Network Security through Software Defined Networking: a Survey
|
|
- Winifred Arnold
- 8 years ago
- Views:
Transcription
1 09/30/14 Network Security through Software Defined Networking: a Survey Jérôme François, Lautaro Dolberg, Olivier Festor, Thomas Engel
2 2 1 Introduction 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion Outline
3 3 SDN OpenFlow Security Outline 1 Introduction SDN OpenFlow Security 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion
4 4 SDN OpenFlow Security Routing algorithms are distributed Every switch runs a program to fill out routing tables look at its routing table to forward packets Usual routing
5 5 SDN OpenFlow Security 2 planes Control plane (routing decisions) Data plane (forward the traffic) 2 main types of entities Decoupling the planes keep switches as forwarders only introduce a dedicated controller to take decisions requires communication between these entities
6 6 SDN OpenFlow Security Application aware networking How is configured the controller? manually from applications / systems through monitoring or interactions network information (topology, link usage) can be monitored as well bidirectional links
7 7 SDN OpenFlow Security Motivations Network programmability Empower research and innovation = easy testing of new methods/protocols Need for more traffic engineering / performance in networking in particular by controlling data delivering paths limited flexibility of standard routing approaches network size and speed increases powerful (and costly) forwarding devices vs. cheap commodity computers natural decomposition planes: control planes has been software based for a long time OpenFlow supported by many actors (research, equipment vendors, operators, chipset designers) incremental deployment
8 8 SDN OpenFlow Security Outline 1 Introduction SDN OpenFlow Security 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion
9 SDN OpenFlow Security Specification 9 A protocol: Communication switch - controller + switch specification Rules to handle packets in a flow table a set of matching fields in headers (IP/MAC addresses, ports, VLAN id, etc.) a priority to choose the rule is several can be matched a timeout counters about the flow instructions to execute (forward, drop, change some values)
10 SDN OpenFlow Security Flow table example 10 App Ingress port Mac Src Addr Mac Dst Addr Ip Src Address Ip Dst Address Protocol Src port Dst port Instructions Switching * * AB:CD:EF:00:11:22 * * * * * Forward to port 3 Routing * * * * * * * * Set Mac src addr=ab:cd:ef:00:11:33, Mac dst addr = AB:CD:EF:00:11:44, forward to port 5 Firewall 1 * * * * TCP * 22 Drop Proxy * * * * TCP * 80 Set IP addr= , forward to port 5 1 * * * TCP * 80 set dst addr = Load balancing , Forward to port 4 2 * * * TCP * 80 set dst addr = , Forward to port 6
11 SDN OpenFlow Security Rule installation 11 2 modes Proactive: rules are installed beforehand coarse grained rule (aggregated) large flow tables lower latency good for general rule like routing or switching Reactive: rules are installed when the first packet of a flow arrives (table-miss) the controller gets a copy (packet in) higher latency small flow tables specific rule (fine-grained) more specific applications like load balancing or firewall
12 12 SDN OpenFlow Security Outline 1 Introduction SDN OpenFlow Security 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion
13 SDN OpenFlow Security What about security 13 2 main questions May SDN/OpenFlow enable or improve security? what are the potential applications? may we create new security processes? what are the benefits? what are the drawbacks? How secure is SDN/OpenFlow? Can be network programmability misused? is there existing approach to guarantee the proper functioning of a SDN enabled network and its applications?
