Security Considerations of Software-defined Networks. Felix Klaedtke NEC Labs Europe, Heidelberg
|
|
- Sabrina Watson
- 7 years ago
- Views:
Transcription
1 Security Considerations of Software-defined Networks Felix Klaedtke NEC Labs Europe, Heidelberg
2 SDN Security Background
3 Software-defined Networking in a Nutshell Networks How networks operate is currently undergoing a major change network controller control plane control plane data plane control plane data plane control plane data plane control plane data plane data plane 3 NEC Corporation 2015
4 Software-defined Networking in a Nutshell (cont.) SDN eases network operation Standardized protocols between data plane and control plane OpenFlow is the most prominent one Supported by switch manufacturers The network becomes programmable Automate network operation tasks New/better/richer network services Network virtualization is seen as the killer app for SDN Various start-ups that build network applications (software!) An analogy: In the 60s and 70s: Still true today (mostly): specialized applications app app app app specialized features app app app app specialized OS OS (Windows, OSX, Linux) specialized control plane controller (ONOS and OpenDaylight) specialized hardware microprocessor specialized hardware switching hardware 4 NEC Corporation 2015
5 A Software-defined Network State of the art: network applications are built into the controller Developed/customized and deployed by the network administrator Controller specific A few exist for core network tasks (e.g., routing and monitoring) Envisioned: network applications as apps on your phone Developed by third parties and run by all kind of network users Controller independent Various apps for all sort of tasks (network app store, see e.g., OFPT_FLOW_MOD OFPT_PACKET_IN L3 SCR: L3 DST: L4 SRC: 5433 L4 DST: 80 forwarding element L3 SCR: L3 DST: L4 SRC: 5433 L4 DST: 80 SDN controller app 1 app 2 north-bound interface L3 SRC L3 DST ACTION 10.*.*.* 11.*.*.* fwd to port 2 south-bound interface 5 NEC Corporation 2015
6 SDN Architecture ONF s SDN architecture SDN Architecture Overview (version 1.1). ONF TR-504. November SDN controllers FlowVisor Ryu and many more opensource projects Also various proprietary controllers, e.g., NEC s ProgrammableFlow controller 6 NEC Corporation 2015
7 SDN Security Network applications Enhance security of SDN networks and build new security services Secure SDN networks against attacks, e.g., DoS Restrict and verify controller-switch interactions and secure network flows, e.g., by multitenant access control for network applications Leverage SDN to build new security services, such as isolated network slices 7 NEC Corporation 2015
8 Fingerprinting Software-defined Networks
9 Motivation Packets are processed much faster at the data plane of an SDN network than on its control plane SRC DST protocol out port * R TCP 1 SDN controller * R UDP 2 sender receiver An attacker can measure the processing times of packets Information leakage about the network s control logic 9 NEC Corporation 2015
10 Exploitations Knowledge about the controller-switch interactions empowers an attacker to launch powerful DoS attacks Overload the controller (e.g., too many packet-in messages) Overload the switch (e.g., fill TCAMs) SDN controller Fingerprinting the network can also be exploited for rule scanning Is it feasible to fingerprint an SDN network? Accuracy of predicting a controller-switch interaction? Impact of the number of switches? Active versus passive attacker? 10 NEC Corporation 2015
11 Testbed Simulation of a data-center architecture 3 NEC PF5240 switches and 1 OpenVswitch Floodlight controller Cross-traffic also processed by OpenFlow switches Probe from Internet firewall OpenFlow switches receiver Multiple sender locations around the globe (Amazon EC2 and Microsoft Azure) Measurements conducted over several weeks Time-based features measured at the sender 1. Dispersion 2. Round-Trip Time (RTT) 11 NEC Corporation 2015
