Firewall offloading based on SDN and NFV
|
|
- Blanche Phillips
- 5 years ago
- Views:
Transcription
1 Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich Firewall offloading based on SDN and NFV ITG 5.2.2/ Raphael Durner 2016 Technical University of Munich
2 Overview Introduction Motivation Main security requirements Network Function Virtualization State of the Art SDN & NFV Architecture Offloading Approach ByteLim Logic Conclusion and open Questions 2
3 Motivation Software Defined Networking: Central control improves programmability and makes innovations easier Network Function Virtualization: Run Network Functions on Commodity Hardware and in the cloud Reduce costs Use available resources flexible How can we guarantee a certain security level in these environments? How can security related network functions be virtualized? 3
4 Main Security Requirements Isolation of services Authentication and Authorization of devices/users/services Isolation of flows Stateless firewalling Stateful Firewalling Check states of protocols e.g. TCP, SIP Normalization e.g. filter non-standard DNS replys, filter html Stateless < Stateful < Application Layer 4
5 State of the Art Firewalls External Network Internal Network Client Firewall Resides on the Networks Edge Control Plane (State) and Forwarding Plane not decoupled 5
6 SDN and NFV Network Security Architecture Private Cloud External Network SDN SDN SDN Application 1 Application 2 SDN SDN VNF 1 Client Client Client VNF 2 No distinct edge of the network Firewall has to filter everywhere Higher Load on Firewalls Potentially higher security 6
7 Offloading Approach Combine NFV and SDN Traffic steering with SDN Some parts of the Network function with SDN Some parts offloaded to NE - More Complex + leverages benefits of both approaches SDN Controller DP Client Optimizer CP Client VNF vfirewall CP DP Example TCP: 1. Connection Setup using VNF 2. Established connection using Hardware 7
8 Building Blocks VNF Offloading Logic SDN Controller Data Plane VNF signals connection state to Logic Logic decides for Offloading Flow Command to SDN Controller SDN Controller installs necessary rules in Hardware 8
9 Challenges Flow setup in switch Can cause duplicates, packet loss and (short time) connection interruption Lack of Hardware Current OpenFlow switches handle header rewrite in software very low throughput Offloading Decision: Flow classification algorithms needed Which Flows can be offloaded and what are the gains? 9
10 Challenges Which Flows can be offloaded and what are the gains? What limits the usage of Offloading? Flow capactiy in the hardware Flow Setup Rate Delay from decision to active Offloading 10
11 Constraint: Delay in the complete system TCP handshake finished VNF Logic Controller Switch t_p t_v Total Delay t_p t_v t_p t_v Flow handeled in Hardware 11
12 Building Blocks Realisation VNF Logic SDN Controller Data Plane Realisation IpTables Logic (Python) Ryu SDN Controller OVS/ PICA/ NEC Conntrack REST OpenFlow 12
13 Total Delays Results: ~ 100 ms for OVS & NEC Implications: Not feasible for short lived flows like DNS Delay > RTT Effects on TCP algorithm 13
14 Effects of Logic on Performance VNF Logic SDN Controller Data Plane Oracle Which Flow metrics must be estimated by the Oracle? Gain i.e. cost of flow through VNF proportional to packet count Offload Flows with many Packets 14
15 Bytelimit Logic Logic decides based on Flowsize Flows above a threshold are offloaded Oracle predicts Flowsize based on used application Mathematical Description: f x : PDF of flow size x: Flow size P x : PDF of Packets P x = f x x = න f x x dx discrete P = F X 15
16 Bytelimit Logic Example: Negative Exponentially distributed Flowsize Share of Flows f(x) Share of Packets P(x) P x = f x x = න f x x dx discrete P = F X 16
17 Bytelimit Logic Simulation vs Theory Trendline similar Very big flows are hard to simulate 17
18 Bytelimit Logic Simulation vs Theory Trendline similar Offset between simulation and theory Very big flows are hard to simulate 18
19 Conclusion and Open Questions Basic building blocks for offloading developed Bytlim logic shows promising results Difference between simulation and theory should be evaluated Open: How to predict Bytesize? Simple classification by {source IP, Port} 19
20 Questions?
Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall comnet.informatik.uni-wuerzburg.de SarDiNe
More informationLecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.
