SDN Applications and Use Cases. Copyright 2015 ITRI
|
|
- Shanon Newman
- 5 years ago
- Views:
Transcription
1 SDN Applications and Use Cases Copyright 20 ITRI
2 Bachelor B Ph.D (IR) (ITRI) Engineer 20 Copyright 20 ITRI 2
3 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall Migration ITRI VLAN Migration Concluding Remarks Copyright 20 ITRI
4 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall Migration ITRI VLAN Migration Concluding Remarks Copyright 20 ITRI
5 What is SDN? Copyright 20 ITRI
6 OpenFlow.0 Flow Entry Matching Fields Actions Stats SDN = OpenFlow? Packet counters, byte counters, and etc OpenFlow-Enabled Switch OpenFlow Client Flow Table OpenFlow protocol Not Exactly SDN Controller (software) Forward packet to a port list Add/remove/modify VLAN Tag Drop packet Send packet to the controller Ingress Port MAC DA MAC SA EtherType VLAN ID P-bits IP Src IP Dst IP Protocol IP DSCP TCP/UDP TCP/UDP src port dst port Copyright 20 ITRI
7 SDN = Still Don t know? Copyright 20 ITRI
8 SDN is All about Network Programmability API interaction with network elements Separated Control Plane and Forwarding Plane Forwarding Plane can be Software or Hardware Control Plane agnostic to the underlying hardware Network topology derived from the application This is how SDN is different from switched networks. Vendor Independence Open and standardized interface Copyright 20 ITRI
9 How does SDN work? Copyright 20 ITRI
10 TM LIN K 0 / 0 0/ A CT Network Command & Control Traditional Interaction Model Configuration, Command & Control uses a communication channel between the Network Administrator and the Intelligence Entity on-board the Network Device. Brocade ICX 0-2P XL2- XL RESET XL X X2 X X X X X X Every Network Device can be understood to have an INDEPENDENT Intelligence Entity and a Functional Engine source: Brocade SDN creating intelligent lan infrastructures Copyright 20 ITRI 0
11 IC X 0-2P X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 ID { 2 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 ID { 2 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 ID { 2 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T XL- 0 XL2- XL ID { 2 0+ X X2 X X X X X X IC X 0-2P LI NK0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 ID { 2 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 ID { 2 0+ X X2 X X X X X X LI NK 0/ 00/000 AC T Network Command & Control What s the Problem with the Traditional Model? The larger the network the more INDEPENDENT devices you need to manage. source: Brocade SDN creating intelligent lan infrastructures Copyright 20 ITRI
12 IC X 0-2P X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T XL2- XL XL X X2 X X X X X X IC X 0-2P LI NK0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X LI NK 0/ 00/000 AC T Network Command & Control What s the Problem with the Traditional Model? The larger the network the more INDEPENDENT devices you need to manage. - they make their switching & routing decisions independently - they make their fowarding & filtering decsions independently - they treat security policies, VLANs, QoS policies, port policies, etc.. INDEPENDENTLY How Can We Make this Easier? Is there a way to make them all operate as a cohesive group? source: Brocade SDN creating intelligent lan infrastructures Copyright 20 ITRI 2
13 IC X 0-2P X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T XL2- XL XL X X2 X X X X X X IC X 0-2P LI NK0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X LI NK 0/ 00/000 AC T Network Command & Control What s the Solution? Software Defined Networking Separates the Intelligence Entity from the Functional Engine and creates a virtualized Command & Control proxy in the form of a Controller. SDN Controller source: Brocade SDN creating intelligent lan infrastructures Copyright 20 ITRI
14 IC X 0-2P X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T XL2- XL XL X X2 X X X X X X IC X 0-2P LI NK0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X IC X 0-2P LI NK 0/ 00/000 AC T X L X L- X L0 0+ X X2 X X X X X X LI NK 0/ 00/000 AC T Network Command & Control What s the Solution? Software Defined Networking Separates the Intelligence Entity from the Functional Engine and creates a virtualized Command & Control proxy in the form of a Controller. SDN Controller source: Brocade SDN creating intelligent lan infrastructures Copyright 20 ITRI
