SDN Security Design Challenges

Size: px
Start display at page:

Download "SDN Security Design Challenges"

Transcription

1 Nicolae Paladi SDN Security Design Challenges SICS Swedish ICT! Lund University In Multi-Tenant Virtualized Networks

2 Multi-tenancy Multiple tenants share a common physical infrastructure.

3 Multi-tenancy A tenant corresponds to a customer using a particular virtual network. Organization A

4 Multi-tenancy Tenants may belong to different administrative domains. Organization A Organization B

5 Multi-tenancy Tenants expect network isolation of their domain. Domain B Domain A

6 Multi-tenancy Physical resource sharing is fully abstracted, with tenants unaware of other neighbours. Tenant A Tenant B Tenant C

7 Multi-tenancy Tenants may create multiple distinct virtual network instances and topologies.

8 Network Slicing A. Bandwidth B. Topology C. Traffic D. Device CPU E. Forwarding tables (aka forwarding information base)

9 Software Defined Networking A network architecture which decouples the network forwarding functionality from the control and management logic!

10 SDN System Model Management applications are used by network administrators to express their network configuration goals using a set of high-level comments. May include components such as firewalls, intrusion detection systems, traffic shapers, etc. Control plane is a logically distributed abstraction layer that transforms high-level network operator goals into discrete routing policies based on a global network view. Southbound API is a vendor-agnostic set of instructions implemented by the routing equipment on the data plane. The data plane contains both hardware and software rout- ing equipment. This component implements the routing policies that satisfy the goals of the network administrator. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API

11 Scenario

12 Scenario Large-scale enterprise network infrastructure (e.g. one or multiple datacenters)! Multiple tenants share the virtualised infrastructure! Tenants set up their own topology! Provider allocates quotas, manages routing, handles conflicts and service disruptions

13 SDN Adversarial Model Who is the adversary?! What are the capabilities of the adversary?! What are the threat vectors?

14 Security of SDN infrastructure! vs.! Security capabilities enabled by SDN

15 Security of SDN infrastructure! vs.! Security capabilities enabled by SDN

16 Adversarial Model Assumptions Assume hardware integrity Assume physical security Assume cryptographic security

17 Adversary Capabilities Overhear, intercept, and synthesise messages. Analyse the traffic patterns in the network Disrupt or degrade network connectivity. Send valid tenant packages with an arbitrary content and frequency to the components it can reach. Attempt to impersonate other tenants. Install arbitrary management applications and issue policies within its network domain. Attempt to decrypt intercepted network traffic that is sent and received by other tenants. Attack the network communication of the SDN-based infrastructure. Attempt to impersonate network infrastructure components. Issue malicious policies aiming to either monitor, distort or disrupt network traffic. Attempt to decrypt intercepted network traffic that is sent and received by other network infrastructure components.

18 Attack Vectors A.Vulnerabilities in the control plane B. Attacks on control plane communications C. Lack of a trust chain between the management applications and the data plane D. Attacks on policies and rules in programmable networks E. Resource limit violations F. Attacks on virtual switches and network gateways G. Weak bandwidth isolation as attack vehicle Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

19 Security Requirements A: Access control model to limit effect of vulnerabilities in controllers. A: Policy verification prior to deployment. B: Authenticated communication between control plane components; secure enrolment mechanism for management applications and data plane devices. C: Traceability and non-repudiation for all configuration commands and policies issued by network management applications. D: A mechanism for network policy isolation, such that the effects of policies in a certain tenant domain have no effect on other domains. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

20 Security Requirements (continued) D: New network management policies must run through an integration verification engine prior to deployment. E: Mechanism to ensure that network management applications do not allocate resources beyond the assigned quota. F: Verified integrity of virtual network components prior to deployment; keys protected with a hardware root of trust. G: Policy-based routing decisions immune to vulnerabilities in bandwidth isolation between tenants. G: Software and hardware network components must offer equally strong bandwidth isolation properties. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

21 Upcoming Work (Setting up the infrastructure) 1. Integrity verification of virtual network components prior to deployment.! 2. Authenticated communication between control plane components.! 3. Secure enrolment mechanism for management applications and data plane devices.! 4. Configuration policy grammar suitable for integration verification.