12 Results 3 hardware switches PDF N : packet does not trigger rule installation PDF Y : packet triggers rule installation Distributions (PDF N and PDF Y ) significantly differ 1. Dispersion Stable over time Less affected by network size 2. Delta-RTT Less stable over time Can be extracted from passive measurement Experiments provide evidence that fingerprinting an SDN network is feasible With high accuracy (>95%) Number of hardware switches has minor impact Fingerprinting remains feasible even in the presence of a software switch Even a passive attacker can fingerprint an SDN network 12 NEC Corporation 2015
13 Countermeasure Control plane cannot be made significantly faster (ns instead of ms) Make processing times for packets indistinguishable Delay matching packets at a switch before forwarding them Severely harms network performance Delay the first few packets of old flows The delay can be determined from our observations Obscure attacker whether additional delay is caused by controller-switch interaction or our countermeasure No overhead for control plane, minor impact on network performance, and effective 13 NEC Corporation 2015
14 Control Plane Security Policies
15 Network Policies Focus on what should and shouldn t happen with the network packets Which network flows are allowed (e.g., which hosts can access which servers) For policy enforcement: firewalls and middleboxes Verification of network configurations (and also network applications) H. Mai, A. Khurshid, R. Agarwal, M.Cesar, B. Godfrey, S. T. King. Debugging the data plane with Anteater. SIGCOMM M. Canini, D. Venzano, P. Peresini, D. Kostic, J. Rexford. A NICE way to test OpenFlow applications. NSDI A. Khurshid and X. Zou, W. Zhou, M. Cesar, B. Godfrey. VeriFlow: Verifying networkwide invariants in real time. NSDI P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, S. Whyte. Real time network policy checking using header space analysis. NSDI T. Ball, N. Bjorner, A. Gember, S. Itzhaky, A. Karbyshev, M. Sagiv, M. Schapira, A. Valadarsky. VeriCon: Towards verifying controller programs in software-defined networks. PLDI and many more; see also the tutorial at last year s SIGCOMM What about policies for the control plane? How should and shouldn t network applications interact with each other? How should they react to certain network events? Mechanisms for policy enforcement or checking policy compliance of the control plane? 15 NEC Corporation 2015
16 Network Applications Examples: routing, traffic monitoring, Make use of the controller s APIs Access network resources through the controller Interact (directly or indirectly) with each other Operated buy different entities Current controllers trust the network applications; however, network applications: can wrongly interact with the controller (e.g., wrong use of APIs) can wrongly interact with each other can have competing objectives can be vulnerable (e.g., because of software bugs) can be malicious Note that we also trust the controller Its APIs can be buggy It can be vulnerable It even can be malicious and we trust the data plane components (e.g., switches) 16 NEC Corporation 2015
17 Trustworthy SDN Policy enforcement/compliance checking at runtime Isolation and virtualization Also simplifies network operation Reduces the risk of interference between components and network parts Physical resources are still shared (side channels) We need a trustworthy isolation platform Trusted computing Ensures that we run the intended software Support from hardware and software manufactures Need a root of trust Does, e.g., not protect from software bugs None is a silver bullet No surprise and not expected Mechanisms complement each other All can be applied to increase the trustworthiness of SDN networks 17 NEC Corporation 2015
18 Privileges of Network Applications Apply security principle of least privilege [Saltzer, 1974]: Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job. Extend ONF s SDN architecture Reference Monitor Principles of a reference monitor [Anderson, 1972]: 1. complete mediation 2. tamperproof 3. Verifiable Proof-of-concept implementation for the ONOS controller 18 NEC Corporation 2015
19 Network Resources OFPT_FLOW_MOD OFPT_PACKET_IN app 2 app 1 L3 SCR: L3 DST: L4 SRC: 5433 L4 DST: 80 forwarding element L3 SCR: L3 DST: L4 SRC: 5433 L4 DST: 80 SDN controller reference monitor north-bound interface L3 SRC L3 DST ACTION 10.*.*.* 11.*.*.* fwd to port 2 south-bound interface 1. The flow tables Hierarchical structured in flow spaces at the control plane Read and modify permissions Ownership and delegation 2. The flow rules Read and modify permissions Ownership and delegation 3. (OpenFlow) messages from data plane 4. (OpenFlow) messages to data plane 19 NEC Corporation 2015
