Palo Alto Networks. Security Models in the Software Defined Data Center

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Palo Alto Networks. Security Models in the Software Defined Data Center"

Transcription

1 Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894

2 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling technologies have created some kind of smart edge where a forwarding decision or encapsulation occurs, and a dumb core which is focused on fast switching. Such as MPLS, TRILL, FabricPath, Qfabric, etc. In all of these, the edge has been a piece of networking hardware, and these technologies have been initiated by networking hardware. And firewalls have traditionally been deployed at the boundary between this network edge and end-systems. Server s Firewall Smart Edge Dumb Core Firewall Server s Data Center Core Network

3 Network Overlay Boundaries & Security But with emerging SDN technologies, overlay technologies can be initiated from hosts. The network edge can now be a host, with the entire physical network focused on dumb fast switching. Examples are VXLAN, NVGRE, and STT. Hardware firewalls deployed in the physical network core now only see North/South traffic that exists a physical host, not East/West traffic within a host, nor traffic within Overlay tunnels. Smart Edge Server s Firewall Dumb Core Firewall Server s VXLAN Data Center Core Network

4 Firewalls In order to maintain visibility into East/West traffic, and contents of Overlay technologies Initiated from hosts, virtual firewalls need to be deployed within the host systems. To maintain full security visibility across entire Data Center, physical and virtual firewalls need to coordinate policy and network intelligence. Smart Edge Server s Firewall Dumb Core Firewall Server s Firewall Data Center Core Network Firewall

5 Why place any firewall in a virtual topology? - Web / App / DB Isolation - PCI / Non-PCI isolation - Malware, Virus - Administrative Isolation - Dev / Production isolation - Whitelisting VM Firewall? VM Switch Hypervisor Data Center Core Network Hardware Firewalls

6 How do firewalls define Applications? Traditional: Applications = TCP/UDP Ports Next Gen: Applications = Data Payload Signatures

7 Build rules against applications, not ports

8 Track Apps, Content, & Users, not IP s SQL SQL Sharepoint

9 Writing Security Policy based on tags, not IP s Dynamic Address Groups VMware vcenter or ESXi PAN-OS Dynamic Address Groups Name IP Guest OS Container web-sjc Ubuntu Web sp-sjc Win 2008 R2 SharePoint web-sjc Ubuntu Web Name Tags Addresses SharePoint Servers MySQL Servers SharePoint Win 2008 R2 sp MySQL Ubuntu db exch-mia Win 2008 R2 Exchange exch-dfw Win 2008 R2 Exchange Miami DC mia sp-mia Win 2008 R2 SharePoint db-mia Ubuntu MySQL San Jose Linux Web Servers sjc web Ubuntu db-dfw Ubuntu MySQL db-mia Ubuntu MySQL PAN-OS Security Policy Source Destination Action SharePoint Servers MySQL Servers San Jose Linux Web Servers Miami DC

10 Consistent Security Policy across entire DC Central Management For & Physical Firewalls Hypervisor Hypervisor Hypervisor PA-7050 PA-7050

11 Data Center Firewall Deployment Models 6. Endpoint security software. ( Cyvera, Symantec, IPTables ) 5. VM firewalls inspecting packets at source, VM-to-VM steering. ( PAN VM-1000-HV firewall ) VLAN 100 VLAN 200 vswitch Hypervisor 4. VM firewall between VLAN's. ( PAN Gateway, Cisco vasa ) 3. Kernel module firewall. ( NSX DFW, Juniper Firefly Host ) 2. Linux Container, Docker. ( Possible future. Only IPTables today ) 1. Physical Firewall. ( PAN, SRX, ASA )