22 Upcoming Work (Ramping up security guarantees) 1. Access control model for network operating systems.! 2. Additional mechanisms for quota enforcement and monitoring.! 3. Scalable model-based policy integration verification prior to deployment on data plane. Bodiam Castle

23 Recommended Reading A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang, A clean slate 4D approach to network control and management, ACM SIGCOMM Computer Communication Review, vol. 35, no. 5, pp , M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, Ethane: taking control of the enterprise, in ACM SIGCOMM Computer Communication Review, vol. 37, pp. 1 12, ACM, M. Casado, N. Foster, and A. Guha, Abstractions for software-defined networks, Communications of the ACM, vol. 57, no. 10, pp , N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker, NOX: towards an operating system for networks, ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp , T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama, et al., Onix: A Distributed Control Platform for Large-scale Production Networks., in OSDI, vol. 10, pp. 1 6, P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu, A security enforcement kernel for OpenFlow networks, in Proceedings of the first workshop on Hot topics in software defined networks, pp , ACM, S. Shin, Y. Song, T. Lee, S. Lee, J. Chung, P. Porras, V. Yegneswaran, J. Noh, and B. B. Kang, Rosemary: A Robust, Secure, and High- Performance Network Operating System, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp , ACM, D. Kreutz, F. Ramos, and P. Verissimo, Towards secure and dependable software-defined networks, in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp , ACM, Lasserre, M., et al. Framework for Data Center (DC) Network Virtualization. No. RFC Hartman, S., Zhang, D., Wasserman, M., Qiang, Z., Mingui, Z. Security Requirements of NVO3, draft-ietf-nvo3-security-requirements-04.

Towards Secure Multi-tenant Virtualized Networks

Towards Secure Multi-tenant Virtualized Networks Towards Secure Multi-tenant Virtualized Networks Nicolae Paladi SICS Swedish ICT nicolae@sics.se Christian Gehrmann SICS Swedish ICT chrisg@sics.se Abstract Network virtualization enables multi-tenancy

More information

SDN. What's Software Defined Networking? Angelo Capossele

SDN. What's Software Defined Networking? Angelo Capossele SDN What's Software Defined Networking? Angelo Capossele Outline Introduction to SDN OpenFlow Network Functions Virtualization Some examples Opportunities Research problems Security Case study: LTE (Mini)Tutorial

More information

OperationCheckpoint: SDN Application Control

OperationCheckpoint: SDN Application Control OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec 14) 19 October 2014 Sandra Scott-Hayward, Christopher Kane and Sakir Sezer s.scott-hayward@qub.ac.uk Centre for

More information

Software Defined Networking Architecture

Software Defined Networking Architecture Software Defined Networking Architecture Brighten Godfrey CS 538 October 8 2013 slides 2010-2013 by Brighten Godfrey The Problem Networks are complicated Just like any computer system Worse: it s distributed

More information

Virtualizing the Network Forwarding Plane

Virtualizing the Network Forwarding Plane Virtualizing the Network Forwarding Plane Martín Casado Nicira Teemu Koponen Nicira Rajiv Ramanathan Google Scott Shenker UC Berkeley 1 Introduction Modern system design often employs virtualization to

More information

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?) Seungwon Shin SUCCESS Lab Texas A&M University Email:

More information

Traffic-based Malicious Switch Detection in SDN

Traffic-based Malicious Switch Detection in SDN , pp.119-130 http://dx.doi.org/10.14257/ijsia.2014.8.5.12 Traffic-based Malicious Switch Detection in SDN Xiaodong Du 1, Ming-Zhong Wang 1, Xiaoping Zhang 2* and Liehuang Zhu 1 1 Beijing Engineering Research

More information

Design and deployment of secure, robust, and resilient SDN Controllers

Design and deployment of secure, robust, and resilient SDN Controllers Design and deployment of secure, robust, and resilient SDN Controllers SDNRG @ IETF 93 Wednesday, 22 July 2015 Sandra Scott-Hayward s.scott-hayward@qub.ac.uk Centre for Secure Information Technologies

More information

Scalability of Control Planes for Software Defined Networks:Modeling and Evaluation

Scalability of Control Planes for Software Defined Networks:Modeling and Evaluation of Control Planes for Software Defined Networks:Modeling and Evaluation Jie Hu, Chuang Lin, Xiangyang Li, Jiwei Huang Department of Computer Science and Technology, Tsinghua University Department of Computer

More information

Providing Elasticity to Intrusion Detection Systems in Virtualized Software Defined Networks

Providing Elasticity to Intrusion Detection Systems in Virtualized Software Defined Networks IEEE ICC 215 - Communication and Information Systems Security Symposium Providing Elasticity to Intrusion Detection Systems in Virtualized Software Defined Networks Martin Andreoni Lopez, Otto Carlos M.