20 Access Control Scheme The scheme is simple and at the controller s southbound (OpenFlow) Supports the principles of a reference monitor Can be complemented with schemes for higher network abstractions Resemblance with access control schemes of operating systems SDN OS (hierarchical) flow table directory flow rule file Attributes to express relations between flow rules In addition to the flow rules attributes (e.g., priority and timeout values) in the OpenFlow standard These new attributes are attached to flow rules and only exist at the control plane Example: no overwrite prevents the installation of overlapping flow rules with higher priority 20 NEC Corporation 2015
21 Policy Compliance (work in progress) Our reference monitor is limited in scope Basic access control at the SBI of the controller This limitation is on purpose Some policies are not enforceable by runtime monitors An enforceable policy is a safety property [Schneider, 2000] And not even all safety properties are enforceable [Basin et al., 2013] Enforcement might also be too expensive Aim for something weaker/stronger instead View the SDN network as a distributed system Monitor the behavior of the network components Check (offline or online) whether behavior is policy compliant, where policies are expressed in a rich specification language Current status Our policy specification language allows one to express temporal constraints Our online algorithm soundly handles message delays and message loss Our prototype implementation has a throughput of up to 200 message/second 21 NEC Corporation 2015
22 Concluding Remarks
23 Conclusions & Future Work Software is eating the world Marc Andreessen, 2011 SDN will make networks cheaper, richer, and more reliable Less specialized hardware Standardized APIs Network abstractions Virtualized network functions Etc. and also more secure However, SDN needs to be secured by itself Current state-of-the-art controllers still fall short in this respect The control plane (and everything above) is a valuable target Software is, e.g., buggy and vulnerable We have a rich tool set for system security Adapt and extend existing methods and techniques from other areas to SDN SDN networks are large and highly distributed systems Performance is critical in networking 23 NEC Corporation 2015
24 Personal Opinions There is nothing clever about SDN. Why hasn t it be done like this in the first place? The speed and achievements in SDN is amazing! 24 NEC Corporation 2015
25
26
Software Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David
More informationSoftware Defined Networking
Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:
More informationSDN. What's Software Defined Networking? Angelo Capossele
SDN What's Software Defined Networking? Angelo Capossele Outline Introduction to SDN OpenFlow Network Functions Virtualization Some examples Opportunities Research problems Security Case study: LTE (Mini)Tutorial
More informationSDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network
SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability
More informationSDN/Virtualization and Cloud Computing
SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer
More informationSoftware Defined Networks
Software Defined Networks Damiano Carra Università degli Studi di Verona Dipartimento di Informatica Acknowledgements! Credits Part of the course material is based on slides provided by the following authors
More informationTrusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015
Trusting SDN Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015 Who I am 18 years experience in Cryptography, Computer and Network Security Currently work at Trust Mechanisms,
More informationSoftware Defined Networking and the design of OpenFlow switches
Software Defined Networking and the design of OpenFlow switches Paolo Giaccone Notes for the class on Packet Switch Architectures Politecnico di Torino December 2015 Outline 1 Introduction to SDN 2 OpenFlow
