rd party solutions/partners to leverage similar components (ODL, routers, switches) Options to leverage other protocols and SDN agents that exist Designers can tailor the system to their specific IA requirements 18
16 SDN DDoS Reference Implementation Commodity Internet Internet2/AL2S Next Genera=on Firewall Commodity: In-Line Internet 2: In-Line or OOB w/steering BGP Nexus 3K BGP Null Routes ASR 1K ASR 9K High-Throughput Science Networks DMZ Nexus 9K Flow No8fica8on Ac8ve Blocking REST API Secure Corporate Networks Compute DTN ASA 5585 Event Correlation Log Storage Auditing Analysis Corporate DC Campus External Services Open DayLight Controller 20
17 Cisco Open SDN Controller Open platform for SDN app development Single Northbound REST Interface Multiple Southbound Interfaces 21
18 Splunk as an SDN Application What is Splunk? Software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. Splunk captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations. Actions from these searches allow a variation of programmability to open API s and other correlation engines, as well as SDN controllers 23
19 Event-Driven SDN DDoS Mitigation Solution Overview Blocking and steering are the two main functions needed for this solution Splunk uses data flow notification from Globus to inform OSC to steer the elephant flow around the IDS OSC sends commands to the N3K to bypass the IDS via OpenFlow Splunk uses events from security devices to inform OSC to block bad source IP addresses Splunk Alerts REST SourceFire OSC Mirrored Traffic Steer Block WAN N3K Tap ASR 9K OSC sends commands to the ASR9K via netconf to block bad IP addresses using RTBH Data Flow Notification Globus 25
20 OoB IDS with Active Steering and DDoS Blocking #1: non FTP traffic sends all non- FTP traffic to the IDS. All non-ftp traffic is steered to the IDS (controlled via OpenFlow) The IDS then sends its anomaly detection messages to Splunk. When certain anomaly s are detected, Splunk triggers an action to be taken to start blocking traffic (REST call to OSC via a Python script) OSC sends these requests to the ASR9K router, to block specific source IP addresses that need to be blocked from transmission (in this case, OSC uses NETCONF to send these specific IP addresses and requests to the ASR9K router) Splunk Alerts REST SourceFire OSC Mirrored Traffic Steer Block WAN N3K Tap ASR 9K Globus 26
21 FTP Steering for IDS Bypass #2: FTP events from Globus in this case, flow source/destination are sent to Splunk (uses Globus data flow notification) upon FTP transfer initiation Globus sends Splunk a basic 5-tuple of these flows (dest/src IP, prot #, src/dest prot #) Splunk calls the OSC controller, requesting the source/destination IP address of the FTP flow be programmed into the Nexus 3K, with a source/destination and output port (OpenFlow format) The Nexus 3K prioritizes these flows via OF, by giving them a priority of 200 (overriding the current 100 priority programmed for the other flows Splunk Alerts REST SourceFire OSC Mirrored Traffic Steer WAN N3K Tap ASR 9K So, in this case, OF is active, and it dictates what traffic goes to IDS, vs. bypass IDS. Data Flow Notification Globus 30
22 OpenFlow Data Flow Steering Example! Flow start notification: Jun 10 10:53:43 localhost splunk_odl_action: log_level=info, action=start, flow= : :42600, status_code=200!! Flows added to Nexus 3000: Flow: 4! Match: tcp,in_port=54,nw_src= ,nw_dst= ,tp_src=50368,tp_dst=42600! Actions: output:52!! Priority: 200! Flow: 5! Match: tcp,in_port=52,nw_src= ,nw_dst= ,tp_src=42600,tp_dst=50368! Actions: output:54! Priority: 200! Flow stop notification: Jun 10 10:54:51 localhost splunk_odl_action: log_level=info, action=stop, flow= : :42600, status_code=200! 37
23 Remotely Triggered Black Hole Routing Static routes added by COSC through Netconf on ASR 9000: router static! address-family ipv4 unicast! /32 Null0 tag 666! /32 Null0 tag 666! /32 Null0 tag 666! /32 Null0 tag 666! /32 Null0 tag 666!! Export the Null routes setting next-hop to black hole IP: route-policy as out! if tag is 666 then! set next-hop ! set community (no-export) additive! pass! else! pass! endif! end-policy! Enable urpf on WAN interface on ASR 9000: ipv4 verify unicast source reachable-via any allow-default! Route Black Hole IP to NULL 0 on other border routers: ip route Null0! Enable urpf on WAN interface on ASR 1000: ip verify unicast source reachable-via any! 38
24 Summary Leverage the automation, programmability, and open API s to simplify a multi-system and multi-operator DDoS mitigation solution Leverage open source and open standard across to create an Event Driven system Leverage COTS applications, with API s, to mix a variation of components using SDN Target other 3 rd party solutions/partners to leverage similar components (OSC, routers, switches) Network designers and Security operations teams can leverage specific applications tailored to their environment and IA requirements 46
25 Thank You 47
Secure Science DMZ using Event-Driven SDN. Technical Solutions Cisco
Secure Science DMZ using Event-Driven SDN Tae Hwang Technical Solutions Architect @ Cisco Typical Science DMZ Architecture 1.0 What is the biggest challenge with this architecture? Internet Firewall I2
More informationPradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.
Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc. March 4 th, 2014 2012 2010 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or
More informationEvent-Based Software-Defined Networking: Build a Secure Science DMZ
White Paper Event-Based Software-Defined Networking: Build a Secure Science DMZ What You Will Learn As the need to efficiently move large data sets around the world increases, the Science DMZ - built at
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationCisco Virtual Topology System (VTS)
Cisco Virtual Topology System (VTS) Cisco Knowledge Network Presentation Vijay Arumugam and Palak Desai Product Management, Cloud and Virtualization Feb 3, 2016 Agenda Trends and Challenges in SP market
More informationBROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK
BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK Ken Cheng VP, Service Provider and Application Delivery Products September 12, 2012 Brocade Cloud-Optimized Networking
More informationCisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14
Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14 Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure
More informationNetwork Automation: Options & Possibilities 2016 BROCADE COMMUNICATIONS SYSTEMS, INC.
Network Automation: Options & Possibilities 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. Consumption Model Mid Enterprise HE Enterprise Telco Top 7 MSDC Regional CSP CSP Python DevOps 1 10 CLI Basic scripting
More informationNetwork Layer: The Control Plane
Network Layer: The Control Plane 7 th Edition, Global Edition Jim Kurose, Keith Ross Pearson April 06 5- Software defined networking (SDN) Internet network layer: historically has been implemented via
More informationCisco Open SDN Controller 1.2 Administrator Guide
First Published: September 16, 2015 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
More informationAPNIC elearning: SDN Fundamentals
APNIC elearning: SDN Fundamentals Issue Date: esdn01_v0.15 Revision: Overview Evolution of routers The Clean Slate project OpenFlow Emergence and evolution of SDN SDN architecture today Use cases Standards
More informationLEAP DATA SHEET. Lumina Extension Adaptation Platform. Benefits: Model-driven software platform enables automation of heterogeneous networks.
DATA SHEET LEAP Lumina Extension Adaptation Platform Model-driven software platform enables automation of heterogeneous networks. SDN has long enabled interfaces like Netconf and OpenFlow to program network
More informationCarrier SDN for Multilayer Control
Carrier SDN for Multilayer Control Savings and Services Víctor López Technology Specialist, I+D Chris Liou Vice President, Network Strategy Dirk van den Borne Solution Architect, Packet-Optical Integration
More informationDesigning and Implementing Cisco Network Programmability (NPDESI) v1.0
Data Sheet Learning Services Designing and Implementing Cisco Network Programmability (NPDESI) v1.0 Overview The Designing and Implementing Cisco Network Programmability (NPDESI) version 1.0 Cisco Training
More informationOptimizing the Usability of YANG Models for Network Automation
ydk.io Optimizing the Usability of YANG Models for Network Automation Craig Hill Distinguished Systems Engineer U.S. Public Sector CTO Office @netwrkr95 CCIE #1628 crhill@cisco.com CHI-NOG Chicago, IL
More informationIT Infrastructure. Transforming Networks to Meet the New Reality. Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015
IT Infrastructure Transforming Networks to Meet the New Reality Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationCisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System
Cisco Virtual Topology System Cisco VTS Enabling the Software Defined Data Center Jim Triestman CSE Datacenter USSP jtriestm@cisco.com VXLAN Fabric: Choice of Automation and Programmability Application
More informationSoftware-Defined Networking (SDN) Overview
Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it
More informationTechnologies for the future of Network Insight and Automation
Technologies for the future of Network Insight and Automation Richard Wade (ricwade@cisco.com) Technical Leader, Asia-Pacific Infrastructure Programmability This Session s Context Service Creation Service
More informationCisco Extensible Network Controller
Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies
More informationOpen Network Operating System