14 14 1 Introduction 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion Outline
15 15 We already have seen an example Easy to implement Stateless firewall static policies install corresponding rule in a proactive or reactive way
16 16 Existing proposals Building firewall over the software-defined network controller, Suh et al., ICACT 2014 command line based tool using POX Floodlight OpenFlow controller + applications REST and Java API include a firewall application which is configured through a REST API ALLOW rule for all flows between and Not specifying action implies ALLOW rule. curl -X POST -d {"src-ip": " /32", "dst-ip": " /32"} curl -X POST -d {"src-ip": " /32", "dst-ip": " /32"}
17 17 Stateful firewall 1/3 Keep track of the connections (history) More powerful in particular for connection oriented protocols to only allow traffic when the session is established from inside accept reverse traffic with a timeout
18 18 Stateful firewall 2/3 What happens when the timeout expires before the session ends? need to reinstall the rule possible with ACK-like mechanisms not really stateful only few packets are analyzed (flow-based) save resources
19 Stateful firewall 3/3 Keep track of the exact status of the connection: need for packet inspection can be done at the controller side match (dst_ip=y,src_ip=x) -> action=controller Problems a lot of overhead: each packet is forwarded to the controller and then analyzed not feasible in practice (latency!!!) Hybrid approach redirect packets which needs stateful packet inspection to a specific middlebox/firewall very similar to the current situation Add support for matching TCP flags possible with OpenFlow v1.2+ controller add a rule to match the last packet(s) (like FIN in TCP) in order to get a copy of this packet and remove the forwarding rule 19
20 20 1 Introduction 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion Outline
21 Security Monitoring Firewall / Access control is important but cannot prevent everything need for monitoring, IDS, IPS to detect misbehaviors How to monitor misbehaviors from the network? connections to multiple suspects IP addresses / domains using blacklists creating multiple connections, traffic volume change (flood/scan/spam) network traffic compared to a profile (day/light, user or application patterns...) observations of similar connections between multiple hosts (botnet, worm propagation...) many attempts to connect to closed ports (scan) observing QoS degradation etc. 21
22 22 Main building blocks Years of research in security monitoring But network monitoring for security purposes rely on common building blocks services/hosts accessed and communicating together traffic statistics (number of bytes, packets,...) timing information to have an historic (timestamp) Retrieve such information with OpenFlow flows are characterized by headers (IP address, ports) flows are associated to counters
23 23 src: OF spec v1.4.0 Flow table counters
24 24 Getting flow information Counters get statistics about flows when a flow is considered inactive: FlowRemoved message on demand: FlowStatisticsRequest message (#bytes, #pkts, duration,...) when a flow start: PacketIn message active flows Different kind of monitoring: passive vs. active, push vs. pull
25 25 Passive Monitoring no additional traffic to inject into the network only able to observe statistics about current usage (for example, unable to infer which links are up, the bandwidth, etc.)
26 FlowSense FlowSense: monitoring network utilization with zero measurement cost, Yu et al., PAM 13 zero cost = push mode no intermediate statistics request monitor link usage sum all link usages issues long flow, maybe never ending due to keep alive messages large granularity, i.e. flow patterns may not be regular 26
27 OpenTM OpenTM: traffic matrix estimator for OpenFlow networks, Tootoonchian et al., PAM 10 Volume of traffic between each OD (origin-destination) pair Periodic polling fine grained and tunable update the matrix Switch selection (multiple switches on the path) most accurate = last swictch before reaching the destination other strategies: random uniform, higher probability for closer switches, round-robin, least load multipaths the control is aware of it and can sum over these paths 27
28 28 PayLess PayLess: A Low Cost Network Monitoring Framework for Software Defined Networks, Chowdhury et al., IM 14 Propose a REST API to define high level monitoring request (per user, per application, type of statistics...) Optimization of polling requests adaptive monitoring (periodic requests): flexible interval increase high variation in the last update, decrease otherwise batching multiple requests together
29 29 Active Monitoring inject packets in the network infer other information, even from non used links low overhead compared to traditional approaches based on ICMP src: Monitoring latency with OpenFlow, Phemius et al., CNSM 13
30 OpenNetMon OpenNetMon: Network Monitoring in OpenFlow Software-Defined Networks, Van Adrichemet al., IM 14 active + passive comparison of first and last switch packet loss active latency measurement (need to take in account delays between the controller and switches) Control plane: PacketOut + PacketIn Data plane: install a dedicated VLAN beforehand avoid scheduling in switches perform better accuracy 30
31 31 1 Introduction 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion Outline
32 32 Packet based analysis Some packets need to be collected individually Redirect every packet matching some patterns to the controller (PacketIn) overhead select packets to redirect checking TCP flags is useful for scan/worm detection only monitor SYN, SYNACK RST... Revisiting Traffic Anomaly Detection Using Software Defined Networking, Mehdi et al., RAID 11 successful vs unsuccessful connection initiation only monitor first packets (SYN, SYNACK, RST) normal flows (successful connections) install a rule for consecutive packets suspect flows short flows + few packet
33 33 Detailed analysis require accessing upper layer and maybe payload of packet deep packet inspection How to? Redirect every packet matching some patterns to the controller (PacketIn) Example: filter TCP port 25 to analyze Same as before but no guarantee that decision can be made on first packets only high overhead Redirect/Copy traffic towards dedicated security middleboxes Let SDN Be Your Eyes: Secure Forensics in Data Center Networks, Bates et al., SENT 14
34 34 MiddleBox interception Traffic is forwarded when it is confirmed as safe many ways to do: MiddleBox could use PacketOut (through an interface), tagging as safe may just be based on addresses (everything coming from the middlebox), need for rewriting addresses/redirecting to right ports
35 35 MiddleBox mirroring Traffic is duplicated to the middlebox but not blocked less latency but higher risk need countermeasures (alert, disinfection, isolation...)
