SDN security. Nokia Research perspective. Peter Schneider Version Nokia Solutions and Networks 2015 Public
|
|
|
- Kelly Holland
- 10 years ago
- Views:
Transcription
1 SDN security Nokia Research perspective Peter Schneider Version Nokia Solutions and Networks 2015
2 Agenda Security at Nokia SDN in mobile networks SDN security research SDN security standardization Securing SDN based networks Using SDN to implement security solutions Conclusion: SDN security challenges and opportunities 2 Nokia Solutions and Networks 2015
3 Security at Nokia Product security - security processes - security leads per product - security managers per product line - central product security team Security products (including services) Security Research: Teams in Munich and Espoo (~20 people) Security Experts in various functions (e.g. standardisation) 3 Nokia Solutions and Networks 2015
4 Nokia Security building blocks 4 Nokia Solutions and Networks 2015
5 Nokia s mobile network security vision Summary of Research areas 1 Embedded security for 5G 2 Intelligent monitoring & response 3 Improving the security foundation 4 Easy security management & usability 5 Tool supported cooperation Nokia Solutions and Networks 2015
6 The evolved packet system (4G mobile network) Node B 3G RAN 2G RAN RNC 4G Mobile Core Network (Evolved Packet Core) SGSN Charging system Control plane User plane Control+user plane Trusted BTS BSC MME Untrusted Internet enb LTE RAN Serv.-GW PDN-GW Trusted Non-3GPP Access Network HSS PCRF Corporate IP networks Untrusted Non-3GPP Access Network 3GPP AAA Server epdg IMS / Operator services Don t care about all these abbreviations! 6 Nokia Solutions and Networks 2015
7 SDN in future telco networks (still LTE, evolution example) Control functions move into the cloud Gateways may be split into control and forwarding part SDN for networking within the cloud SDN for backhauling Forwarding SDN for gateway control Forwarding 7 Nokia Solutions and Networks 2015
8 SDN in an 5G e2e network architecture 5G Radio Management & Orchestration Access Cloud Evolved Core Cloud 5G WAN frontend cm-wave frontend mm-wave frontend LTE (all variants) Wifi access 2G, 3G Multi-connectivity Application-aware radio scheduler (Centralized) radio resource control Controllers Fixed access Distributed Gateway Software-defined fronthaul Distributed MEC Software-defined backhaul Virtualized resources SDN SDN SDN Network applications Customer experience management QoS on demand Session on demand Service chaining Data plane Dynamic QoS/QoE management Mobility on demand Virtualized resources SDN SDN Built-in Security Software-defined transport SDN 8 Nokia Solutions and Networks 2015
9 Work on SDN security at Nokia Research Interacting with the research community Own research - understand the SDN security issues - solution sketches for Nokia products/services including SDN - intellectual property rights - internal/external research papers/presentations Monitoring/supporting SDN standardisation Monitoring the market (commercial SDN products) Nokia internal enabling; ultimate goal is to create secure innovative products 9 Nokia Solutions and Networks 2015
10 Monitoring the SDN security research community examples (1/3) M.Tsugawa et al., Cloud Computing Security: What Changes with Software-Defined Networking? [1]: Good description of both security challenges and opportunities of SDN. Many considerations are not restricted to the cloud scenario. R.Klöti, Master Thesis OpenFLow: A Security Analysis [2]: Detailed analysis of a number of attack scenarios, focuses partly on quite sophisticated, slightly academic attacks. Further valuable vulnerability analyses in - K.Benton et al., OpenFlow vulnerability assessment [3] - A. Shalimov et al., Advanced study of SDN/OpenFlow controllers [4] - D. Kreutz et al.: Towards Secure and Dependable Software-Defined Networks [5] but mitigation measures given in [5] seem cumbersome in practice A.Crenshaw, Security and Software Defined Networking: Practical Possibilities and Potential Pitfalls [6] gives a nice example how to implement ARP poisoning protection 10 Nokia Solutions and Networks 2015
11 Monitoring the SDN security research community examples (2/3) Valuable contributions by the research team OpenFlowSec.org (see - Security enhanced OpenFlow controllers FortNOX and SE-Floodlight: Ensure secure access of applications to network resources, provide patterns simplifying the programming of threat mitigation measures (see [7] and [8]) - FRESCO: an OpenFlow security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled detection and mitigation modules [9] Access control for applications via the SDN controller - Wen, X., et al., Towards a Secure Controller Platform for OpenFlow Applications [10] - S.Shin et al., Rosemary: A Robust, Secure, and High-Performance Network Operating System [11] 11 Nokia Solutions and Networks 2015