15 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall Migration ITRI VLAN Migration Concluding Remarks Copyright 20 ITRI
16 Google B WAN Copyright 20 ITRI
17 Motivation: WAN Cost Components Hardware Routers Transport gear Fiber Standard practice: overprovisioning Shortest path routing Slow convergence time Maintain SLAs despite failures No traffic differentiation Operational expenses/human costs Box-centric versus fabric-centric views Copyright 20 ITRI
18 Google s WAN: B Google inter-datacenter traffic: a. User data copy b. Remote storage access c. large-scale data push for state synchronizing Volume: a b c Latency sensitivity: a b c Priority: a b c B characteristics Elastic bandwidth demands Moderate number of sites End application control Cost sensitivity Copyright 20 ITRI
19 B Overview B Operations Simultaneously support standard routing protocols and centralized traffic engineering. Control at network edge to adjudicate among competing bandwidth demands. Use multiple forwarding paths to leverage available network capacity. Dynamically reallocate bandwidth in the face of link/switch failures or shifting application demands Source: B (SIGCOMM ) Link utilization: Traditional 0-0% B around % Copyright 20 ITRI
20 B Usage & TE Example Source: Google (ONS 202) Flow Group (FG) Site-to-site flow aggregation Multipath forwarding Tunnel Group (TG) A fraction of FG forwarded along each tunnel Source: B (SIGCOMM ) Copyright 20 ITRI 20
21 NEC ProgrammableFlow VTN Copyright 20 ITRI 2
22 VTN Information Model Source: NEC s ProgrammableFlow NBI: VTN Model & Use-cases Copyright 20 ITRI 22
23 VTN Example Source: NEC s ProgrammableFlow NBI: VTN Model & Use-cases Copyright 20 ITRI 2
24 VTN Feature Sets & Policies Virtual Network Provisioning VTN design (Add/Delete/Change) VTN model operation (Add/Delete/Change) vfilter: Flow Control in VTN 2-tuple based Flow filter QoS Control in Virtual Network ACL (e.g. drop) Redirect (service chaining) Apply to whole VTN or Virtual Network Monitoring VTN information collection (Traffic /port/link statistics, Failure Events & Alarms, Controller status) Port/VLAN/MAC mapping Copyright 20 ITRI 2
25 ProgrammableFlow VTN Use Case VTN for Kanazawa University Hospital Copyright 20 ITRI 2
26 OpenDefenseFlow (DefenseAll in OpenDaylight) Copyright 20 ITRI 2
27 DDoS Impact on Business zombie zombie zombie zombie zombie Copyright 20 ITRI 2
28 DDoS Overview Distributed denial-of-service (DDoS) attacks target network infrastructures or computer services by sending overwhelming number of service requests to the server from many sources. Server resources are used up in serving the fake requests resulting in denial or degradation of legitimate service requests to be served Addressing DDoS attacks Detection Detect incoming fake requests Mitigation Diversion Send traffic to a specialized device that removes the fake packets from the traffic stream while retaining the legitimate packets Return Send back the clean traffic to the server Copyright 20 ITRI 2
29 OpenDefenseFlow Overview SDN Applications OpenDefenseFlow Application (DefenseAll) The SDN Application That Programs Networks for DDoS Protection API SDN Controller SDN Controller Controller OpenFlow API SDN Data Plane DefensePro (mitigation devices) Source: OpenDefenseFlow proposal overview for OpenDaylight 2 Copyright 20 ITRI
30 OpenDefenseFlow Anti-DDoS SDN Security Service provisioning Programmable Probe Collect Detection Analyze & Decide Flow Diversion - Control Security Application Configure DefensePro with learned baselines DefenseFlow SDN Controller Attack!!! Create baselines per: IP Address, Protocol & Service (Port) servers servers Internet DefensePro (or equivalent) servers Source: OpenDefenseFlow proposal overview for OpenDaylight Slide 0 Copyright 20 ITRI 0
31 OpenDefenseFlow on OpenDaylight Copyright 20 ITRI
32 OpenDefenseFlow Architecture Statistics Service addcounter(selector) readcounter(selector) removecounter(selector) resetcounter(selector) Flow Entry in OpenFlow v.0 Match Fields Priority Counters Copyright 20 ITRI 2
33 Statistics Service Counter Smart Placement Copyright 20 ITRI