36 36 Other approaches Load Balancing of Security MiddleBoxes Middleboxes can modify packets headers difficult to track flows example: NAT traversal, proxies... add tags to track flows from end to end (FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions, Fayazbakhsh et al., HotSDN 13 Moving target defense OpenFlow Random Host Mutation: Transparent Moving Target Defense Using Software Defined Networking, Jafarian et al., HotSDN 12 Objective: change IP addresses frequently such that attackers cannot gather knowledge about hosts Each host is associated to a real IP address and mapping frequently to virtual IP addresses in a transparent way using OpenFlow
37 37 1 Introduction 2 Firewall 3 Monitoring 4 Advanced Security Tasks 5 Conclusion Outline
38 38 Some limitations and opportunities 1/3 Stateful firewall need for additional support in both swicthes and controllers... while most of them are not fully compliant Validation usual problem in our domain (having a dataset with labeled attacks) more complex with OpenFlow as it needs network traffic, topology and OF messages or rules so much information that very few operators may have hard to define what would be the rule on a production network Validation is based on (most of the time): simple topology: small tree or linear topology generation of traffic using iperf introduction of artificial delays rule fields are usually source and destination IP addresses and ports without prefix aggregation lack of real datasets or scenarios to generate synthetic but realistic datasets
39 39 Some limitations and opportunities 2/3 Monitoring main goal is to gather statistics about the tuple (IP src, IP dst, protocol, src port, src dst) fine grained and similar to flow based approaches like Netflow impossible to predict the tuples impossible to install rules beforehand install rules on fly impracticable in large networks due to latency scalability is an issue... but not only for security applications Are we going in the right direction? OpenFlow was aiming at keeping switches as specialized forwarding devices (not monitoring devices...) why achieving monitoring as we did for many years? is SDN / OpenFlow open new ways to monitor the networks? looking at OF communications and installation rules might be beneficial Automated source code extension for debugging of OpenFlow based networks, Hommes et al., CNSM 13
40 40 Some limitations and opportunities 3/3 Advanced tasks SDN is only limited to forward traffic to dedicated boxes but it brings a high flexibility to create and test new approach to allocate dynamically traffic inspection tasks SDN can be well coupled with NFV (Network Function Virtualization) NFV: allow to instantiate network function into a virtualized appliance (no need for dedicated hardware) example: a firewall can be created on fly in the cloud......but the network has to be (re)configured accordingly Acknowledgment: FNR IDSECOM project
41 09/30/14 Network Security through Software Defined Networking: a Survey Jérôme François, Lautaro Dolberg, Olivier Festor, Thomas Engel
Outline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering
Institute of Computer and Communication Network Engineering Institute of Computer and Communication Network Engineering Communication Networks Software Defined Networking (SDN) Prof. Dr. Admela Jukan Dr.