12 Monitoring the SDN security research community examples (3/3) Improving security techniques by SDN - S. A. Mehdi et al., Revisiting traffic anomaly detection using software defined networking [12] - R. Skowyra et al., Software-Defined IDS for Securing Embedded Mobile Devices [13] - S. Shin and G. Gu, CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks [ ] [14] Network virtualization (and isolation) using SDN: - R. Sherwood et al., Flowvisor: A network virtualization layer [15] 12 Nokia Solutions and Networks 2015
13 SDN security research in SASER-SIEGFRIED SASER (Safe and Secure European Routing) ( ): - Celtic-Plus project with national funding in Germany, France, Finland - a large project in Germany: three divisions led by different vendors, 36M funding - originally an optics project, but with security focus; 3 years runtime ( ) - SASER-SIEGFRIED: one of the German divisions of SASER, led by Nokia, with a substantial work package on security, including SDN security SDN security work in SASER-SIEGFRIED - SDN security basics (threats, protection measures) - concepts to control the interaction of multiple applications on an SDN controller - SDN security lab, PoC implementations of security for southbound and northbound interface, admission control system for applications - publications, e.g. C.Röbke, T.Holz, Retaining Control Over SDN Network Services [16] - SDN demos including security features, see S. Gebert, et al., Demonstrating the Optimal Placement of Virtualized Cellular Network Functions in Case of Large Crowd Events [17] 13 Nokia Solutions and Networks 2015
14 Monitoring SDN security standardization: ONF SDN Architecture document: Reasonable (high level) statements on security ONF specifications (examples): - OF-Switch: Optional use of TLS, no TLS-profile specified - OF-Config: Based on NetConf security using SSH or TLS ONF Principles document: - First output of the ONF Security Project (after a slow start as Security Discussion Group ) - 8 rather generic security principles, 24 security requirements - Reasonable recommendations how to improve the security of OF-Switch - What will be the impact of this work? Overall, the ONF security work appears somewhat immature. 14 Nokia Solutions and Networks 2015
15 Monitoring SDN security standardization: Others IRTF SDN research group: Security as a field of interest in the charter, but no output so far (?). Discussions at IETF#92 how to move on with the group. IETF SDN related WGs (examples): - ForCES: Use secure transport protocol between forwarding and control plane, e.g. SCTP/IPsec; programmability of the network not in scope - I2RS: Reasonable security requirements for the interface; could be based on NetConf security using SSH or TLS - A new activity: I2NSF ( interface to network security functions ) ETSI ISG NFV: SDN usage in NFV covered in EVE (Evolution and Ecosystem) group; early draft Report on SDN Usage in NFV Architectural Framework ; security aspects not yet elaborated; also no respective work item in the NFV SEC (Security) group 15 Nokia Solutions and Networks 2015
16 Threats to an SDN-based network Attacks Virtualized/ Malicious Cloud Environment Application Application Malicious Application Application from the forwarding plane from the control network via the northbound interface from the virtualized/cloud environment SDN Controller Control Network SDN Switch SDN Switch 16 Nokia Solutions and Networks 2015 SDN Switch
17 Securing an SDN-based network Protection of protocol interfaces (controller-switch i/f, possibly northbound i/f): - preferably cryptographic protection (e.g. IPsec or TLS) - sound, robust protocol implementations - optionally a firewall in front of the controller to protect it against well known network and transport layer attacks (like TCP SYN floods) Sound authentication and authorization concepts for network control by applications via the northbound interface, including conflict resolution Security measures for virtualized/cloud environments when running the controller there (this is an issue of its own, to be solved independently of SDN) Security measures as applicable also to traditional networks 17 Nokia Solutions and Networks 2015