More informationFormal Specification and Programming for SDN
Formal Specification and Programming for SDN relevant ID: draft-shin-sdn-formal-specification-01 Myung-Ki Shin, Ki-Hyuk Nam ETRI Miyoung Kang, Jin-Young Choi Korea Univ. Proposed SDN RG Meeting@IETF 84
More informationSecurity Challenges & Opportunities in Software Defined Networks (SDN)
Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products
More informationThe Internet: A Remarkable Story. Inside the Net: A Different Story. Networks are Hard to Manage. Software Defined Networking Concepts
The Internet: A Remarkable Story Software Defined Networking Concepts Based on the materials from Jennifer Rexford (Princeton) and Nick McKeown(Stanford) Tremendous success From research experiment to
More informationOpenFlow: Concept and Practice. Dukhyun Chang (dhchang@mmlab.snu.ac.kr)
OpenFlow: Concept and Practice Dukhyun Chang (dhchang@mmlab.snu.ac.kr) 1 Contents Software-Defined Networking (SDN) Overview of OpenFlow Experiment with OpenFlow 2/24 Software Defined Networking.. decoupling
More informationSoftware Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? Many slides stolen from Jennifer Rexford, Nick McKeown, Scott Shenker, Teemu Koponen, Yotam Harchol and David Hay Agenda
More informationTutorial: OpenFlow in GENI
Tutorial: OpenFlow in GENI GENI Project Office The current Internet is at an impasse because new architecture cannot be deployed or even adequately evaluated [PST04] [PST04]: Overcoming the Internet Impasse
More informationSoftware Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat
Software Defined Networking (SDN) OpenFlow and OpenStack Vivek Dasgupta Principal Software Maintenance Engineer Red Hat CONTENTS Introduction SDN and components SDN Architecture, Components SDN Controller
More informationTowards Software Defined Cellular Networks
Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton University) 1 Outline Critiques of LTE Architecture CellSDN
More informationSoftware-Defined Networks: on the road to the softwarization of networking
Software-Defined Networks: on the road to the softwarization of networking Fernando M. V. Ramos LaSIGE/FCUL, University of Lisboa, Portugal fvramos@ciencias.ulisboa.pt Diego Kreutz, Paulo Verissimo SnT/University
More informationAn Assertion Language for Debugging SDN Applications
An Assertion Language for Debugging SDN Applications Ryan Beckett, X. Kelvin Zou, Shuyuan Zhang, Sharad Malik, Jennifer Rexford, and David Walker Princeton University {rbeckett, xuanz, shuyuanz, sharad,
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationCloud Computing Security: What Changes with Software-Defined Networking?
Cloud Computing Security: What Changes with Software-Defined Networking? José Fortes Center for Cloud and Autonomic Computing Advanced Computing and Information Systems Lab ARO Workshop on Cloud Security
More informationHow To Understand The Power Of The Internet
DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach, Kurose, Ross Slides: - Course book Slides - Slides from Princeton University COS461
More informationCurrent Trends of Topology Discovery in OpenFlow-based Software Defined Networks
1 Current Trends of Topology Discovery in OpenFlow-based Software Defined Networks Leonardo Ochoa-Aday, Cristina Cervello -Pastor, Member, IEEE, and Adriana Ferna ndez-ferna ndez Abstract The explosion
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationLTE - Can SDN paradigm be applied?
LTE - Can SDN paradigm be applied? Source of this presentation: Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton
More informationSoftware-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe
Software-Defined Networking for the Data Center Dr. Peer Hasselmeyer NEC Laboratories Europe NW Technology Can t Cope with Current Needs We still use old technology... but we just pimp it To make it suitable
More informationOutline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering
Institute of Computer and Communication Network Engineering Institute of Computer and Communication Network Engineering Communication Networks Software Defined Networking (SDN) Prof. Dr. Admela Jukan Dr.
More informationSoftware Defined Networking A quantum leap for Devops?
Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing
More informationMultiple Service Load-Balancing with OpenFlow
2012 IEEE 13th International Conference on High Performance Switching and Routing Multiple Service Load-Balancing with OpenFlow Marc Koerner Technische Universitaet Berlin Department of Telecommunication
More informationON THE IMPLEMENTATION OF ADAPTIVE FLOW MEASUREMENT IN THE SDN-ENABLED NETWORK: A PROTOTYPE
ON THE IMPLEMENTATION OF ADAPTIVE FLOW MEASUREMENT IN THE SDN-ENABLED NETWORK: A PROTOTYPE PANG-WEI TSAI, CHUN-YU HSU, MON-YEN LUO AND CHU-SING YANG NATIONAL CHENG KUNG UNIVERSITY, INSTITUTE OF COMPUTER
More informationOpen Source Network: Software-Defined Networking (SDN) and OpenFlow
Open Source Network: Software-Defined Networking (SDN) and OpenFlow Insop Song, Ericsson LinuxCon North America, Aug. 2012, San Diego CA Objectives Overview of OpenFlow Overview of Software Defined Networking
More informationIPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks
IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks Renato Figueiredo Advanced Computing and Information Systems Lab University of Florida ipop-project.org Unit 3: Intra-cloud Virtual Networks
More informationSoftware Defined Networking Seminar
Software Defined ing Seminar Introduction - Summer Term 2014 Net Jeremias Blendin jblendin@ps.tu-darmstadt.de Prof. Dr. David Hausheer hausheer@ps.tu-darmstadt.de PS Peer-to-Peer Systems Engineering Prof
More informationOF 1.3 Testing and Challenges
OF 1.3 Testing and Challenges May 1 st, 2014 Ash Bhalgat (Senior Director, Products), Luxoft Santa Clara, CA USA April-May 2014 1 Agenda OpenFlow : What and Why? State of OpenFlow Conformance Challenges
More informationImproving Network Management with Software Defined Networking
Improving Network Management with Software Defined Networking Hyojoon Kim and Nick Feamster, Georgia Institute of Technology 2013 IEEE Communications Magazine Presented by 101062505 林 瑋 琮 Outline 1. Introduction
More informationSoftware Defined Networking and Network Virtualization
Software Defined Networking and Network Virtualization Aryan TaheriMonfared aryan.taherimonfared@uis.no October 02, 2013 Software Defined Networking and Agenda Motivation 1 Motivation 2 What is OpenFlow?
More informationOpen Source Tools & Platforms
Open Source Tools & Platforms Open Networking Lab Ali Al-Shabibi Agenda Introduction to ON.Lab; Who we are? What we are doing? ONOS Overview OpenVirtex Overview ONRC Organizational Structure Berkeley Scott
More informationUsing SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014
Using SouthBound APIs to build an SDN Solution Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Agenda About Midokura Drivers of SDN & Network Virtualization Adoption SDN Architectures Why OpenDaylight? Use
More informationOpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?
OpenFlow and Onix Bowei Xu boweixu@umich.edu [1] McKeown et al., "OpenFlow: Enabling Innovation in Campus Networks," ACM SIGCOMM CCR, 38(2):69-74, Apr. 2008. [2] Koponen et al., "Onix: a Distributed Control
More informationNetwork-Wide Change Management Visibility with Route Analytics
Network-Wide Change Management Visibility with Route Analytics Executive Summary Change management is a hot topic, and rightly so. Studies routinely report that a significant percentage of application
More informationLPM: Layered Policy Management for Software-Defined Networks
LPM: Layered Policy Management for Software-Defined Networks Wonkyu Han 1, Hongxin Hu 2 and Gail-Joon Ahn 1 1 Arizona State University, Tempe, AZ 85287, USA {whan7,gahn}@asu.edu 2 Clemson University, Clemson,
More informationSDN_CDN Documentation
SDN_CDN Documentation Release 0.1.1 introom9 October 27, 2015 Contents 1 What s it about 1 2 Get the code 3 3 Contents: 5 3.1 Overview................................................. 5 3.2 sdn_module................................................
More informationSoftware Defined Networks (SDN)
Software Defined Networks (SDN) Nick McKeown Stanford University With: Martín Casado, Teemu Koponen, Scott Shenker and many others With thanks to: NSF, GPO, Stanford Clean Slate Program, Cisco, DoCoMo,
More informationWedge Networks: Transparent Service Insertion in SDNs Using OpenFlow
Wedge Networks: EXECUTIVE SUMMARY In this paper, we will describe a novel way to insert Wedge Network s multiple content security services (such as Anti-Virus, Anti-Spam, Web Filtering, Data Loss Prevention,
More informationA Mock RFI for a SD-WAN
A Mock RFI for a SD-WAN Ashton, Metzler & Associates Background and Intended Use After a long period with little if any fundamental innovation, the WAN is now the focus of considerable innovation. The
More informationQualifying SDN/OpenFlow Enabled Networks
Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled
More informationInvariant Preserving Middlebox Traversal
Invariant Preserving Middlebox Traversal Ahmed Abujoda and Panagiotis Papadimitriou Institute of Communications Technology, Leibniz Universität Hannover, Germany {first.last}@ikt.uni-hannover.de Abstract.