More information

Network Virtualization in the Data Center

Network Virtualization in the Data Center EDIC RESEARCH PROPOSAL 1 Network Virtualization in the Data Center Sam Whitlock EB Group, I&C, EPFL Abstract Modern data centers are abstracted into different pools of resources: compute, storage, and

More information

Software-Defined Networks: on the road to the softwarization of networking

Software-Defined Networks: on the road to the softwarization of networking Software-Defined Networks: on the road to the softwarization of networking Fernando M. V. Ramos LaSIGE/FCUL, University of Lisboa, Portugal fvramos@ciencias.ulisboa.pt Diego Kreutz, Paulo Verissimo SnT/University

More information

Enabling Software Defined Networking using OpenFlow

Enabling Software Defined Networking using OpenFlow Enabling Software Defined Networking using OpenFlow 1 Karamjeet Kaur, 2 Sukhveer Kaur, 3 Vipin Gupta 1,2 SBS State Technical Campus Ferozepur, 3 U-Net Solutions Moga Abstract Software Defined Networking

More information

Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers?

Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers? Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers? Gianfranco Nencioni Dipartimento di Ingegneria dell Informazione Università di Pisa Mini-seminar

More information

Network Management through Graphs in Software Defined Networks

Network Management through Graphs in Software Defined Networks Network Management through Graphs in Software Defined Networks Gustavo Pantuza, Frederico Sampaio, Luiz F. M. Vieira, Dorgival Guedes, Marcos A. M. Vieira Departament of Computer Science Universidade Federal

More information

Software Defined Networks (SDN): Leveraging network state for rendezvous services

Software Defined Networks (SDN): Leveraging network state for rendezvous services Software Defined Networks (SDN): Leveraging network state for rendezvous services Vijay K. Gurbani, Michael Scharf, T.V. Lakshman and Volker Hilt Bell Laboratories, Alcatel-Lucent Email: {vijay.gurbani,michael.scharf,t.v.lakshman,volker.hilt}@alcatel-lucent.com

More information

A Study on Software Defined Networking

A Study on Software Defined Networking A Study on Software Defined Networking Yogita Shivaji Hande, M. Akkalakshmi Research Scholar, Dept. of Information Technology, Gitam University, Hyderabad, India Professor, Dept. of Information Technology,

More information

A collaborative model for routing in multi-domains OpenFlow networks

A collaborative model for routing in multi-domains OpenFlow networks A collaborative model for routing in multi-domains OpenFlow networks Xuan Thien Phan, Nam Thoai Faculty of Computer Science and Engineering Ho Chi Minh City University of Technology Ho Chi Minh city, Vietnam

More information

Review On Architecture & Security Issues of SDN

Review On Architecture & Security Issues of SDN Review On Architecture & Security Issues of SDN Gagandeep Garg 1, Roopali Garg 2 Research Scholar, Dept. Of IT, U.I.E.T., PU, Chandigarh, India 1 Coordinator, Dept. Of IT, U.I.E.T., PU, Chandigarh, India

More information

OpenFlow Vulnerability Assessment

OpenFlow Vulnerability Assessment OpenFlow Vulnerability Assessment Kevin Benton School of Informatics and Computing Indiana University Bloomington, Indiana, USA KTBenton@Indiana.edu L. Jean Camp School of Informatics and Computing Indiana

More information

Towards Secure and Dependable Software-Defined Networks

Towards Secure and Dependable Software-Defined Networks Towards Secure and Dependable Software-Defined Networks Diego Kreutz, Fernando Ramos, Paulo Veríssimo kreutz@lasige.di.fc.ul.pt, fvramos@fc.ul.pt, pjv@di.fc.ul.pt LASIGE - Large-Scale Informatics Systems