18 Securing an SDN-based network further details Backup Security measures for virtualized/cloud environments, like - sound, robust implementations of the hypervisors and the overall cloud management software - security zones (logical and optionally even physical separation/isolation) - dedicated security functions (like firewalls) as part of the hypervisor or in VMs - traffic separation (dedicated virtual switches, VLANs) - cryptographic protection: traffic to/from/between VMs, data on storage Security measures as applicable also to traditional networks, like - secure OAM (Operation, Administration and Maintenance) - secure operation of network protocols and services (e.g. routing, DNS, NTP) - individual protection of each network function (formerly physical boxes, now VNFs) 18 Nokia Solutions and Networks 2015
19 Securing an SDN-based network Cryptographic protection Sound authentication and authorization concepts Robust implementation, overload control Cryptographic protection Application Secure SDN SDN Controller controller Control Network Application Application Firewall Secure Virtualized/ Virtualized/ Cloud Environment Cloud En- vironment Robust implementation, overload control SDN Switch SDN Switch SDN Switch 19 Nokia Solutions and Networks 2015
20 Using SDN to Improve Network Security Advocates of SDN claim substantial benefits such as Increased network reliability and security as a result of centralized and automated management of network devices, uniform policy enforcement, and fewer configuration errors (from the ONF). But network security will not increase by simply applying SDN! Security opportunities do exist: - fine granular, agile control over all traffic flows: monitor traffic on flow basis; block suspicious flows or redirect them to dedicated security devices - centralized control: unify security policies, adapt them automatically and consistently - programmability: implement security solutions as apps on the controller - advantageous combination of SDN-based + traditional security solutions possible - running controllers in cloud environments to make them resilient against DoS attacks 20 Nokia Solutions and Networks 2015
21 Straightforward example of an SDN-based security solution Anti-DoS App policies Get Flow Statistics Backup Set Blocking Rules SDN Controller SDN Switch SDN Switch Target Server SDN Switch 21 Nokia Solutions and Networks 2015
22 Demo-setup: Mobile Guard interacting with de-composed gateways Virtualized/Cloud Environment S-GW App P-GW App GW control Mobile Guard Detect malware activity Isolate infected terminal Sanitizing Server S-GW U Probe P-GW U X IP Service Network 22 Nokia Solutions and Networks 2015 Disclaimer: This is a demo setup, not an available Nokia solution!
23 SDN security products - examples Nokia s Mobile Guard is a commercial security product - but SDN is currently only a feature candidate Radware Defense Flow ( HP SDN App Store ( - HP Network Protector - Bluecat DNS Director - F5 BIG DDoS Umbrella - Guardicore Active Honeypot Related to network virtualisation: VMWare (NSX), Cisco (ACI) and others 23 Nokia Solutions and Networks 2015
24 SDN security: Challenges versus opportunities SDN Feature Challenge Opportunity Separation forwarding/control Centralized control Controllers in clouds Agile and fine granular control Network programmability increased attack surface (but good protection mechanisms exist) successful attacks have huge impact various threats, like attacks via hypervisor vulnerabilities increases complexity, is a source of errors, may be abused abuse of control functions, exploiting vulnerabilities, compromising controllers (basis for other opportunities) unify security policies, adapt them automatically & consistently use elasticity of resources to overcome DoS attacks facilitates security solutions that need to execute such control facilitates efficient deployment of security solutions running as applications on controllers 24 Nokia Solutions and Networks 2015
25 Conclusion Security Challenges Network programmability Controllers in cloud environments Security Opportunities Unified but still agile control Efficient deployment of security solutions as network applications Considerable care and security awareness is required to mitigate the threats! Turning the opportunities into better network security is a process that has just started! 25 Nokia Solutions and Networks 2015
26