12 2 Different Firewall Types Using NSX VM-1000-HV VM Firewall Using vsphere Gateway VM Firewall We reside within the network topology, as in a traditional network. We see packets after they reach the network stack. Traffic is steered to us for inspection above the Forwarding Plane, so security is applied before packets ever reach the network stack. Security now has zero impact on network topology since security is abstracted from the network. Security occurs within Network VM-1 VM-2 VM-1 VM-2 PAN Security is abstracted above Network Step-1 Step-3 Step-2 vshield VMware s Switch Hypervisor ESX & ESXi Forwarding Plane PAN VMware s Switch Hypervisor ESX & ESXi Data Center Core Network Data Center Core Network

13 Phase 1: Just trunk all VLAN s to server uplinks VM VM VM Physical Host Hypervisor VLAN s Top of Rack Switch Hardware Firewall

14 Easy for hardware firewalls to go blind VM VM VM Physical Host Hypervisor VLAN s Logical Router Quagga, Vyatta, Halon, VMware DLR & ESG, Static Routes in Linux, etc. Top of Rack Switch Hardware Firewall

15 VM Firewall VM-A VM-B Port Group-A vshield Switch Port Group-B Hypervisor ESX & ESXi Data Center Core Network

16 Hypervisor-Aware Firewall VM-A VM-B Switch One Port Group Hypervisor ESX & ESXi Data Center Core Network

17 VMware NSX Distributed Firewall Performs Stateful firewalling Distributed Port Groups NSX Distributed Firewall Hypervisor A Hypervisor B

18 Augmenting the Distributed Firewall Deep-Packet firewalling Distributed Port Groups NSX Distributed Firewall PAN VM Firewall Hypervisor A Hypervisor B PAN VM Firewall

19 Security Policy above the Forwarding Plane Web DB App App Web DB Switch Forwarding Plane NSX Distributed Firewall Hypervisor

20 Security Policy above the Forwarding Plane Web DB App App Web DB NetX API re-directs data flows to us. Switch Forwarding Plane NSX Distributed Firewall Hypervisor

21 Security Policy above the Forwarding Plane Web DB App App Web DB We hand traffic back to filter. Switch Forwarding Plane NSX Distributed Firewall Hypervisor

22 Security Policy above the Forwarding Plane Web DB App App Web DB Only then does packet reach any network segment. Switch Forwarding Plane NSX Distributed Firewall Hypervisor

23 SDN Controllers Switch Switch Routers Hardware Firewalls??? SDN Controller Protocols: - OpenFlow - NetConf - XMPP - I2RS Controllers: - Juniper Contrail - Open Daylight - Nuage - Google s Andromeda

24 SDN Controllers Hardware Firewalls: Transparent ( vwire ) Switch Switch Routers Hardware Firewalls vwire SDN Controller

25 SDN: Service Chaining & NFV Switch Switch Switch SDN Controller

26 SDN: Service Chaining & NFV NFV ( Network Functions ization ) Nodes Palo Alto Networks Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 Switch Switch Switch

27 SDN: Service Chaining & NFV NFV ( Network Functions ization ) Nodes Palo Alto Networks Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 Service Chain-2 Service Chain-1 Switch Switch Switch

28 Service Chaining Tunnel Types Different Controllers use different tunnels to define a Service Chain. These tunnels terminate at vswitch, not at the Services themselves. Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 VLAN s VXLAN s - MPLS - VXLAN - GRE - GENEVE Switch Switch Switch

29 SDN-derived protocols: Arista DirectFlow Assist Point to Arista Switch as a Syslog server Arista Switch Firewall Physical or Forward initial packets to us, for decision. 10 Gig 10 Gig 10 Gig

30 Orchestration: Template model or Plugin model API s imported into Cloud OS. CloudStack API s imported as Templates or Agents API s contained in a Plugin written by each vendor. Such as OpenStack. Nova Module Swift Module Neutron Module Plugins

31 CloudStack Orchestration API s via templates External network. Firewall deployed as a CloudStack Service Provider using VR s. CloudStack Router doing DNS & DHCP. CloudStack Pod networks , Palo Alto Networks. Confidential and Proprietary.