More informationSoftware-Defined Networking (SDN) Overview
Reti di Telecomunicazione a.y. 2015-2016 Software-Defined Networking (SDN) Overview Ing. Luca Davoli Ph.D. Student Network Security (NetSec) Laboratory davoli@ce.unipr.it Luca Davoli davoli@ce.unipr.it
More informationNetwork Function Virtualization (NFV)
Network Function Virtualization (NFV) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ References 1. R. Mijumbi et al., Network Function Virtualization:
More informationCommunication System Design Projects
Communication System Design Projects KUNGLIGA TEKNISKA HÖGSKOLAN PROFESSOR: DEJAN KOSTIC TEACHING ASSISTANT: GEORGIOS KATSIKAS Traditional Vs. Modern Network Management What is Network Management (NM)?
More informationL7 Application Visibility for NFV and Data Centers
L7 Application Visibility for NFV and Data Centers Creating Service-Awareness across Networks October 2015 Agenda 1. Who is Qosmos? 2. What is L7 visibility and application awareness? 3. Use cases L7 application
More informationIQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.
IQ for DNA Interactive Query for Dynamic Network Analytics Haoyu Song www.huawei.com Motivation Service Provider s pain point Lack of real-time and full visibility of networks, so the network monitoring
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationMaking Network Functions Software-Defined
Making Network Functions Software-Defined Yotam Harchol VMware Research / The Hebrew University of Jerusalem Joint work with Anat Bremler-Barr and David Hay Appeared in ACM SIGCOMM 2016 THE HEBREW UNIVERSITY
More informationEnabling Efficient and Scalable Zero-Trust Security
WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support
More informationFlexNets: It s all about flexibility!
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich FlexNets: It s all about flexibility! Wolfgang Kellerer Technical University of Munich MIRR,
More informationDesign and development of the reactive BGP peering in softwaredefined routing exchanges
Design and development of the reactive BGP peering in softwaredefined routing exchanges LECTURER: HAO-PING LIU ADVISOR: CHU-SING YANG (Email: alen6516@gmail.com) 1 Introduction Traditional network devices
More informationTyphoon: An SDN Enhanced Real-Time Big Data Streaming Framework
Typhoon: An SDN Enhanced Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V. Lakshman, and Jacobus Van der Merwe 1 Big Data Era Big data analysis is increasingly common
More informationProgrammable Software Switches. Lecture 11, Computer Networks (198:552)
Programmable Software Switches Lecture 11, Computer Networks (198:552) Software-Defined Network (SDN) Centralized control plane Data plane Data plane Data plane Data plane Why software switching? Early
More informationLecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 10.1 A real SDN implementation: the Google B4 case Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it WAN WAN = Wide Area Network WAN features: Very expensive (specialized high-end
More informationDesign and Implementation of Virtual TAP for Software-Defined Networks
Design and Implementation of Virtual TAP for Software-Defined Networks - Master Thesis Defense - Seyeon Jeong Supervisor: Prof. James Won-Ki Hong Dept. of CSE, DPNM Lab., POSTECH, Korea jsy0906@postech.ac.kr
More informationSoftware Defined Networking
CSE343/443 Lehigh University Fall 2015 Software Defined Networking Presenter: Yinzhi Cao Lehigh University Acknowledgement Many materials are borrowed from the following links: https://www.cs.duke.edu/courses/spring13/compsc
More informationSTATEFUL TCP/UDP traffic generation and analysis
XENATM STATEFUL TCP/UDP traffic generation and analysis Ideal for validating firewalls, switches, routers, NAT routers, proxies, load-balancers, bandwidth shapers and more. VULCAN LAYER 4-7 GIGABIT ETHERNET
More informationSDN Software-Defined Networking
SDN Software-Defined Networking The big picture: Rationale, comparison with current model, pitfalls Morten Engelsåstrø Chief NMS Architect Fixed Networks Telenor Norway High-level definitions Software-Defined
More informationETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013
ETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013 Challenges and Opportunities Reduce Capex/Opex Challenges Innovation at devices and OTT side Number of devices explode
More informationIT Infrastructure. Transforming Networks to Meet the New Reality. Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015
IT Infrastructure Transforming Networks to Meet the New Reality Phil O Reilly, CTO Federal AFCEA-GMU C4I Symposium May 20, 2015 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION
More informationThomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia
Thomas Lin, Naif Tarafdar, Byungchul Park, Paul Chow, and Alberto Leon-Garcia The Edward S. Rogers Sr. Department of Electrical and Computer Engineering University of Toronto, ON, Canada Motivation: IoT
More informationSmartNIC Programming Models
SmartNIC Programming Models Johann Tönsing 207-06-07 207 Open-NFP Agenda SmartNIC hardware Pre-programmed vs. custom (C and/or P4) firmware Programming models / offload models Switching on NIC, with SR-IOV
More informationInvestigating the Use of Synchronized Clocks in TCP Congestion Control
Investigating the Use of Synchronized Clocks in TCP Congestion Control Michele Weigle (UNC-CH) November 16-17, 2001 Univ. of Maryland Symposium The Problem TCP Reno congestion control reacts only to packet
More informationState Synchronization for Fast Failover of Stateful Firewall VNF
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia State Synchronization for Fast Failover of Stateful Firewall VNF, Claas Lorenz, Alexander Müssig, Steffen Gebert,
More informationUsing Flexibility as a Measure to Evaluate Softwarized Networks
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich Using Flexibility as a Measure to Evaluate Softwarized Networks Wolfgang Kellerer Technical
More informationShim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI
Shim6: Network Operator Concerns Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI Not Currently Supporting IPv6? Many parties are going forward with IPv6 Japan
More informationEnd to End SLA for Enterprise Multi-Tenant Applications
End to End SLA for Enterprise Multi-Tenant Applications Girish Moodalbail, Principal Engineer, Oracle Inc. Venugopal Iyer, Principal Engineer, Oracle Inc. The following is intended to outline our general
More informationIxia Test Solutions to Ensure Stability of its New, LXC-based Virtual Customer Premises Equipment (vcpe) Framework for Residential and SMB Markets
Innovate, Integrate, Transform Ixia Test Solutions to Ensure Stability of its New, LXC-based Virtual Customer Premises Equipment (vcpe) Framework for Residential and SMB Markets www.altencalsoftlabs.com
More informationSome research topics and challenges at Alcatel-Lucent Bell Labs France
Some research topics and challenges at Alcatel-Lucent Bell Labs France Fabien Mathieu, Ludovic Noirie, Alcatel-Lucent Bell Labs France 2015/11/23 OUTLINE 1. Alcatel-Lucent Bell Labs in brief 2. Some researches
More informationService Function Chaining (SFC)
Service Function Chaining (SFC) Release draft (534a1d1) OPNFV February 25, 2016 CONTENTS 1 Introduction 1 2 Definitions 3 3 Abbreviations 5 4 Use Cases 7 5 Architecture 9 5.1 Service Functions............................................
More informationK a t h y Meier- H e l l s t e r n, P h D
T h e C a r r i e r C h a l l e n g e A c h i e v i n g 5-9 s a v a i l a b i l i t y o n 3-9 s C l o u d i n f r a s t r u c t u r e K a t h y Meier- H e l l s t e r n, P h D Assistant Vice President
More informationLeveraging SDN & NFV to Achieve Software-Defined Security
Leveraging SDN & NFV to Achieve Software-Defined Security Zonghua Zhang @imt-lille-douai.fr NEPS: NEtwork Performance and Security Group 2 Topics Anomaly detection, root cause analysis Security evaluation
More informationNetwork Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica Global CTO
Network Virtualisation Vision and Strategy_ (based on lesson learned) Telefónica I+D @ Global CTO 18.03.2014 Business development requires a continuous evolution of our network but it still seems unable
More informationPhil Dredger Global Lead Network Services Cloud Platform and ITO DXC. Presentation title here edit on Slide Master
NETWORK ON THE EDGE 1 1. 1. 2 0 1 7 Phil Dredger Global Lead Network Services Cloud Platform and ITO DXC 2017 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and
More informationUNIVERSITY OF CAGLIARI
UNIVERSITY OF CAGLIARI DIEE - Department of Electrical and Electronic Engineering Infrastrutture ed Applicazioni Avanzate nell Internet SDN: Control Plane ACK: content taken from Foundations of Modern
More informationCommunication System Design Projects. Communication System Design:
Communication System Design Projects KUNGLIGA TEKNISKA HÖGSKOLAN PROFESSOR: DEJAN KOSTIC TEACHING ASSISTANT: GEORGIOS KATSIKAS Communication System Design: https://www.kth.se/social/course/ik2200/ Traditional
More informationSoftware Defined. All The Way with OpenStack. T. R. Bosworth Senior Product Manager SUSE OpenStack Cloud
Software Defined All The Way with OpenStack T. R. Bosworth Senior Product Manager SUSE OpenStack Cloud Mark Darnell Senior Product Manager SUSE OpenStack Cloud Why Bother with Software Defined Infrastructure?