27 References [1] Maurício Tsugawa, Andréa Matsunaga, and José A.B. Fortes, Cloud Computing Security: What Changes with Software-Defined Networking? in S. Jajodia et al. (eds.), Secure Cloud Computing, DOI / , Springer Science+Business Media New York 2014 [2] Rowan Klöti, Master Thesis OpenFLow: A Security Analysis, ETH Zürich (retrieved at ftp://ftp.tik.ee.ethz.ch/pub/students/2012-hs/ma pdf ) [3] K.Benton et al., "OpenFlow vulnerability assessment, In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. HotSDN'13 (2013) [4] A. Shalimov et al., Advanced study of SDN/OpenFlow controllers, Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia, ACM, New York 2013 [5] Kreutz, D., Ramos, F., Verissimo, P.: Towards Secure and Dependable Software-Defined Networks. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. HotSDN'13 (2013) [6] Adrian Crenshaw, Security and Software Defined Networking: Practical Possibilities and Potential Pitfalls, Indiana University, Dec 16, 2012 (published on [7] Phillip Porras et al., A Security Enforcement Kernel for OpenFlow Networks, Proceedings of the ACm SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN), 2012 [8] Phillip Porras et al., Securing the Software-Defined Network Control Layer, NDSS 15, 8-11 February 2015, San Diego, CA, USA; Copyright 2015 Internet Society, ISBN X; retrieved: [9] S. Shin, P.A. Porras, V. Yegneswaran, M.W. Fong, G. Gu, M. Tyson, "FRESCO: Modular Composable Security Services for Software- Defined Networks," Proceedings of the ISOC Network and Distributed System Security Symposium, San Diego, CA, February Nokia Solutions and Networks 2015
28 References [10] Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y.: Towards a Secure Controller Platform for OpenFlow Applications. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. HotSDN'13 (2013) [11] S.Shin et al., Rosemary: A Robust, Secure, and High-Performance Network Operating System, CCS 14, Nov 3, Arizona, USA. Retrieved on April 20, 2015 from [12] S. A. Mehdi, J. Khalid, and S. A. Khayam, Revisiting traffic anomaly detection using software defined networking, in Recent Advances in Intrusion Detection. Springer, 2011, pp [13] R. Skowyra, S. Bahargam, and A. Bestavros, Software-Defined IDS for Securing Embedded Mobile Devices, [Online]. Available: [14] S. Shin and G. Gu, CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?), in 20th IEEE International Conference on Network Protocols (ICNP). IEEE, 2012, pp [15] R. Sherwood et al., Flowvisor: A network virtualization layer, OpenFlow Switch Consortium, Tech. Rep, 2009 [16] C.Röbke, T.Holz, Retaining Control Over SDN Network Services, Proceedings of the International Conference of Net-worked Systems, IEEE 2015, retrieved at [17] S. Gebert, D. Hock, T. Zinner, P. Tran-Gia, M. Hoffmann, M. Jarschel, E. D. Schmidt, R. Braun, C. Banse, Demonstrating the Optimal Placement of Virtualized Cellular Network Functions in Case of Large Crowd Events, ACM SIGCOMM 2014, Chicago, USA, August 17-22, Nokia Solutions and Networks 2015
4G Mobile Networks At Risk
07.05.1203 Consortium Attack analysis and Security concepts for MObile Network infastructures supported by collaborative Information exchange 4G Mobile Networks At Risk The ASMONIA Threat and Risk Analysis
OperationCheckpoint: SDN Application Control
OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec 14) 19 October 2014 Sandra Scott-Hayward, Christopher Kane and Sakir Sezer [email protected] Centre for
SDN Interfaces and Performance Analysis of SDN components
Institute of Computer Science Department of Distributed Systems Prof. Dr.-Ing. P. Tran-Gia SDN Interfaces and Performance Analysis of SDN components, David Hock, Michael Jarschel, Thomas Zinner, Phuoc
How to secure an LTE-network: Just applying the 3GPP security standards and that's it?
How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro
SDN Security Design Challenges
Nicolae Paladi SDN Security Design Challenges SICS Swedish ICT! Lund University In Multi-Tenant Virtualized Networks Multi-tenancy Multiple tenants share a common physical infrastructure. Multi-tenancy
Designing Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
How OpenFlow-based SDN can increase network security
How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF [email protected] +49 151 1265 0830 Important elements The objective is to build SDN networks
Virtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
Security Challenges & Opportunities in Software Defined Networks (SDN)
Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products
FRESCO: Modular Composable Security Services for So;ware- Defined Networks
FRESCO: Modular Composable Security Services for So;ware- Defined Networks Seungwon Shin, Phil Porras, Vinod Yegneswaran, MarIn Fong, Guofei Gu, and Mabry Tyson SUCCESS LAB, Texas A&M and SRI Interna7onal
Future of DDoS Attacks Mitigation in Software Defined Networks
Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizváry, Jan Vykopal Institute of Computer Science, Masaryk University, Brno, Czech Republic {vizvary vykopal}@ics.muni.cz Abstract.