More information

Distributed Software-Defined Networking: The ACM PODC 2014 Workshop DSDN

Distributed Software-Defined Networking: The ACM PODC 2014 Workshop DSDN Distributed Software-Defined Networking: The ACM PODC 2014 Workshop DSDN Petr Kuznetsov 1 Stefan Schmid 2 1 Télécom ParisTech petr.kuznetsov@telecom-paristech.fr 2 TU Berlin & T-Labs stefan.schmid@tu-berlin.de

More information

HyperFlow: A Distributed Control Plane for OpenFlow

HyperFlow: A Distributed Control Plane for OpenFlow HyperFlow: A Distributed Control Plane for OpenFlow Amin Tootoonchian University of Toronto amin@cs.toronto.edu Yashar Ganjali University of Toronto yganjali@cs.toronto.edu Abstract OpenFlow assumes a

More information

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability

More information

An Introduction to Software-Defined Networking (SDN) Zhang Fu

An Introduction to Software-Defined Networking (SDN) Zhang Fu An Introduction to Software-Defined Networking (SDN) Zhang Fu Roadmap Reviewing traditional networking Examples for motivating SDN Enabling networking as developing softwares SDN architecture SDN components

More information

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks? OpenFlow and Onix Bowei Xu boweixu@umich.edu [1] McKeown et al., "OpenFlow: Enabling Innovation in Campus Networks," ACM SIGCOMM CCR, 38(2):69-74, Apr. 2008. [2] Koponen et al., "Onix: a Distributed Control

More information

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks Christian Röpke and Thorsten Holz Horst Görtz Institute for IT-Security (HGI) Ruhr-University Bochum christian.roepke@rub.de,

More information

Security improvement in IoT based on Software Defined Networking (SDN)

Security improvement in IoT based on Software Defined Networking (SDN) Security improvement in IoT based on Software Defined Networking (SDN) Vandana C.P Assistant Professor, New Horizon College of Engineering Abstract With the evolving Internet of Things (IoT) technology,

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:

More information

Formal Specification and Programming for SDN

Formal Specification and Programming for SDN Formal Specification and Programming for SDN relevant ID: draft-shin-sdn-formal-specification-01 Myung-Ki Shin, Ki-Hyuk Nam ETRI Miyoung Kang, Jin-Young Choi Korea Univ. Proposed SDN RG Meeting@IETF 84

More information

Ryuo: Using High Level Northbound API for Control Messages in Software Defined Network

Ryuo: Using High Level Northbound API for Control Messages in Software Defined Network Ryuo: Using High Level Northbound API for Control Messages in Software Defined Network Shaoyu Zhang, Yao Shen, Matthias Herlich, Kien Nguyen, Yusheng Ji, Shigeki Yamada Department of Computer Science and

More information

Implementation of Address Learning/Packet Forwarding, Firewall and Load Balancing in Floodlight Controller for SDN Network Management

Implementation of Address Learning/Packet Forwarding, Firewall and Load Balancing in Floodlight Controller for SDN Network Management Research Paper Implementation of Address Learning/Packet Forwarding, Firewall and Load Balancing in Floodlight Controller for SDN Network Management Raphael Eweka MSc Student University of East London

More information

Improving Network Management with Software Defined Networking

Improving Network Management with Software Defined Networking Improving Network Management with Software Defined Networking Hyojoon Kim and Nick Feamster, Georgia Institute of Technology 2013 IEEE Communications Magazine Presented by 101062505 林 瑋 琮 Outline 1. Introduction

More information

Future of DDoS Attacks Mitigation in Software Defined Networks

Future of DDoS Attacks Mitigation in Software Defined Networks Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizváry, Jan Vykopal Institute of Computer Science, Masaryk University, Brno, Czech Republic {vizvary vykopal}@ics.muni.cz Abstract.

More information

Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks

Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks C. Argyropoulos, S. Mastorakis, K. Giotis, G. Androulidakis, D. Kalogeras, V. Maglaris Network Management & Optimal Design Laboratory

More information

Pushing Enterprise Security Down the Network Stack

Pushing Enterprise Security Down the Network Stack Pushing Enterprise Security Down the Network Stack Ankur Nayak, Alex Reimers, Russ Clark, Nick Feamster School of Computer Science, Georgia Tech ABSTRACT Network security is typically reactive: Networks

More information

DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking

DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking Bing Wang Yao Zheng Wenjing Lou Y. Thomas Hou Virginia Polytechnic Institute and State University, Blacksburg, VA, USA