Open Network Operating System Michele Santuari msantuari@fbk.eu FBK CREATE-NET - Future Networks research unit April 28, 2017 Agenda Short introduction to SDN and network programmability Introduction to
More informationOpen SDN Controller Applications
The following topics describe the five applications that Open SDN Controller provides to facilitate the day-to-day administration of your network: BGPLS Manager, page 1 Inventory Manager, page 3 Model
More informationBuilding Open Source-Based Cloud Solutions with OpenDaylight. Colin Dixon, Brocade/OpenDaylight Lisa Caywood, OpenDaylight
Building Open Source-Based Cloud Solutions with OpenDaylight Colin Dixon, Brocade/OpenDaylight Lisa Caywood, OpenDaylight Part of a New OPEN Networking Stack Networking Apps ORCHESTRATION (NFVO,...) Mgmt
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationOpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist
OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist Agenda Introduction OpenStack OpenDaylight OPNFV Putting it all Together Conclusion
More informationSDN Solution for Service Provider Access Network Dennis Pai, Product Manager Ahmed Abeer, Technical Marketing Engineer BRKSPG-2064
SDN Solution for Service Provider Access Network Dennis Pai, Product Manager Ahmed Abeer, Technical Marketing Engineer BRKSPG-2064 Agenda Overview and Business Drivers SDN Technologies and Protocols SDN
More informationNew trends in IT. Network Functions Virtualization (NFV) & Software Defined-WAN
New trends in IT Network Functions Virtualization (NFV) & Software Defined-WAN 2017 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More informationBrocade Flow Optimizer
DATA SHEET Brocade Flow Optimizer Highlights Helps improve business agility by streamlining network operations via policy-driven visibility and control of network flows Provides distributed attack mitigation
More informationCase Study: Orchestration of Hybrid Networks
Hema Kadia VP - Head of Strategy and Practice for SDN/NFV Case Study: Orchestration of Hybrid Networks Achieving End-To-End Service Orchestration across Hybrid Networks Russ Bartels Director SDN & Networks
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationNetwork Programmability and Automation with Cisco Nexus 9000 Series Switches
White Paper Network Programmability and Automation with Cisco Nexus 9000 Series Switches White Paper August 2016 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationThe Next Opportunity in the Data Centre
The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationITBraindumps. Latest IT Braindumps study guide
ITBraindumps http://www.itbraindumps.com Latest IT Braindumps study guide Exam : 400-151 Title : CCIE Data Center v2.0 Vendor : Cisco Version : DEMO Get Latest & Valid 400-151 Exam's Question and Answers
More informationIntelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access
Now a part of Cisco We bought Viptela Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access Branch Hybrid WAN Transport IPsec Secure MPLS (IP-VPN) Private Cloud Virtual Private
More informationSDN: A Brief Anatomy and History. Jason Gintert Co-Founder/CTO, WAN Dynamics
SDN: A Brief Anatomy and History Jason Gintert Co-Founder/CTO, WAN Dynamics What is SDN? DEFINITION: Software-defined networking (SDN) is an approach to c o m p u t e r n e t w o r k i n g t h a t a l
More informationGet Your Datacenter SDN Ready. Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region
Get Your Datacenter SDN Ready Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region AGENDA Data Center Trends, Priorities, Concerns What Problems Are we Trying to Solve? Cisco
More informationNETCONF Protocol. Restrictions for the NETCONF Protocol. Information About the NETCONF Protocol
Restrictions for the, on page 1 Information About the, on page 1 How to Configure the, on page 4 Verifying the Configuration, on page 7 Additional References for, on page 9 Feature Information for, on
More informationCisco Virtual Topology System Release Service Provider Data Center Cisco Knowledge Network. Phil Lowden (plowden) October 9, 2018
Cisco Virtual Topology System Release 2.6.2 Service Provider Data Center Cisco Knowledge Network Phil Lowden (plowden) October 9, 2018 Cisco VTS is a standards-based, open software-overlay management and
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationSoftware Defined Networks For Service Providers. A Practical Approach