Vulnerabilities and Opportunities in SDN, NFV, and NGSON
Vulnerabilities and Opportunities in SDN, NFV, and NGSON IEEE CQR 2014 International Workshop Emerging Technology Reliability Roundtable Tucson, Arizona, USA May 12, 2014 Mehmet Ulema Manhattan College,
ETSI NFV ISG DIRECTION & PRIORITIES
ETSI NFV ISG DIRECTION & PRIORITIES San Jose, May 6th 2015 Steven Wright (AT&T), Chair ETSI NFV ISG 1 ETSI 2012. All rights reserved NFV: The Equipment Market TransformaJon Classical Network Appliance
Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers?
Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers? Gianfranco Nencioni Dipartimento di Ingegneria dell Informazione Università di Pisa Mini-seminar
A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks
A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and
Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012
Software Defined Networking - a new approach to network design and operation Paul Horrocks Pre-Sales Strategist 8 th November 2012 Agenda What is Software Defined Networking What is the value of Software
Trusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015
Trusting SDN Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015 Who I am 18 years experience in Cryptography, Computer and Network Security Currently work at Trust Mechanisms,
STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
Wireless & Mobile. Working Group
Wireless & Mobile Working Group Table of Contents 1 Executive Summary... 3 2 Mission & Motivation... 3 3 Scope... 3 4 Goals & Non-Goals... 4 5 Deliverables... 5 6 Milestones... 6 7 Example Use Cases Summaries...
LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks
LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks 1 Nokia Siemens Networks New evolved Networks - new security needs Walled Garden Transport & Protocols
SDN Architecture and Service Trend
2013 SDN 高 峰 論 壇 SDN Architecture and Service Trend Dr. Yu-Huang Chu Broadband Network Lab Chunghwa Telecom Co., Ltd., Taiwan 10/09/13 1 Outlines SDN & NFV introduction Network Architecture Trend SDN Services
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
Cloud Computing Security: What Changes with Software-Defined Networking?
Cloud Computing Security: What Changes with Software-Defined Networking? José Fortes Center for Cloud and Autonomic Computing Advanced Computing and Information Systems Lab ARO Workshop on Cloud Security
Conference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING
Conference THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF Smart Future Networks www.internet-of-things.no EVERYTHING Patrick Waldemar Vice President Telenor Research and Future
Security improvement in IoT based on Software Defined Networking (SDN)
Security improvement in IoT based on Software Defined Networking (SDN) Vandana C.P Assistant Professor, New Horizon College of Engineering Abstract With the evolving Internet of Things (IoT) technology,
LTE - Can SDN paradigm be applied?
LTE - Can SDN paradigm be applied? Source of this presentation: Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton
Software Defined Networking Hva kan du starte med i dag? Geir Åge Leirvik HP Networking
Software Defined Networking Hva kan du starte med i dag? Geir Åge Leirvik HP Networking Agenda App Store keeping it simple HP apps: Protector Optimizer Lync Partners apps: BlueCat DNS KEMP Community apps:
Network Functions Virtualization (NFV) for Next Generation Networks (NGN)
P a g e 1 Network Functions Virtualization (NFV) for Next Generation Networks (NGN) Summary Network Functions Virtualization (NFV) has drawn industry attention. Network Virtualization aims to transform
How To Design A Secure, Robust, And Resilient Network Control System (Network) Controller
Design and deployment of secure, robust, and resilient SDN Controllers SDNRG @ IETF 93 Wednesday, 22 July 2015 Sandra Scott-Hayward [email protected] Centre for Secure Information Technologies
SDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges
NFV Management and Orchestration: Enabling Rapid Service Innovation in the Era of Virtualization
White Paper NFV Management and Orchestration: Enabling Rapid Service Innovation in the Era of Virtualization NFV Orchestration Overview Network Function Virtualization (NFV) technology, in combination
OpenFlow, Network Function Virtualisation, Virtualised Network Function, Network Virtualisation, IEEE 802.1X, Authentication and Authorization.