More information

Trusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015

Trusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015 Trusting SDN Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015 Who I am 18 years experience in Cryptography, Computer and Network Security Currently work at Trust Mechanisms,

More information

How OpenFlow-based SDN can increase network security

How OpenFlow-based SDN can increase network security How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks

More information

Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking Mattijs Jonker and Anna Sperotto Design and Analysis of Communication Systems (DACS) Centre for Telematics and Information Technology

More information

Towards an Elastic Distributed SDN Controller

Towards an Elastic Distributed SDN Controller Towards an Elastic Distributed SDN Controller Advait Dixit, Fang Hao, Sarit Mukherjee, T.V. Lakshman, Ramana Kompella Purdue University, Bell Labs Alcatel-Lucent ABSTRACT Distributed controllers have been

More information

Scalable Network Virtualization in Software-Defined Networks

Scalable Network Virtualization in Software-Defined Networks Scalable Network Virtualization in Software-Defined Networks Dmitry Drutskoy Princeton University Eric Keller University of Pennsylvania Jennifer Rexford Princeton University ABSTRACT Network virtualization

More information

libnetvirt: the network virtualization library

libnetvirt: the network virtualization library libnetvirt: the network virtualization library Daniel Turull, Markus Hidell, Peter Sjödin KTH Royal Institute of Technology, School of ICT Stockholm, Sweden Email: {danieltt,mahidell,psj}@kth.se Abstract

More information

Software Defined Networks

Software Defined Networks Software Defined Networks Dr. Uttam Ghosh, CDAC, Bangalore uttamg@cdac.in Outline Networking Planes OpenFlow Software Defined Network (SDN) SDN Origin What is SDN? SDN Architecture SDN Operation Why We

More information

Software Defined Networking for Security Enhancement in Wireless Mobile Networks

Software Defined Networking for Security Enhancement in Wireless Mobile Networks 1 Software Defined Networking for Security Enhancement in Wireless Mobile Networks Aaron Yi Ding, Jon Crowcroft, Sasu Tarkoma, Hannu Flinck University of Helsinki University of Cambridge Nokia Solutions

More information

On Bringing Software Engineering to Computer Networks with Software Defined Networking

On Bringing Software Engineering to Computer Networks with Software Defined Networking On Bringing Software Engineering to Computer Networks with Software Defined Networking Alexander Shalimov Applied Research Center for Computer Networks, Moscow State University Email: ashalimov@arccn.ru

More information

A Collaborative Network Security Management System in Metropolitan Area Network

A Collaborative Network Security Management System in Metropolitan Area Network A Collaborative Network Security Management System in Metropolitan Area Network Beipeng Mu and Xinming Chen Department of Automation Tsinghua University Beijing, China Email: {mbp7, chen-xm}@mails.tsinghua.edu.cn

More information

SDN Interfaces and Performance Analysis of SDN components

SDN Interfaces and Performance Analysis of SDN components Institute of Computer Science Department of Distributed Systems Prof. Dr.-Ing. P. Tran-Gia SDN Interfaces and Performance Analysis of SDN components, David Hock, Michael Jarschel, Thomas Zinner, Phuoc

More information

HybNET: Network Manager for a Hybrid Network Infrastructure

HybNET: Network Manager for a Hybrid Network Infrastructure HybNET: Network Manager for a Hybrid Network Infrastructure Hui Lu, Nipun Arora, Hui Zhang, Cristian Lumezanu, Junghwan Rhee, Guofei Jiang Purdue University NEC Laboratories America lu220@purdue.edu {nipun,huizhang,lume,rhee,gfj}@nec-labs.com

More information

ASIC: An Architecture for Scalable Intra-domain Control in OpenFlow

ASIC: An Architecture for Scalable Intra-domain Control in OpenFlow ASIC: An Architecture for Scalable Intra-domain Control in Pingping Lin, Jun Bi, Hongyu Hu Network Research Center, Department of Computer Science, Tsinghua University Tsinghua National Laboratory for

More information

Software Defined Networks

Software Defined Networks Software Defined Networks Inspired from the article Software-defined Networking: A Comprehensive Survey by Diego Kreutz, Fernando M. V. Ramos, Paulo Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky

More information

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014 Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