34 OpenDefenseFlow Architecture Redirection Service redirecttraffic(selector, devices[]) mirrortraffic(selector, devices[]) (a) Redirection (b) Mirroring Copyright 20 ITRI
35 Traffic Redirection for Attack Mitigation PO Copyright 20 ITRI
36 OpenDefenseFlow Architecture Anomaly Detection Builds peace time (normal) traffic baselines Identifies deviations from normal traffic baselines Pluggable system to support: Multiple vendors Different detection techniques Extensibility (detect new attacks) etc. Copyright 20 ITRI
37 OpenDefenseFlow Architecture Mitigation Driver Configures external mitigation device(s) E.g., pass to device baseline to expedite detection Configuring the network such that the suspicious traffic (and only the suspicious traffic) is diverted to suitable mitigation device Monitoring of external mitigation device(s) e.g., attack ended After attacks, restores the network to original configuration Vendor Independent Interested vendors can connect to the system by written a Mitigator Driver (think device drivers in OS) Copyright 20 ITRI
38 OpenDefenseFlow Unique Value Proposition Scalable, precise and fast attack/anomaly detection Utilize native SDN programming for attack traffic diversion Lower solution costs Statistical collection without costly specialized hardware detectors Simple attack diversion (no need to use BGP injection, GRE tunnel) Centralized control allows efficient management of mitigation resources, monitoring and reporting Extensible Add detection algorithms Add mitigation devices Copyright 20 ITRI
39 Flow Information Collection in Conventional Network NetFlow record (extended as IETF IPFIX) Input interface index used by SNMP Output interface index Timestamps for the flow start and finish time Number of bytes and packets observed Layer headers: Source & destination IP addresses Source and destination port numbers for TCP, UDP, SCTP ICMP Type and Code. IP protocol Type of Service (ToS) value The union of all TCP flags observed over the life of the flow. Layer Routing information: IP address of the immediate next-hop along the route to the destination Source & destination IP masks (prefix lengths in the CIDR notation) Copyright 20 ITRI
40 Conventional DDoS Mitigation with Netflow Records of all flows passing through specific router interface Copyright 20 ITRI 0
41 Conventional DDoS Mitigation with Netflow Copyright 20 ITRI
42 Conventional DDoS Mitigation with Netflow Copyright 20 ITRI 2
43 Netflow vs. OpenDefenseFlow Capability Netflow based Mitigation Open- DefenseFlow Detection Network DDoS flood attacks Full coverage Full Coverage Mitigation Mitigation response time Slow Min Network Operation Requires BGP announcement, GRE tunneling and several detectors Slow Complicated Complicated Diversion Traffic granularity Low Inaccurate Granularity Cost Effective Requires hardware detectors Requires scrubbing center Consumes routers CPU and ports Expensive Expensive Immediate seconds Simple - diversion is a network service High Granularity divert only suspicious traffic (Conventional network vs. SDN) Low cost Copyright 20 ITRI
44 OpenDefenseFlow Scope The OpenDefenseFlow (DefenseAll) will provide the following: An implementation of the Anomaly Detection subsystem including a vendor independent framework for plugging different detection algorithms and a reference implementation of such a detection plug-in. This sample detector will be able to handle common DoS attacks, and it will serve as an example for developers of more sophisticated detectors. An implementation of the Mitigation Driver subsystem including a vendor independent framework for plugging different mitigation devices and a reference implementation of such mitigator plugin. An OSGI bundle for the Statistics Service subsystem including a REST API An OSGI bundle for the Traffic Redirection Service subsystem including a REST API The OpenDefenseFlow API. Copyright 20 ITRI
45 Firewall Migration Copyright 20 ITRI
46 Firewall and Firewall Migration Firewall (FW) Comprehensive powerful functions: packet-filtering, NAT, routing, proxy, VPN etc Product-dependent configuration/management Firewall migration A challenging task where the devil is in the details Challenges come from: Many and many rules Different policy definition manner Ex: zone-based vs. single zone policies Interpretation errors of migration tool Human errors Manual rule translation & validation Unfamiliar with the firewall default behavior Copyright 20 ITRI