More informationA Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits
More informationHow To Write A Network Plan In Openflow V1.3.3 (For A Test)
OpenFlowand IPv6 Two great tastes that taste great together! Scott Hogg, CTO GTRI Chair Emeritus RMv6TF Infoblox IPv6 COE Today s Outline Software-Defined Networking Background Introduction to OpenFlow
More informationOpenFlow Technology Investigation Vendors Review on OpenFlow implementation
OpenFlow Technology Investigation Vendors Review on OpenFlow implementation Ioan Turus, NORDUnet GN3 JRA1 T1&2, Copenhagen, 21.11.2012 Outline! Software Defined Networks (SDN)! Introduction to OpenFlow!
More informationCS 91: Cloud Systems & Datacenter Networks Networks Background
CS 91: Cloud Systems & Datacenter Networks Networks Background Walrus / Bucket Agenda Overview of tradibonal network topologies IntroducBon to soeware- defined networks Layering and terminology Topology
More informationHow SDN will shape networking
How SDN will shape networking Nick McKeown Stanford University With: Martín Casado, Teemu Koponen, Sco> Shenker and many others With thanks to: NSF, GPO, Stanford Clean Slate Program, Cisco, DoCoMo, DT,
More informationWHITE PAPER. SDN Controller Testing: Part 1
WHITE PAPER SDN Controller Testing: Part 1 www.ixiacom.com 915-0946-01 Rev. A, April 2014 2 Table of Contents Introduction... 4 Testing SDN... 5 Methodologies... 6 Testing OpenFlow Network Topology Discovery...
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationTransport SDN Toolkit: Framework and APIs. John McDonough OIF Vice President NEC BTE 2015
Transport SDN Toolkit: Framework and APIs John McDonough OIF Vice President NEC BTE 2015 Transport SDN Toolkit Providing carriers with essential tools in the Transport SDN toolkit How to apply SDN to a
More informationBROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE
BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE Network Switch Business Unit Infrastructure and Networking Group 1 TOPICS SDN Principles Open Switch Options Introducing OF-DPA
More informationFlowGuard: Building Robust Firewalls for Software-Defined Networks. Hongxin Hu, Wonkyu Han, Gail-Joon Ahn and Ziming Zhao
FlowGuard: Building Robust Firewalls for Software-Defined Networks Hongxin Hu, Wonkyu Han, Gail-Joon Ahn and Ziming Zhao HotSDN 2014 Outline Introduction Challenges for Building FW in SDN FlowGuard framework
More informationOpenFlow Overview. Daniel Turull danieltt@kth.se
OpenFlow Overview Daniel Turull danieltt@kth.se Overview OpenFlow Software Defined Networks (SDN) Network Systems Lab activities Daniel Turull - Netnod spring meeting 2012 2 OpenFlow Why and where was
More informationOpenFlow: Load Balancing in enterprise networks using Floodlight Controller
OpenFlow: Load Balancing in enterprise networks using Floodlight Controller Srinivas Govindraj, Arunkumar Jayaraman, Nitin Khanna, Kaushik Ravi Prakash srinivas.govindraj@colorado.edu, arunkumar.jayaraman@colorado.edu,
More informationSecurity in Software Defined Networking. Professor : Admela Jukan Supervisor : Marcel Caria Student : Siqian Zhao
Security in Software Defined Networking Professor : Admela Jukan Supervisor : Marcel Caria Student : Siqian Zhao Overview Software Defined Networking (SDN) Legacy Networking VS. SDN advantages of SDN the
More informationSOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel
SOFTWARE DEFINED NETWORKS REALITY CHECK DENOG5, Darmstadt, 14/11/2013 Carsten Michel Software Defined Networks (SDN)! Why Software Defined Networking? There s a hype in the industry!! Dispelling some myths
More informationPoisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu Presented by Alaa Shublaq SDN Overview Software-Defined Networking
More informationGetting to know OpenFlow. Nick Rutherford Mariano Vallés {nicholas,mariano}@ac.upc.edu
Getting to know OpenFlow Nick Rutherford Mariano Vallés {nicholas,mariano}@ac.upc.edu OpenFlow Switching 1. A way to run experiments in the networks we use everyday. A pragmatic compromise Allow researchers
More informationEventBus Module for Distributed OpenFlow Controllers
EventBus Module for Distributed OpenFlow Controllers Igor Alekseev Director of the Internet Center P.G. Demidov Yaroslavl State University Yaroslavl, Russia aiv@yars.free.net Mikhail Nikitinskiy System
More informationOpenFlow, Network Function Virtualisation, Virtualised Network Function, Network Virtualisation, IEEE 802.1X, Authentication and Authorization.