More information

Fabric: A Retrospective on Evolving SDN

Fabric: A Retrospective on Evolving SDN Fabric: A Retrospective on Evolving SDN Martín Casado Nicira Teemu Koponen Nicira Scott Shenker ICSI, UC Berkeley Amin Tootoonchian University of Toronto, ICSI Abstract MPLS was an attempt to simplify

More information

Enabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework)

Enabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework) Enabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework) John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith Outline Introduction Overview of OFX Using OFX Benchmarks

More information

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012 Software Defined Networking - a new approach to network design and operation Paul Horrocks Pre-Sales Strategist 8 th November 2012 Agenda What is Software Defined Networking What is the value of Software

More information

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014. A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits

More information

Enhancing network security with SDN

Enhancing network security with SDN 11.4.2014 Overview Security in Traditional Networks SDN Security Solutions Ethane OpenFlow Random Host Mutation Security of SDN Potential Threats Possible Solutions Enterprise and Campus Networks Networks

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Survey: Software Defined Networks with Emphasis on Network Monitoring

Survey: Software Defined Networks with Emphasis on Network Monitoring Survey: Software Defined Networks with Emphasis on Network Monitoring Prashanth prashanth@cse.iitb.ac.in Indian Institute of Technology, Bombay (IIT-B) Powai, Mumbai, Maharastra India 31 Oct 2015 Abstract

More information

HERCULES: Integrated Control Framework for Datacenter Traffic Management

HERCULES: Integrated Control Framework for Datacenter Traffic Management HERCULES: Integrated Control Framework for Datacenter Traffic Management Wonho Kim Princeton University Princeton, NJ, USA Email: wonhokim@cs.princeton.edu Puneet Sharma HP Labs Palo Alto, CA, USA Email:

More information

SDN/Virtualization and Cloud Computing

SDN/Virtualization and Cloud Computing SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer

More information

Software Defined Cloud Security Architectures

Software Defined Cloud Security Architectures Software Defined Cloud Security Architectures Roy Campbell October 8 th 2014, AFRL, Rome, NY Towards Assured Clouds: Our Approach Concerns Software Defined Networks Virtual Machines and Virtualization

More information

Orion: A Hybrid Hierarchical Control Plane of Software-Defined Networking for Large-Scale Networks

Orion: A Hybrid Hierarchical Control Plane of Software-Defined Networking for Large-Scale Networks 2014 IEEE 22nd International Conference on Network Protocols Orion: A Hybrid Hierarchical Control Plane of Software-Defined Networking for Large-Scale Networks Yonghong Fu 1,2,3, Jun Bi 1,2,3, Kai Gao

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Security Challenges & Opportunities in Software Defined Networks (SDN)

Security Challenges & Opportunities in Software Defined Networks (SDN) Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products

More information

Open Source Network: Software-Defined Networking (SDN) and OpenFlow

Open Source Network: Software-Defined Networking (SDN) and OpenFlow Open Source Network: Software-Defined Networking (SDN) and OpenFlow Insop Song, Ericsson LinuxCon North America, Aug. 2012, San Diego CA Objectives Overview of OpenFlow Overview of Software Defined Networking

More information

Michael Jarschel, Thomas Zinner, Tobias Hoßfeld, Phuoc Tran Gia University of Würzburg, Institute of Computer Science, Würzburg, Germany.

Michael Jarschel, Thomas Zinner, Tobias Hoßfeld, Phuoc Tran Gia University of Würzburg, Institute of Computer Science, Würzburg, Germany. 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising

More information

Network Virtualization

Network Virtualization Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services

More information

Extensible and Scalable Network Monitoring Using OpenSAFE

Extensible and Scalable Network Monitoring Using OpenSAFE Extensible and Scalable Network Monitoring Using OpenSAFE Jeffrey R. Ballard ballard@cs.wisc.edu Ian Rae ian@cs.wisc.edu Aditya Akella akella@cs.wisc.edu Abstract Administrators of today s networks are

More information

Kandoo: A Framework for Efficient and Scalable Offloading of Control Applications

Kandoo: A Framework for Efficient and Scalable Offloading of Control Applications Kandoo: A Framework for Efficient and Scalable Offloading of Control s Soheil Hassas Yeganeh University of Toronto soheil@cs.toronto.edu Yashar Ganjali University of Toronto yganjali@cs.toronto.edu ABSTRACT

More information

Flexible Building Blocks for Software Defined Network Function Virtualization (Invited Paper)

Flexible Building Blocks for Software Defined Network Function Virtualization (Invited Paper) Flexible Building Blocks for Software Defined Network Function Virtualization (Invited Paper) Aryan TaheriMonfared, Chunming Rong Department of Electrical Engineering and Computer Science, University of

More information

WE consider an emerging class of challenging Internet

WE consider an emerging class of challenging Internet Using Software-Defined ing for Real-Time Internet Applications Tim Humernbrum, Frank Glinka, Sergei Gorlatch Abstract We consider an emerging class of challenging Internet applications called Real-Time

More information

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...