47 Conventional Firewall Migration Big bang strategy Strategies A new firewall completely replaces the old one. Higher risk Finished progress = 0% or 00% Lower complexity Unpredictable migration time Due to high risk Re-addressing strategy The new firewall coexists with the old one. Lower risk Migrating services step by step Higher complexity Require topology re-design and IP re-addressing Time-consuming Is there a novel strategy with lower risk and lower complexity? Copyright 20 ITRI
48 A Simple Network Conventional network with a firewall Rule subset of the firewall Firewall Rules SRC IP DEST IP DST Port Action Drop Drop Permit Target Flow Source: Ethereal.com Copyright 20 ITRI
49 Goal of Firewall Migration How to divert target flow to the new path? Most routers do not support policy-based routing (PBR) with line-rate forwarding. Idea: firewalls and SDN are both about flows Source: Ethereal.com Copyright 20 ITRI
50 OpenFlow for Firewall Migration Introduce SDN-enabled switches & controller Source: Ethereal.com Copyright 20 ITRI 0
51 SDN-based Firewall Migration Build FW Migration App. App reads the configuration from the old firewall, and parses the configuration into rules. Manual selection 2. App translates the rules then loads the firewall rules into the new firewall. Manual checking and validation. Flow cutover: the OpenFlow forwarding rules are sent to the OpenFlow switches Manual testing (OF2) (OF) Example Flow entry in OF Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst Copyright 20 ITRI IP Prot TCP sport TCP dport * * * * * * * * 0 port2 Action Source: Ethereal.com
52 ITRI VLAN Migration Copyright 20 ITRI 2
53 Motivation of VLAN Migration Rich services/departments WiFi, U-bike, surveillance system, access control system, Legacy L2 switch generally supports (only) port-based VLAN Managing port-based VLAN is complex and time-consuming Copyright 20 ITRI
54 VLAN Migration ITRI ITSC Goal: to reduce operational expense (OPEX) Flexible VLAN partition rule port, MAC address, IP address, One-shot configuration Replacing access switches Copyright 20 ITRI
55 Outline SDN Basics SDN Use Cases & Applications Google B WAN NEC VTN OpenDefenseFlow Firewall Migration ITRI VLAN Migration Concluding Remarks Copyright 20 ITRI
56 Potential Innovative Issues Wired/Wireless network resource management IEEE tutorial wireless SDN in access and backhaul Application-aware traffic engineering Efficient/scalable network state monitoring Device, application, switch/link loading, flow table usage Protocol independent forwarding P: programming protocol-independent packet processors Security applications Unified access control, IDS, DDoS protection Security of SDN OpenFlow: A Security Analysis Copyright 20 ITRI
57 SDN Brings Network Programmability, Flexibility and Agility Copyright 20 ITRI
58 There will be much more SDN/NFV innovations!! Copyright 20 ITRI
59 Thank You! Copyright 20 ITRI
Lecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 10.1 A real SDN implementation: the Google B4 case Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it WAN WAN = Wide Area Network WAN features: Very expensive (specialized high-end
More informationCSC 4900 Computer Networks: Network Layer
CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationIntroduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)
Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN) Myungjin Lee myungjin.lee@ed.ac.uk Courtesy note: Slides from course CPS514 Spring 2013 at Duke University and
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationCOMP211 Chapter 4 Network Layer: The Data Plane
COMP211 Chapter 4 Network Layer: The Data Plane All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationSoftware Defined Networking
CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc
More informationLesson 9 OpenFlow. Objectives :
1 Lesson 9 Objectives : is new technology developed in 2004 which introduce Flow for D-plane. The Flow can be defined any combinations of Source/Destination MAC, VLAN Tag, IP address or port number etc.
More informationSoftware Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.