BRKSPG-3683 Software Defined Networks For Providers. A Practical Approach Michael O Gorman Chief Architect Office C97-693316-00 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
More informationBIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES
Modern Packet Recorder: Enhancing Data Security and Privacy Compliance OVERVIEW In response to the stringent corporate governance and compliance requirements for how IT data is secured, controlled, and
More informationOpenDaylight Introduction and Overview
OpenDaylight Introduction and Overview David Meyer SP CTO and Chief Scientist dmm@{brocade.com,uoregon.edu,1-4-5.net, } Agenda Introduction Architecture Overview Project Life Cycle, Simultaneous Release
More informationF5 Networks in the Software Defined DataCenter Era. Paolo Pambianco System Engineer CSP
F5 Networks in the Software Defined DataCenter Era Paolo Pambianco System Engineer CSP p.pambianco@f5.com Data Center Transformation Business demands are driving changes in IT service delivery Driving
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationSDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe
SDN TO BE OR NOT TO BE Uwe Richter SE Director Russia/CIS, East and South East Europe uwe@juniper.net FUNDAMENTAL PROBLEMS TO SOLVE Want more innovation in networking Want it more quickly too Want more
More informationIntroduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050
Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Group @ Cisco PSOSDN-1050 Agenda Cisco Data Center SDN Strategy Programmable Fabric with VTS VTS Architecture
More informationWhat is ONOS? ONOS Framework (ONOSFW) is the OPNFV project focused on ONOS integration. It is targeted for inclusion in the Brahmaputra release.
What is ONOS? Open Network Operating System (ONOS) is an open source SDN network operating system. Our mission is to enable Service Providers to build real SDN/NFV Solutions. ONOS Framework (ONOSFW) is
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationOPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT
OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT sdn-and-nfv-technical---georgia-tech---sep-2013---v2 Bruno Rijsman, Distinguished Engineer 24 September 2013 Use Cases 2 Copyright 2013 Juniper Networks,
More informationOpenDaylight as a Platform for Network Programmability FOSDEM, 3 February Charles Eckel, Cisco DevNet
OpenDaylight as a Platform for Network Programmability FOSDEM, 3 February 2018 Charles Eckel, Cisco DevNet eckelcu@cisco.com Agenda What is SDN What is OpenDaylight Network programmability Installation
More informationOverview of the Cisco OpenFlow Agent
About OpenFlow, page 1 Information About Cisco OpenFlow Agent, page 2 About OpenFlow OpenFlow is an open standardized interface that allows a software-defined networking (SDN) controller to manage the
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationCisco WAN Automation Engine (WAE) Network Programmability with Segment Routing
LTRMPL-2104 Cisco WAN Automation Engine (WAE) Network Programmability with Segment Routing Josh Peters Technical Marketing Engineer Derek Tay Technical Marketing Engineer Cisco Spark How Questions? Use
More informationProgramovatelnost síťových zařízení
Praha, hotel Clarion 10. 11. dubna 2013 Programovatelnost síťových zařízení Příklady využití OnePK v komunikačních architekturách T-SDN2 / L2 Pavel Křižanovský 2011 2013 Cisco and/or its affiliates. All
More informationTaxonomy of SDN. Vara Varavithya 17 January 2018
Taxonomy of SDN Vara Varavithya 17 January 2018 Modern Data Center Environmentally protected warehouses Large number of computers for compute and storage Blades Computer- Top-of-Rack (TOR) Switches Full
More informationProvisioning Overlay Networks
This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 4 Creating Subnetwork using VMware, page 4 Creating Routers
More informationSource Address Validation: from the Current Network Architecture to SDN-based Architecture
Source Address Validation: from the Current Network Architecture to SDN-based Architecture Jun Bi Tsinghua University/CERNET GFI 2013 Nov. 20, 2013 1 Content Source Address Validation Architecture (SAVA)
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationPacket-Optical SDN Field Trial for Multi-Layer Network Optimization. Jim Theodoras May 2016
Packet-Optical SDN Field Trial for Multi-Layer Network Optimization Jim Theodoras May 2016 OSI Stack Top of Stack 7 6 5 Application Presentation Session Data 4 Transport Layer TCP, UDP Segments SDN 3 Network