32 OpenStack Multi-Tenant Cloud External Network Private Network 1 Private Network 2 VM VM VM VM VM Tenant 1 Tenant 2

33 Dynamic Address Groups via REST API Orchestration System or Scripts: Puppet, Chef, Ansible, etc. REST API calls Harvest IP s and tags REST API calls Push or Pull PAN-OS Dynamic Address Groups Name Tags Addresses SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers SharePoint Win 2008 R2 sp MySQL Ubuntu db mia sjc web Ubuntu Cloud OS DB

34 Data Center Ecosystem Cloud-based Threat intelligence Central Management Hypervisor Communication Endpoint Security Software Hardware Firewalls Firewalls Orchestration / Automation SDK, API, etc. OSPF, BGP VSYS, VR Multiple Hypervisors

Software Defined Network (SDN)

Software Defined Network (SDN) Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario

More information

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks Palo Alto Networks Cyber Security Platform for the Software Defined Data center Zekeriya Eskiocak Security Consultant Palo Alto Networks Evolution towards a software defined data center Server Virtualiza-on

More information

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his

More information

Automating Network Security

Automating Network Security Automating Network Security Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web developer Sysadmin, database admin,

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control

More information

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN

More information

SDN PARTNER INTEGRATION: SANDVINE

SDN PARTNER INTEGRATION: SANDVINE SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service

More information

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013 Network Virtualization and Software-defined Networking Chris Wright and Thomas Graf Red Hat June 14, 2013 Agenda Problem Statement Definitions Solutions She can't take much more of this, captain! Challenges

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking

More information

How Network Virtualization can improve your Data Center Security

How Network Virtualization can improve your Data Center Security How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is

More information

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers Why it s unique The Nuage Networks VSP is the only enterprise and service provider-grade SDN platform that:

More information

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service

More information

VMware NSX A Perspective for Service Providers part 2

VMware NSX A Perspective for Service Providers part 2 VMware NSX A Perspective for Service Providers part 2 Using Software Defined Networking to harden DC security controls Trevor Gerdes Strategic Architect Security and Networks NSX for SPs Part 2 - Agenda

More information

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of

More information

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture OpenStack Neutron Outline Why Neutron? What is Neutron? API Abstractions Plugin Architecture Why Neutron? Networks for Enterprise Applications are Complex. Image from windowssecurity.com Why Neutron? Reason

More information

Open Source Networking for Cloud Data Centers

Open Source Networking for Cloud Data Centers Open Source Networking for Cloud Data Centers Gaetano Borgione Distinguished Engineer @ PLUMgrid April 2015 1 Agenda Open Source Clouds with OpenStack Building Blocks of Cloud Networking Tenant Networks

More information

May 13-14, 2015. Copyright 2015 Open Networking User Group. All Rights Reserved Confiden@al Not For Distribu@on

May 13-14, 2015. Copyright 2015 Open Networking User Group. All Rights Reserved Confiden@al Not For Distribu@on May 13-14, 2015 Virtual Network Overlays Working Group Follow up from last ONUG use case and fire side discussions ONUG users wanted to see formalized feedback ONUG users wanted to see progression in use

More information

BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil

BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK Gustavo Barros Systems Engineer Brocade Brasil Software- Defined Networking Summary Separate control and data planes Networks are becoming: More programmatic

More information

Securing the Virtualized Data Center With Next-Generation Firewalls

Securing the Virtualized Data Center With Next-Generation Firewalls Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks

More information

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions

More information

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

Building an Open, Adaptive & Responsive Data Center using OpenDaylight Building an Open, Adaptive & Responsive Data Center using OpenDaylight Vijoy Pandey, IBM 04 th February 2014 Email: vijoy.pandey@gmail.com Twitter: @vijoy Agenda Where does ODP (& SDN) fit in the bigger

More information

Automating Network Services

Automating Network Services Automating Network Services Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web developer Sysadmin, database admin,