MOBILE COMMUNICATION AND INTERNET TECHNOLOGIES Software Defined Networks and Courtesy of: AT&T Tech Talks http://web.uettaxila.edu.pk/cms/2017/spr2017/temcitms/ MODULE OVERVIEW Motivation behind Software
More informationProgrammableFlow: OpenFlow Network Fabric
ProgrammableFlow: OpenFlow Network Fabric Samrat Ganguly, PhD NEC Corpora)on of America Page 1 Introducing ProgrammableFlow Software Defined Network Suite First OpenFlow-enabled network fabric Design,
More informationOPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net
OPENFLOW & SOFTWARE DEFINED NETWORKING Greg Ferro EtherealMind.com and PacketPushers.net 1 HUH? OPENFLOW. What is OpenFlow? From the bottom up. With big words. How OpenFlow does stuff. Then WHY we want
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message
More informationSoftware Defined Networking
Software Defined Networking Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 http://www.cs.princeton.edu/courses/archive/spr12/cos461/ The Internet: A Remarkable
More informationCS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013
CS 5114 Network Programming Languages Data Plane http://www.flickr.com/photos/rofi/2097239111/ Nate Foster Cornell University Spring 2013 Based on lecture notes by Jennifer Rexford and Michael Freedman
More informationApplication of SDN: Load Balancing & Traffic Engineering
Application of SDN: Load Balancing & Traffic Engineering Outline 1 OpenFlow-Based Server Load Balancing Gone Wild Introduction OpenFlow Solution Partitioning the Client Traffic Transitioning With Connection
More informationEnd to End SLA for Enterprise Multi-Tenant Applications
End to End SLA for Enterprise Multi-Tenant Applications Girish Moodalbail, Principal Engineer, Oracle Inc. Venugopal Iyer, Principal Engineer, Oracle Inc. The following is intended to outline our general
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationIntelligent Service Function Chaining. March 2015
Intelligent Service Function Chaining March 2015 Drivers & challenges for Service Chaining 1. Easier & faster service deployment 2. Cost reduction 3. Smooth transition to the future architecture 4. Standardization
More informationConfiguring Firewall Filters (J-Web Procedure)
Configuring Firewall Filters (J-Web Procedure) You configure firewall filters on EX Series switches to control traffic that enters ports on the switch or enters and exits VLANs on the network and Layer
More informationCSC358 Week 6. Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved
CSC358 Week 6 Adapted from slides by J.F. Kurose and K. W. Ross. All material copyright 1996-2016 J.F Kurose and K.W. Ross, All Rights Reserved Logistics Assignment 2 posted, due Feb 24, 10pm Next week
More informationEC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane
EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane This presentation is adapted from slides produced by Jim Kurose and Keith Ross for their book, Computer Networking:
More informationDDoS Protection in Backbone Networks
DDoS Protection in Backbone Networks The Czech Way Pavel Minarik, Chief Technology Officer Holland Strikes Back, 3 rd Oct 2017 Backbone DDoS protection Backbone protection is specific High number of up-links,
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationConfiguring ACLs. ACL overview. ACL categories. ACL numbering and naming
Contents Configuring ACLs 1 ACL overview 1 ACL categories 1 ACL numbering and naming 1 Match order 2 ACL rule numbering 3 Implementing time-based ACL rules 3 IPv4 fragments filtering with ACLs 3 Flow templates
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane Lu Su Assistant Professor Department of Computer Science and Engineering State University of New York at Buffalo Adapted from the slides of the book s authors Computer
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Network Layer IPv4, Format and Addressing,, IPv6 Prof. Lina Battestilli Fall 2017 Chapter 4 Outline Network Layer: Data Plane 4.1 Overview of Network layer
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:
Managing and Securing Computer Networks Guy Leduc Chapter 2: Software-Defined Networks (SDN) Mainly based on: Computer Networks and Internets, 6 th Edition Douglas E. Comer Pearson Education, 2015 (Chapter
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationQuality of Service Setup Guide (NB14 Series)
Quality of Service Setup Guide (NB14 Series) About This Quality of Service (QoS) Guide Quality of Service refers to the reservation of bandwidth resources on the Nb14 Series router to provide different
More informationDrive Greater Value from Your Cisco Deployment with Radware Solutions
Drive Greater Value from Your Cisco Deployment with Radware Solutions Ron Meyran Director, Alliances Marketing Feb 24, 2015 Introducing Radware Radware/Cisco Solution Mapping Solutions Overview & Differentiators
More informationTechniques and Protocols for Improving Network Availability
Techniques and Protocols for Improving Network Availability Don Troshynski dtroshynski@avici.com February 26th, 2004 Outline of Talk The Problem Common Convergence Solutions An Advanced Solution: RAPID