More informationMaking Inroads to Infrastructure SDN with Cisco Quantum WAVE. Sonny Franslay Consulting SE, WAN Orchestration
1 Making Inroads to Infrastructure SDN with Cisco Quantum WAVE Sonny Franslay Consulting SE, WAN Orchestration 2 The Mission: Service Provider Business Transformation Cost Reduction and Agility Delivers
More informationIntroduction to OpenDaylight and Hydrogen, Learnings from the Year, and What s Next for OpenDaylight
Introduction to OpenDaylight and Hydrogen, Learnings from the Year, and What s Next for OpenDaylight David Meyer, CTO and Chief Scientist, Brocade dmm@{brocade.com,uoregon.edu,cs.uoregon.edu,1-4-5.net,
More informationMP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017
MP-BGP VxLAN, ACI & Demo Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017 Datacenter solutions Programmable Fabric Classic Ethernet VxLAN-BGP EVPN standard-based Cisco DCNM Automation Modern
More informationProgrammability of Cisco DC Infrastructure
Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Programmability of Cisco DC Infrastructure Ulrich Hamm Sascha Merg 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Agenda
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationHow to be a Network Engineer in a Programmable Age An evolution that goes beyond Infrastructure as Code and Automation
How to be a Network Engineer in a Programmable Age An evolution that goes beyond Infrastructure as Code and Automation Hank Preston, Principal Engineer NetDevOps Evangelist ccie 38336 R/S @hfpreston github.com/hpreston
More informationSimplify and automate your network with Cisco DNA
Simplify and automate your network with Cisco DNA Mr. Brink Sanders Managing Director, Software and Network Transformation Cisco Asia Pacific and Japan March, 2017 Agenda Software-Defined Networking (SDN)
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationOpenDaylight: Introduction, Lithium and Beyond Colin Dixon
OpenDaylight: Introduction, Lithium and Beyond Colin Dixon Technical Steering Committee Chair, OpenDaylight Senior Principal Engineer, Brocade Some content from: David Meyer, Neela Jaques, and Kevin Woods
More informationNetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures
BRKPAR - 2509 NetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures Jason Baudreau Achieving Agile Network Operations How Automation
More informationService Insertion with ACI using F5 iworkflow
Service Insertion with ACI using F5 iworkflow Gert Wolfis F5 EMEA Cloud SE October 2016 Agenda F5 and Cisco ACI Joint Solution Cisco ACI L4 L7 Service Insertion Overview F5 and Cisco ACI Integration Models
More informationOne Platform Kit: The Power to Innovate
White Paper One Platform Kit: The Power to Innovate What Could You Do with the Power of the Network? What if you could: Reach into your network and extract the information you need, when you need it? Directly
More informationONOS Roadmap. September, 2017
ONOS Roadmap September, 2017 distributed core provides high-availability, scalability and performance abstractions & models allow applications to configure and control the network without becoming dependent
More informationBUILDING AN ON-PREM APPLICATION-AWARE CLOUD
BUILDING AN ON-PREM APPLICATION-AWARE CLOUD R O L F S C H A E R E R Organic DevOps Infrastructure Zookeeper CISCO SYSTEMS (Switzerland) GmbH S E P T E M B E R 1 3, 2 0 1 6 K O N G R E S S H A U S Z U R
More informationHuawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers
Huawei CloudFabric and ware Collaboration Innovation Solution in Data Centers ware Data Center and Cloud Computing Solution Components Extend virtual computing to all applications Transform storage networks
More informationBest Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect
Best Practice Deployment of F5 App Services in Private Clouds Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect Agenda 1 2 3 4 5 The trend of data center, private cloud
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationSegment Routing On Demand SR Next Hop. Bertrand Duvivier Principal Engineer CKN, March 29 th 2016
Segment Routing On Demand SR Next Hop Bertrand Duvivier Principal Engineer CKN, March 29 th 2016 (from next slide) 2 Network Bandwidth demand in SP s Network demand double every 18 months Compute demand
More informationData Plane Protection. The googles they do nothing.