More information

Telecom - The technology behind

Telecom - The technology behind SPEED MATTERS v9.3. All rights reserved. All brand names, trademarks and copyright information cited in this presentation shall remain the property of its registered owners. Telecom - The technology behind

More information

ORCHESTRATING THE CLOUD USING SDN

ORCHESTRATING THE CLOUD USING SDN ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -

More information

SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS. Jason Kleeh September 27, 2012

SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS. Jason Kleeh September 27, 2012 SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS Jason Kleeh September 27, 2012 What if you could Build your next data center optimized for highest demands in flexibility, reliability, and

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Microsegmentation Using NSX Distributed Firewall: Getting Started

Microsegmentation Using NSX Distributed Firewall: Getting Started Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

Designing Virtual Network Security Architectures Dave Shackleford

Designing Virtual Network Security Architectures Dave Shackleford SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined

More information

Using SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014

Using SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Using SouthBound APIs to build an SDN Solution Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Agenda About Midokura Drivers of SDN & Network Virtualization Adoption SDN Architectures Why OpenDaylight? Use

More information

Definition of a White Box. Benefits of White Boxes

Definition of a White Box. Benefits of White Boxes Smart Network Processing for White Boxes Sandeep Shah Director, Systems Architecture EZchip Technologies sandeep@ezchip.com Linley Carrier Conference June 10-11, 2014 Santa Clara, CA 1 EZchip Overview

More information

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms A Trend Micro Technical White Paper June 2015 Advanced Security Services with Trend Micro and VMware NSX Platforms >> This document is targeted at virtualization, security, and network architects interested

More information

VXLAN, Enhancements, and Network Integration

VXLAN, Enhancements, and Network Integration VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) eparra@juniper.net Legal Disclaimer: This statement of product

More information

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future

More information

BRINGING NETWORKS TO THE CLOUD ERA

BRINGING NETWORKS TO THE CLOUD ERA BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS

More information

Network Virtualization

Network Virtualization Network Virtualization The New Imperative in the Enterprise Data Center The Trusted News and Resource for SDx, SDN, NFV, Cloud & Virtualization Infrastructure Key Considerations for Network Virtualization

More information

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services

More information

Software Defined Networks Virtualized networks & SDN

Software Defined Networks Virtualized networks & SDN Software Defined Networks Virtualized networks & SDN Tony Smith Solution Architect HPN 2 What is Software Defined Networking Switch/Router MANAGEMENTPLANE Responsible for managing the device (CLI) CONTROLPLANE

More information

Network Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011

Network Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011 Network Virtualization for the Enterprise Data Center Guido Appenzeller Open Networking Summit October 2011 THE ENTERPRISE DATA CENTER! Major Trends change Enterprise Data Center Networking Trends in the

More information

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...

More information

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair Data Center Network Virtualisation Standards Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair May 2013 AGENDA 1. Why standardise? 2. Problem Statement and Architecture

More information

Software Defined Networks Four Years Later. Quo Vadis, SDN? Ivan Pepelnjak (ip@ipspace.net) Network Architect. ipspace.net AG

Software Defined Networks Four Years Later. Quo Vadis, SDN? Ivan Pepelnjak (ip@ipspace.net) Network Architect. ipspace.net AG Software Defined Networks Four Years Later Quo Vadis, SDN? Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web

More information

Defining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014

Defining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014 Defining SDN Overview of SDN Terminology & Concepts Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014 2013 Cisco and/or its affiliates. All rights reserved. 2 2013 Cisco and/or its affiliates.