Deploying a virtual network function over a software defined network infrastructure: experiences deploying an access control VNF in the University of Basque Country s OpenFlow enabled facility Eduardo
Towards Software Defined Cellular Networks
Towards Software Defined Cellular Networks Li Erran Li (Bell Labs, Alcatel-Lucent) Morley Mao (University of Michigan) Jennifer Rexford (Princeton University) 1 Outline Critiques of LTE Architecture CellSDN
HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer
HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN
CDN/CLOUD/SDN/NFV FOR MULTIMEDIA SERVICES
CDN/CLOUD/SDN/NFV FOR MULTIMEDIA SERVICES Nakjung Choi, Technical Director, Bell Labs Seoul KRnet 2014, June 24 th, 2014 CONTENT Background on CDN/Cloud/SDN/NFV Video Delivery in the Existing Infrastructure
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera [email protected]. VERSION May, 2015
Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera [email protected] VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?
Using SDN-OpenFlow for High-level Services
Using SDN-OpenFlow for High-level Services Nabil Damouny Sr. Director, Strategic Marketing Netronome Vice Chair, Marketing Education, ONF [email protected] Open Server Summit, Networking Applications
Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University
Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Transition to NFV Cost of deploying network functions: Operating expense
SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013
SDN Security Considerations in the Data Center ONF Solution Brief October 8, 2013 Table of Contents 2 Executive Summary 3 SDN Overview 4 Network Security Challenges 6 The Implications of SDN on Network
Leveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
Network Virtualization Mist to MUST
Network Virtualization Mist to MUST Ching-Wen Cheng ITRI ICL M100 2015.03.07 Motivation and background (ITU-T T Aspect) Objectives and motivation FNs are recommended to provide services whose functions
Secure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
The following normative disclaimer shall be included on the front page of a PoC report:
Annex B (normative): NFV ISG PoC #28 Report The following normative disclaimer shall be included on the front page of a PoC report: Submission of this NFV ISG PoC Report as a contribution to the NFV ISG
SOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
48 0890-8044/15/$25.00 2015 IEEE
An Extended SDN Architecture for Network Function Virtualization with a Case Study on Intrusion Prevention Ying-Dar Lin, Po-Ching Lin, Chih-Hung Yeh, Yao-Chun Wang, and Yuan-Cheng Lai Abstract In conventional
Software Defined Networking
Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:
5G Backhauling_. Luis M. Contreras GCTO Unit, Transport, Telefónica 05.11.2015
5G Backhauling_ Luis M. Contreras GCTO Unit, Transport, Telefónica 05.11.2015 NGMN Whitepaper 5G System Architecture 5G System Requirements and Architecture Performance 1000x higher mobile data volumes
Lecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
Applying Software Defined Networks and Virtualization Concepts for Next Generation Mobile Broadband Networks
BROADBAND UKRAINE: 12th June 2013, Kiev, Ukraine FOKUS Center for Next Generation Network Infrastructures (NGNI) Applying Software Defined Networks and Virtualization Concepts for Next Generation Mobile
Supporting mobility in the RAN cloud
Supporting mobility in the RAN cloud Michael Fitch BT 23 rd October 2012 Cloud basics On-Demand Self-Service A consumer can provision computing capabilities, such as server time and network storage, automatically
SDN/Virtualization and Cloud Computing
SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer
Qualifying SDN/OpenFlow Enabled Networks
Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled
Brocade SDN/OpenFlow. Norival Figueira Office of the CTO. January 9, 2015 2014/2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED.