Deploying a virtual network function over a software defined network infrastructure: experiences deploying an access control VNF in the University of Basque Country s OpenFlow enabled facility Eduardo
More informationCherryPick: Tracing Packet Trajectory in Software-Defined Datacenter Networks
CherryPick: Tracing Packet Trajectory in Software-Defined Datacenter Networks Praveen Tammana University of Edinburgh Rachit Agarwal UC Berkeley Myungjin Lee University of Edinburgh ABSTRACT SDN-enabled
More informationNetwork Security through Software Defined Networking: a Survey
jerome.francois@inria.fr 09/30/14 Network Security through Software Defined Networking: a Survey Jérôme François, Lautaro Dolberg, Olivier Festor, Thomas Engel 2 1 Introduction 2 Firewall 3 Monitoring
More informationSecuring Local Area Network with OpenFlow
Securing Local Area Network with OpenFlow Master s Thesis Presentation Fahad B. H. Chowdhury Supervisor: Professor Jukka Manner Advisor: Timo Kiravuo Department of Communications and Networking Aalto University
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationSoftware Defined Networking Security
Software Defined Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering
More informationHow OpenFlow-based SDN can increase network security
How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks
More informationNetwork Virtualization and Application Delivery Using Software Defined Networking
Network Virtualization and Application Delivery Using Software Defined Networking Project Leader: Subharthi Paul Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Keynote at
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationThe State of OpenFlow: Advice for Those Considering SDN. Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University ssw@iu.
The State of OpenFlow: Advice for Those Considering SDN Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University ssw@iu.edu 2 3 4 SDN is an architecture Separation of Control and Data Planes
More informationThe OpenDaylight Project
The OpenDaylight Project June 2015 @OpenDaylightSDN #OpenSDN OpenDaylight SDN Platform Open Source Linux Foundation Collaboration Software Defined Networking Network Function Virtualization Innovation
More informationStanford SDN-Based Private Cloud. Johan van Reijendam (jvanreij@stanford.edu) Stanford University
Stanford SDN-Based Private Cloud (jvanreij@stanford.edu) Stanford University Executive Summary The Web and its infrastructure continue to make phenomenal progress, allowing the creation and scaling of
More informationProviding Reliable FIB Update Acknowledgments in SDN
Providing Reliable FIB Update Acknowledgments in SDN Maciej Kuźniar EPFL maciej.kuzniar@epfl.ch Peter Perešíni EPFL peter.peresini@epfl.ch Dejan Kostić KTH Royal Institute of Technology dmk@kth.se ABSTRACT
More informationCOMPSCI 314: SDN: Software Defined Networking
COMPSCI 314: SDN: Software Defined Networking Nevil Brownlee n.brownlee@auckland.ac.nz Lecture 23 Current approach to building a network Buy 802.3 (Ethernet) switches, connect hosts to them using UTP cabling
More informationSDN and OpenFlow. Naresh Thukkani (ONF T&I Contributor) Technical Leader, Criterion Networks
SDN and OpenFlow Naresh Thukkani (ONF T&I Contributor) Technical Leader, Criterion Networks Open 2014 Open SDN Networking India Foundation Technology Symposium, January 18-19, 2015, Bangalore Agenda SDN
More informationOpenFlow: History and Overview. Demo of OpenFlow@home routers
Affan A. Syed affan.syed@nu.edu.pk Syed Ali Khayam ali.khayam@seecs.nust.edu.pk OpenFlow: History and Overview Dr. Affan A. Syed OpenFlow and Software Defined Networking Dr. Syed Ali Khayam Demo of OpenFlow@home
More informationSPIRIT: A Framework for Profiling SDN
SPIRIT: A Framework for Profiling SDN Heedo Kang, Seungsoo Lee, Chanhee Lee, Changhoon Yoon and Seungwon Shin Graduate School of Information Security, School of Computing, KAIST Email : {kangheedo, lss365,