More information

Bringing OpenFlow s Power to Real Networks

Bringing OpenFlow s Power to Real Networks Bringing OpenFlow s Power to Real Networks Curt Beckmann, Brocade Forwarding Abstractions Working Group ( FAWG @ ONF) April 2013 1 Overview of this preso The Two Schools of OpenFlow OpenFlow Implementation

More information

Brocade SDN 2015 NFV

Brocade SDN 2015 NFV Brocade 2015 SDN NFV BROCADE IP Ethernet SDN! SDN illustration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY Brocade ICX (campus)

More information

Network Virtualization Solutions

Network Virtualization Solutions Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction

More information

Software Defined Cloud Networking

Software Defined Cloud Networking Introduction The rapid adoption of virtualization technologies are driving server consolidation, data center optimization and application mobility. IT organizations are adopting new data center architectures,

More information

You can t build a new future on old technologies Juniper Networks. Enabling the Hi-IQ network of tomorrow

You can t build a new future on old technologies Juniper Networks. Enabling the Hi-IQ network of tomorrow You can t build a new future on old technologies Juniper Networks Enabling the Hi-IQ network of tomorrow Aligning business and IT strategy Agility and Economics Driving IT Transformation 0 0 1 0 0 0 0

More information

Multitenancy Options in Brocade VCS Fabrics

Multitenancy Options in Brocade VCS Fabrics WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.

More information

The Road to SDN: Software-Based Networking and Security from Brocade

The Road to SDN: Software-Based Networking and Security from Brocade WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network

More information

Simplifying IT with SDN & Virtual Application Networks

Simplifying IT with SDN & Virtual Application Networks Simplifying IT with SDN & Virtual Application Networks Justin Chiah Product Category Head HP Networking APJ Solutions for the New Style of IT Networking innovations lay the foundation for transformation

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

Introduction to Software Defined Networking

Introduction to Software Defined Networking Introduction to Software Defined Networking Introduction to SDN Ahmed Maged MENOG 15 Dubai April 2015 @amaged amaged@xegypt.org Agenda What is SDN and What it is not SDN Trends Getting Ready for SDN 2

More information

Software Defined Environments

Software Defined Environments November 2015 Software Defined Environments 2015 Cloud Lecture, University of Stuttgart Jochen Breh, Director Architecture & Consulting Cognizant Global Technology Office Agenda Introduction New Requirements

More information

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat Software Defined Networking (SDN) OpenFlow and OpenStack Vivek Dasgupta Principal Software Maintenance Engineer Red Hat CONTENTS Introduction SDN and components SDN Architecture, Components SDN Controller

More information

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what

More information

Business Values of Network and Security Virtualization

Business Values of Network and Security Virtualization Business Values of Network and Security Virtualization VMware NSX in the context of the Software Defined Data Center Klaus Jansen Virtual Networks Sales Specialist VMware NSBU 2014 VMware Inc. All rights

More information

Brocade VCS Fabrics: The Foundation for Software-Defined Networks

Brocade VCS Fabrics: The Foundation for Software-Defined Networks WHITE PAPER DATA CENTER Brocade VCS Fabrics: The Foundation for Software-Defined Networks Software-Defined Networking (SDN) offers significant new opportunities to centralize management and implement network

More information

Building Scalable, Open, Programmable and Application Centric Data Center with Cisco ACI. 林 瑝 錦 / Jerry Lin Cisco Systems 2015 July

Building Scalable, Open, Programmable and Application Centric Data Center with Cisco ACI. 林 瑝 錦 / Jerry Lin Cisco Systems 2015 July Building Scalable, Open, Programmable and Application Centric Data Center with Cisco ACI 林 瑝 錦 / Jerry Lin Cisco Systems 2015 July Data Center Demands For the Cloud-Era Bare Metal VM Density and Server

More information

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how

More information

Next-Generation Datacenter Security Implementation Guidelines

Next-Generation Datacenter Security Implementation Guidelines Next-Generation Datacenter Security Implementation Guidelines March 2015 INTRODUCTION 3 DEPLOYMENT OVERVIEW 4 IMPLEMENTATION GUIDELINES 4 PA-7050 Boundary Firewalls to protect north-south traffic 5 Virtual