More informationSecuring Local Area Network with OpenFlow
Securing Local Area Network with OpenFlow Master s Thesis Presentation Fahad B. H. Chowdhury Supervisor: Professor Jukka Manner Advisor: Timo Kiravuo Department of Communications and Networking Aalto University
More informationOpenFlow and Software Defined Networking presented by Greg Ferro. OpenFlow Functions and Flow Tables
OpenFlow and Software Defined Networking presented by Greg Ferro OpenFlow Functions and Flow Tables would like to thank Greg Ferro and Ivan Pepelnjak for giving us the opportunity to sponsor to this educational
More informationSDN, OpenFlow and the ONF
SDN, OpenFlow and the ONF OpenFlow/Software-Defined Networking (SDN) OpenFlow/SDN is emerging as one of the most promising and disruptive networking technologies of recent years. It has the potential to
More informationPayLess: A Low Cost Network Monitoring Framework for Software Defined Networks
PayLess: A Low Cost Network Monitoring Framework for Software Defined Networks Shihabur R. Chowdhury, Md. Faizul Bari, Reaz Ahmed and Raouf Boutaba David R. Cheriton School of Computer Science, University
More informationWedge Networks: Transparent Service Insertion in SDNs Using OpenFlow
Wedge Networks: EXECUTIVE SUMMARY In this paper, we will describe a novel way to insert Wedge Network s multiple content security services (such as Anti-Virus, Anti-Spam, Web Filtering, Data Loss Prevention,
More informationIntroduction to Cisco IOS Flexible NetFlow
Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationSDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network
SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability
More informationFlowSense: Monitoring Network Utilization with Zero Measurement Cost
FlowSense: Monitoring Network Utilization with Zero Measurement Cost Curtis Yu 1, Cristian Lumezanu 2, Yueping Zhang 2, Vishal Singh 2, Guofei Jiang 2, and Harsha V. Madhyastha 1 1 University of California,
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationFlowSense: Monitoring Network Utilization with Zero Measurement Cost
FlowSense: Monitoring Network Utilization with Zero Measurement Cost Curtis Yu 1, Cristian Lumezanu 2, Yueping Zhang 2, Vishal Singh 2, Guofei Jiang 2, and Harsha V. Madhyastha 1 1 University of California,
More informationNetFlow/IPFIX Various Thoughts
NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application
More informationSoftware-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe
Software-Defined Networking for the Data Center Dr. Peer Hasselmeyer NEC Laboratories Europe NW Technology Can t Cope with Current Needs We still use old technology... but we just pimp it To make it suitable
More informationSoftware Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationDEMYSTIFYING ROUTING SERVICES IN SOFTWAREDEFINED NETWORKING
DEMYSTIFYING ROUTING SERVICES IN STWAREDEFINED NETWORKING GAUTAM KHETRAPAL Engineering Project Manager, Aricent SAURABH KUMAR SHARMA Principal Systems Engineer, Technology, Aricent DEMYSTIFYING ROUTING
More informationFlow processing and the rise of the middle.