More information

Virtual Application Networks Innovations Advance Software-defined Network Leadership

Virtual Application Networks Innovations Advance Software-defined Network Leadership Virtual Application Networks Innovations Advance Software-defined Network Leadership Simplifying, Scaling and Automating the Network Bethany Mayer Senior Vice President and General Manager HP Networking

More information

The Evolution of SDN and OpenFlow: A Standards Perspective

The Evolution of SDN and OpenFlow: A Standards Perspective The Evolution of SDN and OpenFlow: A Standards Perspective Jean Tourrilhes, Puneet Sharma, Sujata Banerjee HP- Labs - {FirstName.LastName}@hp.com Justin Pettit VMware jpettit@vmware.com 1. Introduction

More information

EventBus Module for Distributed OpenFlow Controllers

EventBus Module for Distributed OpenFlow Controllers EventBus Module for Distributed OpenFlow Controllers Igor Alekseev Director of the Internet Center P.G. Demidov Yaroslavl State University Yaroslavl, Russia aiv@yars.free.net Mikhail Nikitinskiy System

More information

DESIGN AND ANALYSIS OF TECHNIQUES FOR MAPPING VIRTUAL NETWORKS TO SOFTWARE- DEFINED NETWORK SUBSTRATES

DESIGN AND ANALYSIS OF TECHNIQUES FOR MAPPING VIRTUAL NETWORKS TO SOFTWARE- DEFINED NETWORK SUBSTRATES DESIGN AND ANALYSIS OF TECHNIQUES FOR MAPPING VIRTUAL NETWORKS TO SOFTWARE- DEFINED NETWORK SUBSTRATES Tran Song Dat Phuc - Uyanga Department of Computer Science and Engineering SeoulTech 2014 Table of

More information

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair Data Center Network Virtualisation Standards Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair May 2013 AGENDA 1. Why standardise? 2. Problem Statement and Architecture

More information

SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013

SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013 SDN Security Considerations in the Data Center ONF Solution Brief October 8, 2013 Table of Contents 2 Executive Summary 3 SDN Overview 4 Network Security Challenges 6 The Implications of SDN on Network

More information

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning

More information

Network Virtualization and Resource Allocation in OpenFlow-based Wide Area Networks

Network Virtualization and Resource Allocation in OpenFlow-based Wide Area Networks Network Virtualization and Resource Allocation in OpenFlow-based Wide Area Networks Pontus Sköldström Acreo AB, Kista, Sweden Email: ponsko@acreo.se Kiran Yedavalli Ericsson Research, San Jose, CA, USA

More information

Software Defined Networking Basics

Software Defined Networking Basics Software Defined Networking Basics Anupama Potluri School of Computer and Information Sciences University of Hyderabad Software Defined Networking (SDN) is considered as a paradigm shift in how networking

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

The Future of Networking, and the Past of Protocols

The Future of Networking, and the Past of Protocols 1 The Future of Networking, and the Past of Protocols Scott Shenker with Martín Casado, Teemu Koponen, Nick McKeown (and many others.) 2 Software-Defined Networking SDN clearly has advantages over status

More information

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015 Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?