More information

EVOLVED DATA CENTER ARCHITECTURE

EVOLVED DATA CENTER ARCHITECTURE EVOLVED DATA CENTER ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER DAVID NOGUER BAU HEAD OF SP SOLUTIONS MARKETING JUNIPER NETWORKS @dnoguer @JuniperNetworks 1 Copyright 2014 Juniper

More information

CLOUD IS THE NEW COMPUTER

CLOUD IS THE NEW COMPUTER CLOUD IS THE NEW COMPUTER THE NEW TERMINAL-MAINFRAMES P L AT F O R M CLIENT-SERVER APP-CLOUD ENTERPRISE IT TRANSFORMATION THE CLOUD JOURNEY: 1. Eliminate infrastructure with public SaaS/PaaS 2. Flexible

More information

VMware NSX @SoftLayer!!

VMware NSX @SoftLayer!! A VMware@SoftLayer CookBook v1.1 April 30, 2014 VMware NSX @SoftLayer Author(s) & Contributor(s) (IBM) Shane B. Mcelligott Dani Roisman (VMware) Merlin Glynn, mglynn@vmware.com Chris Wall Geoff Wing Marcos

More information

Nuage Networks Virtualised Services Platform. Packet Pushers White Paper

Nuage Networks Virtualised Services Platform. Packet Pushers White Paper Nuage Networks Virtualised Services Platform Packet Pushers White Paper About the Author Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently

More information

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack Solution Overview Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack What You Will Learn Cisco and Canonical extend the network virtualization offered by the Cisco Nexus 1000V

More information

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000 VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and

More information

Qualifying SDN/OpenFlow Enabled Networks

Qualifying SDN/OpenFlow Enabled Networks Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled

More information

Simplify Your Data Center Network to Improve Performance and Decrease Costs

Simplify Your Data Center Network to Improve Performance and Decrease Costs Simplify Your Data Center Network to Improve Performance and Decrease Costs Summary Traditional data center networks are struggling to keep up with new computing requirements. Network architects should

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Why Software Defined Networking (SDN)? Boyan Sotirov

Why Software Defined Networking (SDN)? Boyan Sotirov Why Software Defined Networking (SDN)? Boyan Sotirov Agenda Current State of Networking Why What How When 2 Conventional Networking Many complex functions embedded into the infrastructure OSPF, BGP, Multicast,

More information

Delivering the Software Defined Data Center

Delivering the Software Defined Data Center Delivering the Software Defined Data Center Georgina Schäfer Sr. Product Marketing Manager VMware Calvin Rowland, VP, Business Development F5 Networks 2014 VMware Inc. All rights reserved. F5 & Vmware

More information

NETWORK AUTOMATION AND ORCHESTRATION

NETWORK AUTOMATION AND ORCHESTRATION White Paper NETWORK AUTOMATION AND ORCHESTRATION Building an Agile Data Center Infrastructure with Juniper Networks Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

Network Virtualization

Network Virtualization Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services

More information

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY

Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY Bruno Paolini EMEA, Managing Director bpaolini@anutanetworks.com 2013 Anuta Networks Agenda A few facts

More information

CERN Cloud Infrastructure. Cloud Networking

CERN Cloud Infrastructure. Cloud Networking CERN Cloud Infrastructure Cloud Networking Contents Physical datacenter topology Cloud Networking - Use cases - Current implementation (Nova network) - Migration to Neutron 7/16/2015 2 Physical network

More information

VMware. NSX Network Virtualization Design Guide

VMware. NSX Network Virtualization Design Guide VMware NSX Network Virtualization Design Guide Table of Contents Intended Audience... 3 Overview... 3 Components of the VMware Network Virtualization Solution... 4 Data Plane... 4 Control Plane... 5 Management

More information

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM Presenter: Vinit Jain, STSM, System Networking Development, IBM System & Technology Group A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio

More information

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor

More information

SDN and Data Center Networks

SDN and Data Center Networks SDN and Data Center Networks 10/9/2013 1 The Rise of SDN The Current Internet and Ethernet Network Technology is based on Autonomous Principle to form a Robust and Fault Tolerant Global Network (Distributed)