Flow processing and the rise of the middle. Mark Handley, UCL With acknowledgments to Michio Honda, Laurent Mathy, Costin Raiciu, Olivier Bonaventure, and Felipe Huici. Part 1 Today s Internet Protocol
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationTen Things to Look for in an SDN Controller
Ten Things to Look for in an SDN Controller Executive Summary Over the last six months there has been significant growth in the interest that IT organizations have shown in Software-Defined Networking
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationSoftware Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat
Software Defined Networking (SDN) OpenFlow and OpenStack Vivek Dasgupta Principal Software Maintenance Engineer Red Hat CONTENTS Introduction SDN and components SDN Architecture, Components SDN Controller
More informationCarrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable
Brocade Flow Optimizer Making SDN Consumable Business And IT Are Changing Like Never Before Changes in Application Type, Delivery and Consumption Public/Hybrid Cloud SaaS/PaaS Storage Users/ Machines Device
More informationTutorial: OpenFlow in GENI
Tutorial: OpenFlow in GENI GENI Project Office The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated [PST04] [PST04]: Overcoming the Internet Impasse
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationHow To Understand The Power Of The Internet
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach, Kurose, Ross Slides: - Course book Slides - Slides from Princeton University COS461
More information8. 網路流量管理 Network Traffic Management
8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error
More informationOpenFlow - the key standard of Software-Defined Networks. Dmitry Orekhov, Epam Systems
OpenFlow - the key standard of Software-Defined Networks Dmitry Orekhov, Epam Systems Software-defined network The Need for a New Network Architecture Limitations of Current Networking Technologies Changing
More informationOpenDaylight Project Proposal Dynamic Flow Management
OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table
More informationSoftware Defined Networking and OpenFlow: a Concise Review
Software Defined Networking and OpenFlow: a Concise Review Stefano Forti stefano.forti92@gmail.com MSc in Computer Science and Networking Scuola Superiore Sant'Anna - University of Pisa 1. Introduction
More informationEmpowering Software Defined Network Controller with Packet-Level Information
Empowering Software Defined Network Controller with Packet-Level Information Sajad Shirali-Shahreza, Yashar Ganjali Department of Computer Science, University of Toronto, Toronto, Canada Abstract Packet
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationSoftware Defined Networks
Software Defined Networks Damiano Carra Università degli Studi di Verona Dipartimento di Informatica Acknowledgements! Credits Part of the course material is based on slides provided by the following authors
More informationThe State of OpenFlow: Advice for Those Considering SDN. Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University ssw@iu.
The State of OpenFlow: Advice for Those Considering SDN Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University ssw@iu.edu 2 3 4 SDN is an architecture Separation of Control and Data Planes
More informationConcepts and Mechanisms for Consistent Route Transitions in Software-defined Networks
Institute of Parallel and Distributed Systems Department Distributed Systems University of Stuttgart Universitätsstraße 38 D-70569 Stuttgart Studienarbeit Nr. 2408 Concepts and Mechanisms for Consistent
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationConfiguring Flexible NetFlow
CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields
More informationOpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?
OpenFlow and Onix Bowei Xu boweixu@umich.edu [1] McKeown et al., "OpenFlow: Enabling Innovation in Campus Networks," ACM SIGCOMM CCR, 38(2):69-74, Apr. 2008. [2] Koponen et al., "Onix: a Distributed Control
More informationHP OpenFlow Protocol Overview
HP OpenFlow Protocol Overview Technical Solution Guide Version: 1 September 2013 Table of Contents Introduction: Traditional Switch and Openflow... 2 Destination Address-based Switching... 2 Flow-based
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationIMPLEMENTATION AND EVALUATION OF THE MOBILITYFIRST PROTOCOL STACK ON SOFTWARE-DEFINED NETWORK PLATFORMS
IMPLEMENTATION AND EVALUATION OF THE MOBILITYFIRST PROTOCOL STACK ON SOFTWARE-DEFINED NETWORK PLATFORMS BY ARAVIND KRISHNAMOORTHY A thesis submitted to the Graduate School New Brunswick Rutgers, The State
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationOpenFlow Overview. Daniel Turull danieltt@kth.se
OpenFlow Overview Daniel Turull danieltt@kth.se Overview OpenFlow Software Defined Networks (SDN) Network Systems Lab activities Daniel Turull - Netnod spring meeting 2012 2 OpenFlow Why and where was
More informationCISCO IOS NETFLOW AND SECURITY
CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network
More informationComparisons of SDN OpenFlow Controllers over EstiNet: Ryu vs. NOX
Comparisons of SDN OpenFlow Controllers over EstiNet: Ryu vs. NOX Shie-Yuan Wang Hung-Wei Chiu and Chih-Liang Chou Department of Computer Science, National Chiao Tung University, Taiwan Email: shieyuan@cs.nctu.edu.tw
More informationFrom Active & Programmable Networks to.. OpenFlow & Software Defined Networks. Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S.
From Active & Programmable Networks to.. OpenFlow & Software Defined Networks Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S. Braun University of Basel Cs321 - HS 2012 (Slides material from www.bigswitch.com)
More informationLTE - Can SDN paradigm be applied?