More informationSmartNIC Programming Models
SmartNIC Programming Models Johann Tönsing 206--09 206 Open-NFP Agenda SmartNIC hardware Pre-programmed vs. custom (C and/or P4) firmware Programming models / offload models Switching on NIC, with SR-IOV
More informationCellSDN: Software-Defined Cellular Core networks
CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford Cellular Core Network Architecture Base Station User Equipment
More informationMWC 2015 End to End NFV Architecture demo_
MWC 2015 End to End NFV Architecture demo_ March 2015 demonstration @ Intel booth Executive summary The goal is to demonstrate how an advanced multi-vendor implementation of the ETSI ISG NFV architecture
More informationNetwork Layer: The Control Plane
Network Layer: The Control Plane 7 th Edition, Global Edition Jim Kurose, Keith Ross Pearson April 06 5- Software defined networking (SDN) Internet network layer: historically has been implemented via
More information15-744: Computer Networking. Middleboxes and NFV
15-744: Computer Networking Middleboxes and NFV Middleboxes and NFV Overview of NFV Challenge of middleboxes Middlebox consolidation Outsourcing middlebox functionality Readings: Network Functions Virtualization
More informationThe Function Placement Problem (FPP)
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich The Function Placement Problem (FPP) Wolfgang Kellerer Technical University of Munich Dagstuhl,
More informationNew trends in IT. Network Functions Virtualization (NFV) & Software Defined-WAN
New trends in IT Network Functions Virtualization (NFV) & Software Defined-WAN 2017 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks
More informationSome Musings on OpenFlow and SDN for Enterprise Networks. David Meyer Open Networking Summit October 18-19, 2011
Some Musings on OpenFlow and SDN for Enterprise Networks David Meyer Open Networking Summit October 18-19, 2011 Agenda Problem Space A Few Use Cases Reflections on the Promise of OF/SDN A Few Challenges
More informationPDP : A Flexible and Programmable Data Plane. Massimo Gallo et al.
PDP : A Flexible and Programmable Data Plane Massimo Gallo et al. Introduction Network Function evolution L7 Load Balancer TLS/SSL Server Proxy Server Firewall Introduction Network Function evolution Can
More informationICN & 5G. Dr.-Ing. Dirk Kutscher Chief Researcher Networking. NEC Laboratories Europe
ICN & 5G Dr.-Ing. Dirk Kutscher Chief Researcher Networking NEC Laboratories Europe Performance and Security Today User Equipment Access Network Core/Service Network Application Servers 2 NEC Corporation
More informationVirtualization of Customer Premises Equipment (vcpe)
Case Study Virtualization of Customer Premises Equipment (vcpe) Customer Profile Customer: A Cloud Service Provider Reach: Global Industry: Telecommunications The Challenge A Cloud Service Provider serving
More informationVirtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe
Virtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe A Technical Paper prepared for SCTE/ISBE by Ajay Manuga VP Engineering Benu Networks amanuja@benunets.com 2017 SCTE-ISBE
More informationOpenStack Networking: Where to Next?