More information

VMware NSX DFW Policy Rules Configuration Technical White Paper

VMware NSX DFW Policy Rules Configuration Technical White Paper VMware NSX DFW Policy Rules Configuration Technical White Paper VMware NSX for vsphere, Release 6.x Sept 23, 2014 Contents Introduction... 2 Distributed Firewall Object Grouping Model... 3 NSX Security-

More information

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1 Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security

More information

Exploring Software-Defined Networking with Brocade

Exploring Software-Defined Networking with Brocade WHITE PAPER www.brocade.com IP Network Exploring Software-Defined Networking with Brocade This paper provides an overview of Software-Defined Networking (SDN), its expected role in cloud-optimized networks,

More information

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014 Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

More information

TRANSFORMING NETWORKING WITH OPEN SDN. Jason Matlof, VP Marke1ng April, 2013

TRANSFORMING NETWORKING WITH OPEN SDN. Jason Matlof, VP Marke1ng April, 2013 TRANSFORMING NETWORKING WITH OPEN SDN Jason Matlof, VP Marke1ng April, 2013 CLOSED & PROPRIETARY NETWORKING EQUIPMENT Ver1cally Integrated Systems Have Changed LiEle Over the Past 15 Years Feature 1 Feature

More information

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015 Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?

More information

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide

More information

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Dave Tucker Hewlett-Packard April 2013 1 About Me Dave Tucker WW Technical Marketing HP Networking dave.j.tucker@hp.com Twitter:

More information

Surviving the SDN Wars. Curt Beckmann Chair of Forwarding Abstractions WG, ONF and EMEA CTO

Surviving the SDN Wars. Curt Beckmann Chair of Forwarding Abstractions WG, ONF and EMEA CTO Surviving the SDN Wars Curt Beckmann Chair of Forwarding Abstractions WG, ONF and EMEA CTO 2014 Sequence Defining SDN and NFV Last 4 years Last 6 months What happens next for SDN? Defining SDN and NFV

More information

Utility Computing and Cloud Networking. Delivering Networking as a Service

Utility Computing and Cloud Networking. Delivering Networking as a Service Utility Computing and Cloud Networking Delivering Networking as a Service Overview Utility Computing OpenStack Virtual Networking Network Functions Virtualization Utility Computing Utility Computing: Everything

More information

Datacenter Networking. Joy ABOIM Consulting System Engineer

Datacenter Networking. Joy ABOIM Consulting System Engineer Datacenter Networking Joy ABOIM Consulting System Engineer Typical journey to a new Target Operating Model Standardise Vendors, architectures, devices (network, compute, storage) & their configurations

More information

Group-Based Policy for OpenStack

Group-Based Policy for OpenStack Group-Based Policy for OpenStack Introduction Over the past four years, OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in

More information

Cloud Networking From Theory to Practice" Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications"

Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) Networking engineer since 1985 Consultant, blogger (blog.ioshints.info),

More information

Overlay Networks: Connecting and Protecting Across Regions with Docker. Patrick Kerpan, CEO

Overlay Networks: Connecting and Protecting Across Regions with Docker. Patrick Kerpan, CEO Overlay Networks: Connecting and Protecting Across Regions with Docker Patrick Kerpan, CEO Agenda Background: Cohesive and the cloud Cloud Networking: Limitations Overlay networks: To the rescue Enter

More information

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things

More information

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS COMMON APPLICATION VIEW OF THE NETWORK Fallacies of Distributed Computing 1. The network is reliable. 2. Latency is zero. 3. Bandwidth is infinite. 4. The

More information

Orchestrating the next generation data center

Orchestrating the next generation data center Customer Driven Innovation A10 Networks Orchestrating the next generation data center WHD 2014 Do not distribute/edit/copy without the written consent of A10 Networks 2 About A10 3 Customer Driven Innovation

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information