Data Plane Protection The googles they do nothing. Types of DoS Single Source. Multiple Sources. Reflection attacks, DoS and DDoS. Spoofed addressing. Can be, ICMP (smurf, POD), SYN, Application attacks.
More informationOpFlex: An Open Policy Protocol
White Paper OpFlex: An Open Policy Protocol Data Center Challenges As data center environments become increasingly dynamic, networks are increasingly asked to provide agility and flexibility without compromising
More informationLTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager
LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager Henrique Molina, Technical Marketing Engineer Matthias Wessendorf, Technical Marketing Engineer Cisco Spark How
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationOpen and Disaggregated Transport SDN
Open and Disaggregated Transport SDN - from PoC to Field Trial - Dai Kashiwa, Director, NTT Communications / Board member of ONOS/CORD Marc De Leenheer, MTS, ON.Lab Toru Furusawa, Chief Engineer, NTT Communications
More informationIntegrating the Calix FPGA OLT into R-CORD. Alan DiCicco 8 November 2017
Integrating the Calix FPGA OLT into R-CORD Alan DiCicco 8 November 2017 1 Agenda We ve come a long way! FPGA OLT. What s the deal? What did Calix accomplish? Where are you headed? 2 Celebrate accomplishments
More informationVRF, MPLS and MP-BGP Fundamentals
, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @Jason_Gooley LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization -Lite MPLS & BGP Free Core
More informationGeneric Network Functions. Daya Kamath (Ericsson) Prem Sankar G (Ericsson)
Generic Network Functions Daya Kamath (Ericsson) Prem Sankar G (Ericsson) Application Co-existence and Integration Challanges Partitioning of OpenFlow Resources Every application must have their private
More informationTALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT
DATA SHEET agalaxy FOR THUNDER TPS DDOS DEFENSE MONITORING AND MANAGEMENT The A10 agalaxy management system is integrated with PLATFORMS the Thunder TPS (Threat Protection System) for DDoS protection.
More informationTransformation through Innovation
INSSPG-2921 Transformation through Innovation Sumeet Arora Senior Vice President/GM, SP Network Systems Service Providers Biggest Challenges Web scale breaks our current cost and design models. l don t
More informationInterAS Option B. Information About InterAS. InterAS and ASBR
This chapter explains the different InterAS option B configuration options. The available options are InterAS option B, InterAS option B (with RFC 3107), and InterAS option B lite. The InterAS option B
More informationConfiguring Policy-Based Routing
This chapter contains the following sections: Finding Feature Information, page 1 Information About Policy Based Routing, page 1 Licensing Requirements for Policy-Based Routing, page 5 Prerequisites for
More informationDECODING SOFTWARE DEFINED NETWORKS
DECODING SOFTWARE DEFINED NETWORKS Emil Gągała 10th PLNOG, 28.02.2013 AGENDA What s it? Architecture Use Cases Transition Summary 3 Copyright 2012 Juniper Networks, Inc. SOFTWARE DEFINED NETWORKING / SDN
More informationFulvio Risso, Matteo Bertrone, Mauricio Vasquez Bernal
Fulvio Risso, Matteo Bertrone, Mauricio Vasquez Bernal Politecnico di Torino, Italy COUPLING THE FLEXIBILITY OF OVN WITH THE EFFICIENCY OF IOVISOR: ARCHITECTURE AND DEMO 1 Datacenter Networking Datacenter
More informationNetworking in the Digital Era
Networking in the Digital Era Ioana Manea Cisco Systems Engineer 19 Octombrie 2016 Digital Transformation UBER, The world s largest taxi company owns no vehicles AIRBNB, The world s largest accommodation
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationCCIE Service Provider
CCIE Service Provider 1.0 Core Routing 25% 30% 1.1. Interior Gateway Protocol 1.1.a. Describe, implement, and troubleshoot IS-IS 1.1.b. Describe, implement, and troubleshoot OSPFv2 and OSPFv3 1.1.c. Describe
More informationRed Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide
Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight OpenStack Team Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide Overview of Red Hat OpenDaylight
More information