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationSDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks
SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks Christian Röpke and Thorsten Holz Horst Görtz Institute for IT-Security (HGI) Ruhr-University Bochum christian.roepke@rub.de,
More informationSoftware-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments
Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments Aryan TaheriMonfared Department of Electrical Engineering and Computer Science University of Stavanger
More informationSDN and Streamlining the Plumbing. Nick McKeown Stanford University
SDN and Streamlining the Plumbing Nick McKeown Stanford University What is SDN? (when we clear away all the hype) A network in which the control plane is physically separate from the forwarding plane.
More information2013 ONS Tutorial 2: SDN Market Opportunities
2013 ONS Tutorial 2: SDN Market Opportunities SDN Vendor Landscape and User Readiness Jim Metzler, Ashton, Metzler & Associates Jim@ashtonmetzler.com April 15, 2013 1 1 Goals & Non-Goals Goals: Describe
More informationFloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks
FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks Haopei Wang SUCCESS Lab Texas A&M University haopei@cse.tamu.edu Lei Xu SUCCESS Lab Texas A&M University xray2012@cse.tamu.edu
More informationAn Introduction to Software-Defined Networking (SDN) Zhang Fu
An Introduction to Software-Defined Networking (SDN) Zhang Fu Roadmap Reviewing traditional networking Examples for motivating SDN Enabling networking as developing softwares SDN architecture SDN components
More informationSDN Security Design Challenges
Nicolae Paladi SDN Security Design Challenges SICS Swedish ICT! Lund University In Multi-Tenant Virtualized Networks Multi-tenancy Multiple tenants share a common physical infrastructure. Multi-tenancy
More informationA Study on Software Defined Networking
A Study on Software Defined Networking Yogita Shivaji Hande, M. Akkalakshmi Research Scholar, Dept. of Information Technology, Gitam University, Hyderabad, India Professor, Dept. of Information Technology,
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationWindows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center
Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE Overview IT Network Global Solutions Division UNIVERGE Support Center ProgrammableFlow API architecture Microsoft VSEM Provider Third
More informationEmerging Software Defined Networking & Open APIs Ecosystem
Emerging Software Defined Networking & Open APIs Ecosystem VISIT SNE STUDENTS, 18 MAART 2015 Ronald van der Pol Ronald.vanderPol@surfnet.nl Content Emerging open hardware & open APIs in networking Software
More informationThe Past, Present, and Future of Software Defined Networking
The Past, Present, and Future of Software Defined Networking Nick Feamster University of Maryland feamster@cs.umd.edu Steve Woodrow, Srikanth Sundaresan, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationWhite Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com
SDN 101: An Introduction to Software Defined Networking citrix.com Over the last year, the hottest topics in networking have been software defined networking (SDN) and Network ization (NV). There is, however,
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationEvripidis Paraskevas (ECE Dept. UMD) 04/09/2014
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds (T. Ristenpart, Eran Tromer, Hovav Schacham and Stefan Savage CCS 2009) Evripidis Paraskevas (ECE Dept. UMD) 04/09/2014
More informationThe 2013 Guide to Network Virtualization and SDN
The 2013 Guide to Network Virtualization and SDN Part 3: The Network Virtualization and SDN Ecosystem By Dr. Jim Metzler, Ashton Metzler & Associates Distinguished Research Fellow and Co-Founder Webtorials
More information