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils
More informationCS 4226: Internet Architecture
Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:
More informationSoftware-Defined Networking (Continued)
Software-Defined Networking (Continued) CS640, 2015-04-23 Announcements Assign #5 released due Thursday, May 7 at 11pm Outline Recap SDN Stack Layer 2 Learning Switch Control Application Design Considerations
More informationUsing SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall comnet.informatik.uni-wuerzburg.de SarDiNe
More informationSoftware-Defined Networking (SDN) Overview
Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationConfiguring the Catena Solution
This chapter describes how to configure Catena on a Cisco NX-OS device. This chapter includes the following sections: About the Catena Solution, page 1 Licensing Requirements for Catena, page 2 Guidelines
More informationTaxonomy of SDN. Vara Varavithya 17 January 2018
Taxonomy of SDN Vara Varavithya 17 January 2018 Modern Data Center Environmentally protected warehouses Large number of computers for compute and storage Blades Computer- Top-of-Rack (TOR) Switches Full
More informationProgrammableFlow White Paper. March 24, 2016 NEC Corporation
March 24, 2016 NEC Corporation Contents Preface 3 OpenFlow and ProgrammableFlow 5 Seven Functions and Techniques in ProgrammableFlow 6 Conclusion 19 2 NEC Corporation 2016 Preface SDN (Software-Defined
More informationLecture 16: Network Layer Overview, Internet Protocol
Lecture 16: Network Layer Overview, Internet Protocol COMP 332, Spring 2018 Victoria Manfredi Acknowledgements: materials adapted from Computer Networking: A Top Down Approach 7 th edition: 1996-2016,
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane Chapter 4: outline 4.1 Overview of Network layer data plane control plane 4.2 What s inside a router 4.3 IP: Internet Protocol datagram format fragmentation IPv4
More informationEnable Infrastructure Beyond Cloud
Enable Infrastructure Beyond Cloud Tim Ti Senior Vice President R&D July 24, 2013 The Ways of Communication Evolve Operator s challenges Challenge 1 Revenue Growth Slow Down Expense rate device platform
More informationIT Infrastructure. Transforming Networks to Meet the New Reality. Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015
IT Infrastructure Transforming Networks to Meet the New Reality Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
More informationSoftware Defined Networks
Software Defined Networks A quick overview Based primarily on the presentations of Prof. Scott Shenker of UC Berkeley The Future of Networking, and the Past of Protocols Please watch the YouTube video
More informationLecture 3. The Network Layer (cont d) Network Layer 1-1
Lecture 3 The Network Layer (cont d) Network Layer 1-1 Agenda The Network Layer (cont d) What is inside a router? Internet Protocol (IP) IPv4 fragmentation and addressing IP Address Classes and Subnets
More informationAPNIC elearning: SDN Fundamentals
APNIC elearning: SDN Fundamentals Issue Date: esdn01_v0.15 Revision: Overview Evolution of routers The Clean Slate project OpenFlow Emergence and evolution of SDN SDN architecture today Use cases Standards
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationCisco Extensible Network Controller
Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies
More informationDevoFlow: Scaling Flow Management for High Performance Networks
DevoFlow: Scaling Flow Management for High Performance Networks SDN Seminar David Sidler 08.04.2016 1 Smart, handles everything Controller Control plane Data plane Dump, forward based on rules Existing
More informationXen*, SDN and Apache Cloudstack. Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit
Xen*, SDN and Apache Cloudstack Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit Outline A bit about CloudStack A bit about SDN A bit about OpenVswitch Some bits about SDN
More informationUsing NetFlow Filtering or Sampling to Select the Network Traffic to Track
Using NetFlow Filtering or Sampling to Select the Network Traffic to Track First Published: June 19, 2006 Last Updated: December 17, 2010 This module contains information about and instructions for selecting
More informationLecture 8. Network Layer (cont d) Network Layer 1-1
Lecture 8 Network Layer (cont d) Network Layer 1-1 Agenda The Network Layer (cont d) What is inside a router Internet Protocol (IP) IPv4 fragmentation and addressing IP Address Classes and Subnets Network
More informationAruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00
Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00 Part Number: 5200-4710a Published: April 2018 Edition: 2 Copyright 2018 Hewlett Packard Enterprise Development LP Notices
More informationChapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1
Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is
More informationVirtualization of networks
Virtualization of networks Virtualization of resources: powerful abstraction in systems engineering Computing examples: Virtual memory, virtual devices Virtual machines: e.g., Java IBM VM OS from 1960
More informationSD-Access Wireless: why would you care?