WHITE PAPER OpenStack Networking: Where to Next? WHAT IS STRIKING IS THE PERVASIVE USE OF OPEN VSWITCH (OVS), AND AMONG NEUTRON FEATURES, THE STRONG INTEREST IN SOFTWARE- BASED NETWORKING ON THE SERVER,
More informationSDN/DANCES Project Update Developing Applications with Networking Capabilities via End-to-end SDN (DANCES)
SDN/DANCES Project Update Developing Applications with Networking Capabilities via End-to-end SDN (DANCES) Kathy L. Benninger Manager of Networking Research PSC Bettis Briefing 15 September 2015 Agenda
More informationSoftware Defined Networking
Software Defined Networking 1 2 Software Defined Networking Middlebox Switch Controller Switch Switch Server Server Server Server Standardization: switches support a vendor-agnostic, open API Off-device
More informationAMD EPYC Processors Showcase High Performance for Network Function Virtualization (NFV)
White Paper December, 2018 AMD EPYC Processors Showcase High Performance for Network Function Virtualization (NFV) Executive Summary Data centers and cloud service providers are creating a technology shift
More informationComparing Open vswitch (OpenFlow) and P4 Dataplanes for Agilio SmartNICs
Comparing Open vswitch (OpenFlow) and P4 Dataplanes for Agilio SmartNICs Johann Tönsing May 24, 206 206 NETRONOME Agenda Contributions of OpenFlow, Open vswitch and P4 OpenFlow features missing in P4,
More informationNetwork Function Virtualization in Software Defined Optical Transport Networks
Network Function Virtualization in Software Defined Optical Transport Networks Yongli Zhao State Key Laboratory of Information Photonics and Optical Communications, Beijing University of Posts and Telecommunications
More informationIEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 1, FIRST QUARTER
IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 18, NO. 1, FIRST QUARTER 2016 655 Survey on Network Virtualization Hypervisors for Software Defined Networking Andreas Blenk, Arsany Basta, Martin Reisslein,
More informationONOS-based Data Plane Acceleration Support for 5G. Dec 4, SKTelecom
ONOS-based Data Plane Acceleration Support for 5G Dec 4, 2018 SKTelecom 0 A Brief Introduction to 5G Network 5G Core Service-based Architecture CP UP Key Functions - UE Authentication - UE Mobility Mgmt.
More informationManaging a Virtual Network Function using SDN and Control Theory
Managing a Virtual Network Function using SDN and Control Theory GENI Summer Camp @ TAMU May 24 th, 2017 Ibrahim Matta Joint work with Nabeel Akhtar and Yuefeng Wang GENI resources that we need Network
More informationChapter 5 Network Layer: The Control Plane
Chapter 5 Network Layer: The Control Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you
More informationExploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer
Exploring Cloud Security, Operational Visibility & Elastic Datacenters Kiran Mohandas Consulting Engineer The Ideal Goal of Network Access Policies People (Developers, Net Ops, CISO, ) V I S I O N Provide
More informationFlexNets: Evaluating Flexibility in Softwarized Communication Networks
Chair of Communication Networks Department of Electrical and Computer Engineering Technical University of Munich FlexNets: Evaluating Flexibility in Softwarized Communication Networks Wolfgang Kellerer
More informationBuilding Security Services on top of SDN
Building Security Services on top of SDN Gregory Blanc Télécom SudParis, IMT 3rd FR-JP Meeting on Cybersecurity WG7 April 25th, 2017 Keio University Mita Campus, Tokyo Table of Contents 1 SDN and NFV as
More informationXen*, SDN and Apache Cloudstack. Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit
Xen*, SDN and Apache Cloudstack Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit Outline A bit about CloudStack A bit about SDN A bit about OpenVswitch Some bits about SDN
More informationCS-580K/480K Advanced Topics in Cloud Computing. Network Virtualization
CS-580K/480K Advanced Topics in Cloud Computing Network Virtualization 1 Network Diagram of A Company 2 University Network Topology https://www.researchgate.net/figure/234782590_fig1_fig-5-see-university-network-infrastructure
More informationTCP versus UDP Response Time
Lab 9 TCP versus UDP Response Time Overview TCP provides connection-oriented service at the transport layer, and UDP provides connectionless service. As a result, a data exchange using TCP can take longer
More informationIntroduction to OpenFlow
Introduction to OpenFlow Ben Newton University of North Carolina at Chapel Hill The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated [PST04] [PST04]:
More informationDaoliNet A Simple and Smart Networking Technology for Docker Applications
DaoliNet A Simple and Smart Networking Technology for Docker Applications DaoliNet An Open Source Project www.daolinet.org May, 2016 Docker is Awesome! A Linux Container Engine Build, Ship and Run Any
More informationEnabling Agile Service Chaining with Service Based Routing
Enabling Agile Service Chaining with Service Based Routing Contents Abstract...1 1. Introduction...1 2. Huawei s SBR Solution for Agile Service Chaining...3 2.1. Architecture Overview...3 2.2. Multi-Dimensional
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationIEEE TRANS. ON NETWORK AND SERVICE MANAGEMENT, SPECIAL ISSUE ON ADVANCES IN MANAGEMENT OF SOFTWARIZED NETWORKS 1
IEEE TRANS. ON NETWORK AND SERVICE MANAGEMENT, SPECIAL ISSUE ON ADVANCES IN MANAGEMENT OF SOFTWARIZED NETWORKS 1 Towards a Cost Optimal Design for a G Mobile Core Network based on SDN and NFV Arsany Basta,
More informationFerdinand von Tüllenburg Layer-2 Failure Recovery Methods in Critical Communication Networks
Ferdinand von Tüllenburg Layer-2 Failure Recovery Methods in Critical Communication Networks Dependable Communication for Critical Infrastructures Electricity Health Transport Finance Dependable Communication
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationNETWORK VIRTUALIZATION IN THE HOME Chris Donley CableLabs
NETWORK VIRTUALIZATION IN THE HOME Chris Donley CableLabs Abstract Networks are becoming virtualized. While there has been significant focus on virtualization in core and data center networks, network
More informationNFV and SDN what does it mean to enterprises?