More information

SDN security. Nokia Research perspective. Peter Schneider 19-05-2015. Version 1.1. 1 Nokia Solutions and Networks 2015 Public

SDN security. Nokia Research perspective. Peter Schneider 19-05-2015. Version 1.1. 1 Nokia Solutions and Networks 2015 Public SDN security Nokia Research perspective Peter Schneider 19-05-2015 Version 1.1 1 Nokia Solutions and Networks 2015 Agenda Security at Nokia SDN in mobile networks SDN security research SDN security standardization

More information

East-West Bridge for SDN Network Peering

East-West Bridge for SDN Network Peering East-West Bridge for SDN Network Peering Pingping Lin, Jun Bi, and Yangyang Wang Institute for Network Sciences and Cyberspace, Department of Computer Science, Tsinghua University Tsinghua National Laboratory

More information

A Security Enforcement Kernel for OpenFlow Networks

A Security Enforcement Kernel for OpenFlow Networks A Security Enforcement Kernel for OpenFlow Networks Phillip Porras Seungwon Shin Vinod Yegneswaran Martin Fong Mabry Tyson Guofei Gu SRI International Texas A&M University {porras, vinod, mwfong}@csl.sri.com

More information

MulCNeT: Network Management Cloud

MulCNeT: Network Management Cloud , pp.139-150 http://dx.doi.org/10.14257/ ijgdc.2014.7.2.13 MulCNeT: Network Cloud Chen Fu 1, Yang Jia-hai 2 and Zhan shaobin 3 1 (Department of Computer Science and Technology, Beijing Foreign Studies

More information

Mock RFI for Enterprise SDN Solutions

Mock RFI for Enterprise SDN Solutions Mock RFI for Enterprise SDN Solutions Written By Sponsored By Table of Contents Background and Intended Use... 3 Introduction... 3 Definitions and Terminology... 7 The Solution Architecture... 10 The SDN

More information

PLUMgrid Open Networking Suite Service Insertion Architecture

PLUMgrid Open Networking Suite Service Insertion Architecture White Paper PLUMgrid Open Networking Suite Service Insertion Architecture Introduction A rapid increase in the use of cloud services across the globe require networks to be adaptable and flexible. PLUMgrid

More information

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS COMMON APPLICATION VIEW OF THE NETWORK Fallacies of Distributed Computing 1. The network is reliable. 2. Latency is zero. 3. Bandwidth is infinite. 4. The

More information

Enabling Fast Failure Recovery in OpenFlow Networks

Enabling Fast Failure Recovery in OpenFlow Networks Enabling Fast Failure Recovery in OpenFlow Networks Sachin Sharma, Dimitri Staessens, Didier Colle, Mario Pickavet and Piet Demeester Ghent University - IBBT, Department of Information Technology (INTEC),

More information

Pratyaastha: An Efficient Elastic Distributed SDN Control Plane

Pratyaastha: An Efficient Elastic Distributed SDN Control Plane Pratyaastha: An Efficient Elastic Distributed SDN Control Plane Anand Krishnamurthy, Shoban P. Chandrabose, Aaron Gember-Jacobson University of Wisconsin Madison {anand,shoban,agember}@cs.wisc.edu ABSTRACT

More information

Improving Network Management with Software Defined Networking

Improving Network Management with Software Defined Networking SOFTWARE DEFINED NETWORKS Improving Network Management with Software Defined Networking Hyojoon Kim and Nick Feamster, Georgia Institute of Technology ABSTRACT Network management is challenging. To operate,

More information

Applying Software-defined Networks to Cloud Computing

Applying Software-defined Networks to Cloud Computing Capítulo 1 Applying Software-defined Networks to Cloud Computing Bruno Medeiros de Barros (USP), Marcos Antonio Simplicio Jr. (USP), Tereza Cristina Melo de Brito Carvalho (USP), Marco Antonio Torrez Rojas

More information

Software-Defined Energy Communication Networks: From Substation Automation to Future Smart Grids

Software-Defined Energy Communication Networks: From Substation Automation to Future Smart Grids Software-Defined Energy Communication Networks: From Substation Automation to Future Smart Grids Adam Cahn, Juan Hoyos, Matthew Hulse, Eric Keller University of Colorado, Boulder Abstract Energy communication

More information

Cloud Computing Security: What Changes with Software-Defined Networking?

Cloud Computing Security: What Changes with Software-Defined Networking? Cloud Computing Security: What Changes with Software-Defined Networking? José Fortes Center for Cloud and Autonomic Computing Advanced Computing and Information Systems Lab ARO Workshop on Cloud Security

More information

Software Defined Networking: Advanced Software Engineering to Computer Networks

Software Defined Networking: Advanced Software Engineering to Computer Networks Software Defined Networking: Advanced Software Engineering to Computer Networks Ankush V. Ajmire 1, Prof. Amit M. Sahu 2 1 Student of Master of Engineering (Computer Science and Engineering), G.H. Raisoni

More information