SD-Access Wireless: why would you care? CUWN Architecture - Centralized Overview Policy Definition Enforcement Point for Wi-Fi clients Client keeps same IP address while roaming WLC Single point of Ingress
More informationCentec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R
Centec V350 Product Introduction Centec Networks (Suzhou) Co. Ltd R1.6 2016-03 V350 Win the SDN Idol@ONS V350 win the SDN Idol@ONS award in ONS 2013 2016 Centec Networks (Suzhou) Co., Ltd. All rights reserved.
More informationCybersecurity was nonexistent for most network data exchanges until around 1994.
1 The Advanced Research Projects Agency Network (ARPANET) started with the Stanford Research Institute (now SRI International) and the University of California, Los Angeles (UCLA) in 1960. In 1970, ARPANET
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationComputer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS
Computer Network Architectures and Multimedia Guy Leduc Chapter 2 MPLS networks Chapter based on Section 5.5 of Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley,
More informationAT&T SD-WAN Network Based service quick start guide
AT&T SD-WAN Network Based service quick start guide After you order your AT&T SD-WAN Network Based service, you can: Create administrator accounts Log in to the SD-WAN orchestrator Configure business policy
More informationChapter 8. Network Troubleshooting. Part II
Chapter 8 Network Troubleshooting Part II CCNA4-1 Chapter 8-2 Network Troubleshooting Review of WAN Communications CCNA4-2 Chapter 8-2 WAN Communications Function at the lower three layers of the OSI model.
More informationH3C S9500 QoS Technology White Paper
H3C Key words: QoS, quality of service Abstract: The Ethernet technology is widely applied currently. At present, Ethernet is the leading technology in various independent local area networks (LANs), and
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationChapter 4 Network Layer: The Data Plane. Part A. Computer Networking: A Top Down Approach
Chapter 4 Network Layer: The Data Plane Part A All material copyright 996-06 J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking: A Top Down Approach 7 th Edition, Global Edition Jim Kurose,
More informationSo#ware Defined Networking
The Internet: A Remarkable Story 2! Tremendous success From research experiment to global infrastructure So#ware Defined Networking Brilliance of under- specifying Network: best- effort packet delivery
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More informationBrocade Flow Optimizer
DATA SHEET Brocade Flow Optimizer Highlights Helps improve business agility by streamlining network operations via policy-driven visibility and control of network flows Provides distributed attack mitigation
More informationIntroduction to Internetworking
Introduction to Internetworking Stefano Vissicchio UCL Computer Science COMP0023 Internetworking Goal: Connect many networks together into one Internet. Any computer can send to any other computer on any
More informationCisco Catalyst 6500 Supervisor Engine 2T: NetFlow Enhancements
Cisco Catalyst 6500 Supervisor Engine 2T: NetFlow Enhancements White Paper March 5, 2011 Contents Overview... 3 NetFlow Introduction... 3 Sup2T Increased NetFlow Scalability... 6 Egress NetFlow... 7 Sampled
More informationIntroduction to Segment Routing
Segment Routing (SR) is a flexible, scalable way of doing source routing. Overview of Segment Routing, page 1 How Segment Routing Works, page 2 Examples for Segment Routing, page 3 Benefits of Segment
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationInformation about Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists (ACLs), which in commands and tables are also referred to as access lists. Finding Feature Information,
More information100 GBE AND BEYOND. Diagram courtesy of the CFP MSA Brocade Communications Systems, Inc. v /11/21
100 GBE AND BEYOND 2011 Brocade Communications Systems, Inc. Diagram courtesy of the CFP MSA. v1.4 2011/11/21 Current State of the Industry 10 Electrical Fundamental 1 st generation technology constraints
More informationDDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch)
DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (www.trenka.ch) Pavel Minarik, Chief Technology Officer SwiNOG meeting, 9 th Nov 2017 Backbone DDoS protection Backbone protection
More informationCMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12
CMPE 150/L : Introduction to Computer Networks Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12 1 Chapter 4: outline 4.1 introduction 4.2 virtual circuit and datagram networks 4.3 what
More informationNetwork Layer: Chapter 4. The Data Plane. Computer Networking: A Top Down Approach
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationSummary Chapter 4. Smith College, CSC 249 March 2, q IP Addressing. q DHCP dynamic addressing
Smith College, CSC 49 March, 08 Summary Chapter 4 q IP Addressing Network prefixes and Subnets IP datagram format q DHCP dynamic addressing Obtain: own IP address Subnet mask, DNS serer & first-hop router
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationinternet technologies and standards
Institute of Telecommunications Warsaw University of Technology 2017 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński Network Layer The majority of slides presented in
More informationConfiguring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. About NetFlow, page 1 Licensing Requirements for NetFlow, page 4 Prerequisites for NetFlow, page 4 Guidelines and Limitations
More informationDistributed Denial of Service
Distributed Denial of Service Vimercate 17 Maggio 2005 anegroni@cisco.com DDoS 1 Agenda PREFACE EXAMPLE: TCP EXAMPLE: DDoS CISCO S DDoS SOLUTION COMPONENTS MODES OF PROTECTION DETAILS 2 Distributed Denial
More informationCS-580K/480K Advanced Topics in Cloud Computing. Software-Defined Networking
CS-580K/480K Advanced Topics in Cloud Computing Software-Defined Networking 1 An Innovation from Stanford Nick McKeown In 2006, OpenFlow is proposed, which provides an open protocol to program the flow-table
More informationSwitching and Routing projects description
Switching and Routing 2012-2013 projects description Outline Introduction to OpenFlow A case study The projects Additional information What s OpenFlow An open standard, which defines: An abstraction of
More informationConfiguring Local SPAN and ERSPAN
This chapter contains the following sections: Information About ERSPAN, page 1 Licensing Requirements for ERSPAN, page 5 Prerequisites for ERSPAN, page 5 Guidelines and Limitations for ERSPAN, page 5 Guidelines
More informationTraffic Engineering 2: Layer 2 Prioritisation - CoS (Class of Service)
Published on Jisc community (https://community.jisc.ac.uk) Home > Network and technology service docs > Vscene > Technical details > Products > H.323 > Guide to reliable H.323 campus networks > Traffic
More informationOpenFlow DDoS Mitigation
OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering Introduction Distributed Denial of Service attacks Types of attacks Application layer attacks
More informationDecision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA
Decision Forest: A Scalable Architecture for Flexible Flow Matching on FPGA Weirong Jiang, Viktor K. Prasanna University of Southern California Norio Yamagaki NEC Corporation September 1, 2010 Outline
More informationIPv6 in Campus Networks
IPv6 in Campus Networks Dave Twinam Manager, Technical Marketing Engineering Internet Systems Business Unit dtwinam@cisco.com Cisco Twinam IPv6 Summit 2003 Cisco Systems, Inc. All rights reserved. 1 IPv6
More informationCarrier SDN for Multilayer Control
Carrier SDN for Multilayer Control Savings and Services Víctor López Technology Specialist, I+D Chris Liou Vice President, Network Strategy Dirk van den Borne Solution Architect, Packet-Optical Integration
More informationChapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview
Chapter 4: chapter goals: understand principles behind services service models forwarding versus routing how a router works generalized forwarding instantiation, implementation in the Internet 4- Network
More informationNetwork Management and Monitoring
Network Management and Monitoring Introduction to Netflow These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More information