OPINION NFV and SDN what does it mean to enterprises? By Clive Hamilton, VP Network Services, NTT Europe Rethinking the enterprise network The typical enterprise network now comprises hundreds or even
More informationPerformance and Security Influence of Augmenting IDS using SDN and NFV
Performance and Security Influence of Augmenting IDS using SDN and NFV SSP 2017 2017/11/9 http://se.informatik.uni-wuerzburg.de/ Content Motivation Background Approach Evaluation Conclusion 1 MOTIVATION
More informationSDN Software Switch Lagopus enables SDN/NFV transformation
SDN Software Switch Lagopus enables SDN/NFV transformation Hitoshi Masutani NTT Network Innovation Labs. Nov 25 th 2016 0 Agenda 1. Background & motivation 2. SDN Software switch Lagopus 3. NFV Node with
More informationSDN+NFV Next Steps in the Journey
SDN+NFV Next Steps in the Journey Margaret T. Chiosi AT&T Labs Distinguished Architect SDN-NFV Realization 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks
More informationTALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE
DATASHEET THUNDER SOFTWARE FOR BARE METAL YOUR CHOICE OF HARDWARE A10 Networks application networking and security solutions for bare metal raise the bar on performance with an industryleading software
More informationIEEE NetSoft 2016 Keynote. June 7, 2016
IEEE NetSoft 2016 Keynote June 7, 2016 0 Contents Introduction - Network Evolution & Operator Challenges Re-architecting the RAN SDRAN: Software-defined RAN - Overview & Enabling Features SDRAN Opportunities
More informationCurrent Challenges on SDN Research
Software Defined Networks ISCTE, April 04 2018 Current Challenges on SDN Research Rui L. Aguiar ruilaa@ua.pt Universidade de Aveiro Instituto de Telecomunicações 2005, it - instituto de telecomunicações.
More informationLayer 7 Visibility for vcpe Services
Layer 7 Visibility for vcpe Services Erik Larsson, VP Marketing April 2016 Business Drivers for Enterprise vcpe Services Enterprise Drivers Service Provider Drivers Source: 2015 Virtual Edge Report, SDxCentral
More informationBIG-IP Analytics: Implementations. Version 13.1
BIG-IP Analytics: Implementations Version 13.1 Table of Contents Table of Contents Setting Up Application Statistics Collection...5 What is Analytics?...5 About HTTP Analytics profiles... 5 Overview:
More informationTowards an SDN-based Mobile Core Networks (MCN)
Towards an SDN-based Mobile Core Networks (MCN) Xueli An and Artur Hecker Huawei Technologies, European Research Center Munich Xueli.An@huawei.com and Artur.Hecker@huawei.com VDE/ITG-Fachgruppe 5.2.4,
More informationSecuring the Software-Defined Network Control Layer
Securing the Software-Defined Network Control Layer Speaker: Yuyan Lin 2017/5/9 P. Porras, S. Cheung, M. Fong, K. Skinner, and V. Yegneswaran, Securing the Software Defined Network Control Layer, In NDSS,
More informationBuilding a Platform Optimized for the Network Edge
Building a Platform Optimized for the Network Edge MPLS + SDN + NFV WORLD 2018 Nicolas Bouthors, Enea Innovation Agenda Software Virtualization - Key Requirements Leveraging DPDK Multi-Function VNFs at
More informationSolution to Question 1: ``Quickies'' (25 points, 15 minutes)
Solution to Question : ``Quickies'' (25 points, 5 minutes) What is meant by the term statistical multiplexing? Answer: In statistical multiplexing, data from multiple users (senders) is sent over a link.