LTE - Can SDN paradigm be applied? Source of this presentation: Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton
More informationTowards Software Defined Cellular Networks
Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton University) 1 Outline Critiques of LTE Architecture CellSDN
More informationVLAN und MPLS, Firewall und NAT,
Internet-Technologien (CS262) VLAN und MPLS, Firewall und NAT, 15.4.2015 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 6-1 Wiederholung Unterschied CSMA/CD und CSMA/CA? Was
More informationPoisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu Presented by Alaa Shublaq SDN Overview Software-Defined Networking
More informationDistributed monitoring of IP-availability
IPLU-II Seminar 08.02.2008 1 Distributed monitoring of IP-availability Jorma Kilpi, VTT February 8, 2008 IPLU-II Seminar 08.02.2008 2 Availability vs. IP-Availability In this presentation Availability
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationSoftware Defined Networking
Software Defined Networking Dr. Nick Feamster Associate Professor In this course, you will learn about software defined networking and how it is changing the way communications networks are managed, maintained,
More informationSoftware Defined Networking and the design of OpenFlow switches
Software Defined Networking and the design of OpenFlow switches Paolo Giaccone Notes for the class on Packet Switch Architectures Politecnico di Torino December 2015 Outline 1 Introduction to SDN 2 OpenFlow
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationRadware s Attack Mitigation Solution On-line Business Protection
Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...
More informationCOMPSCI 314: SDN: Software Defined Networking
COMPSCI 314: SDN: Software Defined Networking Nevil Brownlee n.brownlee@auckland.ac.nz Lecture 23 Current approach to building a network Buy 802.3 (Ethernet) switches, connect hosts to them using UTP cabling
More informationSDN Overview for UCAR IT meeting 19-March-2014. Presenter Steven Wallace (ssw@iu.edu) Support by the GENI Program Office!
SDN Overview for UCAR IT meeting 19-March-2014 Presenter Steven Wallace (ssw@iu.edu) Support by the GENI Program Office! Patterns (here, there, everywhere) Patterns (here, there, everywhere) Today s Internet
More informationNetflow Overview. PacNOG 6 Nadi, Fiji
Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools
More information基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器
基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器 楊 竹 星 教 授 國 立 成 功 大 學 電 機 工 程 學 系 Outline Introduction OpenFlow NetFPGA OpenFlow Switch on NetFPGA Development Cases Conclusion 2 Introduction With the proposal
More informationSDN. What's Software Defined Networking? Angelo Capossele
SDN What's Software Defined Networking? Angelo Capossele Outline Introduction to SDN OpenFlow Network Functions Virtualization Some examples Opportunities Research problems Security Case study: LTE (Mini)Tutorial
More informationDatasheet iscsi Protocol
Protocol with DCB PROTOCOL PACKAGE Industry s premiere validation system for SAN technologies Overview Load DynamiX offers SCSI over TCP/IP transport () support to its existing powerful suite of file,
More informationNetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6
(Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means
More informationSoftware Defined Networking & Openflow
Software Defined Networking & Openflow Autonomic Computer Systems, HS 2015 Christopher Scherb, 01.10.2015 Overview What is Software Defined Networks? Brief summary on routing and forwarding Introduction
More informationSoftware Defined Networking (SDN) - Open Flow
Software Defined Networking (SDN) - Open Flow Introduction Current Internet: egalitarian routing/delivery based on destination address, best effort. Future Internet: criteria based traffic management,
More informationICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.
ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow
More informationCase Study: Instrumenting a Network for NetFlow Security Visualization Tools
Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationTesting Challenges for Modern Networks Built Using SDN and OpenFlow
Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com
More informationNetwork performance in virtual infrastructures
Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso
More informationDenial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)
Denial of Service Attacks and Countermeasures Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS) Student Objectives Upon successful completion of this module,
More informationOF-RHM: Transparent Moving Target Defense using Software Defined Networking
OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland Why IP Mutation Static assignment
More informationForeScout CounterACT. Device Host and Detection Methods. Technology Brief
ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...
More informationFlexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks)
Flexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks) Aryan TaheriMonfared Chunming Rong Department of Electrical Engineering and Computer
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationHow To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan
Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches
More informationMultiple Service Load-Balancing with OpenFlow
2012 IEEE 13th International Conference on High Performance Switching and Routing Multiple Service Load-Balancing with OpenFlow Marc Koerner Technische Universitaet Berlin Department of Telecommunication
More informationFirewall Defaults and Some Basic Rules
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationEnhancing network security with SDN
11.4.2014 Overview Security in Traditional Networks SDN Security Solutions Ethane OpenFlow Random Host Mutation Security of SDN Potential Threats Possible Solutions Enterprise and Campus Networks Networks
More informationThe Internet: A Remarkable Story. Inside the Net: A Different Story. Networks are Hard to Manage. Software Defined Networking Concepts
The Internet: A Remarkable Story Software Defined Networking Concepts Based on the materials from Jennifer Rexford (Princeton) and Nick McKeown(Stanford) Tremendous success From research experiment to
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationCisco IOS Flexible NetFlow Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationOpen Source Network: Software-Defined Networking (SDN) and OpenFlow
Open Source Network: Software-Defined Networking (SDN) and OpenFlow Insop Song, Ericsson LinuxCon North America, Aug. 2012, San Diego CA Objectives Overview of OpenFlow Overview of Software Defined Networking
More informationFirewalls, NAT and Intrusion Detection and Prevention Systems (IDS)
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
More informationSDN 交 換 機 核 心 技 術 - 流 量 分 類 以 及 應 用 辨 識 技 術. 黃 能 富 教 授 國 立 清 華 大 學 特 聘 教 授, 資 工 系 教 授 E-mail: nfhuang@cs.nthu.edu.tw
SDN 交 換 機 核 心 技 術 - 流 量 分 類 以 及 應 用 辨 識 技 術 黃 能 富 教 授 國 立 清 華 大 學 特 聘 教 授, 資 工 系 教 授 E-mail: nfhuang@cs.nthu.edu.tw Contents 1 2 3 4 5 6 Introduction to SDN Networks Key Issues of SDN Switches Machine
More informationSoftware Defined Networking A quantum leap for Devops?
Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing
More informationAttack and Defense Techniques 2
Network Security Attack and Defense Techniques 2 Anna Sperotto, Ramin Sadre Design and Analysis of ommunication Networks (DAS) University of Twente The Netherlands Firewalls Network firewall Internet 25
More informationCatalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting
Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting Document ID: 70974 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Network Diagram
More informationto-end Packet Loss Estimation for Grid Traffic Monitoring
Passive End-to to-end Packet Loss Estimation for Grid Traffic Monitoring Antonis Papadogiannakis, Alexandros Kapravelos, Michalis Polychronakis, Evangelos P. Markatos Institute of Computer Science (ICS)
More informationLoad Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.
Load Balancing and Sessions C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002. Scalability multiple servers Availability server fails Manageability Goals do not route to it take servers
More informationOpenFlow: Concept and Practice. Dukhyun Chang (dhchang@mmlab.snu.ac.kr)
OpenFlow: Concept and Practice Dukhyun Chang (dhchang@mmlab.snu.ac.kr) 1 Contents Software-Defined Networking (SDN) Overview of OpenFlow Experiment with OpenFlow 2/24 Software Defined Networking.. decoupling
More informationImproving DNS performance using Stateless TCP in FreeBSD 9
Improving DNS performance using Stateless TCP in FreeBSD 9 David Hayes, Mattia Rossi, Grenville Armitage Centre for Advanced Internet Architectures, Technical Report 101022A Swinburne University of Technology
More informationFlow Analysis. Make A Right Policy for Your Network. GenieNRM
Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do
More informationFortiOS Handbook - Load Balancing VERSION 5.2.2
FortiOS Handbook - Load Balancing VERSION 5.2.2 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE
More informationCS 457 Lecture 19 Global Internet - BGP. Fall 2011
CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with
More informationNetwork Virtualization and Application Delivery Using Software Defined Networking
Network Virtualization and Application Delivery Using Software Defined Networking Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Keynote at
More information