More informationCasa Systems Axyom Multiservice Router
Solution Brief Casa Systems Axyom Multiservice Router Solving the Edge Network Challenge To keep up with broadband demand, service providers have used proprietary routers to grow their edge networks. Cost
More informationINF3190 A critical look at the Internet / alternative network architectures. Michael Welzl
INF390 A critical look at the Internet / alternative network architectures Michael Welzl What s the problem? The Internet works! I work, too! Could be faster Could be safer Could be more reliable (Internet):
More informationTowards (More) Data Science in Communication Networks NetSys KuVS Preisverleihung - Presentation
Towards (More) Data Science in Communication Networks NetSys 2017 - KuVS Preisverleihung - Presentation Andreas Schmidt, MSc Telecommunications Lab Saarland Informatics Campus - Saarbrücken March 15, 2017
More informationPerformance investigation and comparison between virtual networks and physical networks based on Sea-Cloud Innovation Environment
Performance investigation and comparison between virtual networks and physical networks based on Sea-Cloud Innovation Environment Website: http://scie.ac.cn E-mail: scie@cstnet.cn CANS 2015, Chengdu, Sep
More informationCasa Systems Axyom Multiservice Router
Solution Brief Casa Systems Axyom Multiservice Router Solving the Edge Network Challenge To keep up with broadband demand, service providers have used proprietary routers to grow their edge networks. Cost
More informationExploiting Cloud Technologies in Networks: NFV and SDN. Andy Reid and Peter Willis BT Research and Innovation
Exploiting Cloud Technologies in Networks: NFV and SDN Andy Reid and Peter Willis BT Research and Innovation Clarifying what we mean by: SDN Separation of control plane logic/processing data plane header
More informationHY436: Network Virtualization
HY436: Network Virtualization 20/10/2014 Xenofontas Dimitropoulos Credits: Bing Wang, Rob Sherwood, Ben Pfaff, Nick Feamster Agenda Network virtualization basics Early Forms of Vnets Overlay networks VPNs
More informationChapter 13 TRANSPORT. Mobile Computing Winter 2005 / Overview. TCP Overview. TCP slow-start. Motivation Simple analysis Various TCP mechanisms
Overview Chapter 13 TRANSPORT Motivation Simple analysis Various TCP mechanisms Distributed Computing Group Mobile Computing Winter 2005 / 2006 Distributed Computing Group MOBILE COMPUTING R. Wattenhofer
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Network Layer ICMP (5.6), Network Management(5.7) & SDN (5.1, 5.5, 4.4) Prof. Lina Battestilli Fall 2017 Outline 5.6 ICMP: The Internet Control Message
More informationNew Approach to OVS Datapath Performance. Founder of CloudNetEngine Jun Xiao
New Approach to OVS Datapath Performance Founder of CloudNetEngine Jun Xiao Agenda VM virtual network datapath evolvement Technical deep dive on a new OVS datapath Performance comparisons Q & A 2 VM virtual
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationSNAP: Stateful Network-Wide Abstractions for Packet Processing. Collaboration of Princeton University & Pomona College
SNAP: Stateful Network-Wide Abstractions for Packet Processing Collaboration of Princeton University & Pomona College Brief Overview: Motivation Introduction to SNAP/Example(s) of SNAP SNAP Syntax Overview
More informationAnanta: Cloud Scale Load Balancing. Nitish Paradkar, Zaina Hamid. EECS 589 Paper Review
Ananta: Cloud Scale Load Balancing Nitish Paradkar, Zaina Hamid EECS 589 Paper Review 1 Full Reference Patel, P. et al., " Ananta: Cloud Scale Load Balancing," Proc. of ACM SIGCOMM '13, 43(4):207-218,
More information