Brocade SDN/OpenFlow Norival Figueira Office of the CTO January 9, 2015 2014/2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED. 1 Legal Disclaimer All or some of the products detailed in this
Virtualization techniques for redesigning mobile backhaul networks: challenges and issues. Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA
Virtualization techniques for redesigning mobile backhaul networks: challenges and issues Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA MobiArch 2015 September 7, 2015 Outline 1 2 3 Introduction Convergent
Embracing Transport SDN for Open Networking Architectures
Embracing Transport SDN for Open Networking Architectures Yabin YE [email protected] HUAWEI TECHNOLOGIES CO., LTD. Agenda Move Towards SDN Transport SDN Use Cases Examples of Transport SDN 2 ONF Definition
Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre
Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for
Testing Challenges for Modern Networks Built Using SDN and OpenFlow
Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: [email protected] www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 [email protected]
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
OpenFlow-enabled SDN and Network Functions Virtualization. ONF Solution Brief February 17, 2014
OpenFlow-enabled SDN and Functions Virtualization ONF Solution Brief February 17, 2014 Table of Contents 2 Executive Summary 3 SDN Overview 4 Introduction to NFV 5 NFV Challenges 6 NFV/SDN Example Use
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits
White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com
SDN 101: An Introduction to Software Defined Networking citrix.com Over the last year, the hottest topics in networking have been software defined networking (SDN) and Network ization (NV). There is, however,
Software Defined Networks Virtualized networks & SDN
Software Defined Networks Virtualized networks & SDN Tony Smith Solution Architect HPN 2 What is Software Defined Networking Switch/Router MANAGEMENTPLANE Responsible for managing the device (CLI) CONTROLPLANE
Cisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
A Fuzzy Logic-Based Information Security Management for Software-Defined Networks
A Fuzzy Logic-Based Information Security Management for Software-Defined Networks Sergei Dotcenko *, Andrei Vladyko *, Ivan Letenko * * The Bonch-Bruevich Saint-Petersburg State University of Telecommunications,
Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments
Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks Moreno Ambrosin, Mauro Conti, Fabio De Gaspari, University of Padua, Italy {surname}@math.unipd.it
Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
Software Defined Networking for Security Enhancement in Wireless Mobile Networks
1 Software Defined Networking for Security Enhancement in Wireless Mobile Networks Aaron Yi Ding, Jon Crowcroft, Sasu Tarkoma, Hannu Flinck University of Helsinki University of Cambridge Nokia Solutions
Security MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved.
Security MWC 2014 2013 Nokia Solutions and Networks. All rights reserved. Security Ecosystem overview Partners Network security demo + End-user security demo + + + + NSN end-to-end security solutions for
Whitepaper. 10 Metrics to Monitor in the LTE Network. www.sevone.com blog.sevone.com [email protected]
10 Metrics to Monitor in the LTE Network The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert serviceimpacting events. In addition, the
Programmable Management Framework for Evolved SDN
Programmable Management Framework for Evolved SDN Sławomir Kukliński! Orange Polska and Warsaw University of Technology! Warsaw, Poland!!!! Kraków, May 9, 2014 Problem statement!! What (is) should be the
Software Defined Networking and the design of OpenFlow switches
Software Defined Networking and the design of OpenFlow switches Paolo Giaccone Notes for the class on Packet Switch Architectures Politecnico di Torino December 2015 Outline 1 Introduction to SDN 2 OpenFlow
JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
The Role of Virtual Routers In Carrier Networks
The Role of Virtual Routers In Carrier Networks Sterling d Perrin Senior Analyst, Heavy Reading Agenda Definitions of SDN and NFV Benefits of SDN and NFV Challenges and Inhibitors Some Use Cases Some Industry
Mock RFI for Enterprise SDN Solutions
Mock RFI for Enterprise SDN Solutions Written By Sponsored By Table of Contents Background and Intended Use... 3 Introduction... 3 Definitions and Terminology... 7 The Solution Architecture... 10 The SDN
SDN PARTNER INTEGRATION: SANDVINE
SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
Improving Network Management with Software Defined Networking
Improving Network Management with Software Defined Networking Hyojoon Kim and Nick Feamster, Georgia Institute of Technology 2013 IEEE Communications Magazine Presented by 101062505 林 瑋 琮 Outline 1. Introduction
Towards Autonomic DDoS Mitigation using Software Defined Networking
Towards Autonomic DDoS Mitigation using Software Defined Networking Authors: Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Hervé Debar NDSS Workshop on Security of Emerging Networking Technologies (SENT
TO PACKET CORE. EVOLving THE PACKET CORE TO An NFV/sdN ARCHITECTURE
The JOURNEY TO PACKET CORE Virtualization EVOLving THE PACKET CORE TO An NFV/sdN ARCHITECTURE TechNOLOGY White Paper In their efforts to become more competitive, mobile network operators (MNOs) have begun
CS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks
Intel Network Builders Solution Brief Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks Overview Wireless networks built using small cell base stations are enabling mobile network
A Study on Software Defined Networking
A Study on Software Defined Networking Yogita Shivaji Hande, M. Akkalakshmi Research Scholar, Dept. of Information Technology, Gitam University, Hyderabad, India Professor, Dept. of Information Technology,
Mobile Devices Security: Evolving Threat Profile of Mobile Networks
Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications
The promise of SDN. EU Future Internet Assembly March 18, 2014. Yanick Pouffary Chief Technologist HP Network Services
The promise of SDN EU Future Internet Assembly March 18, 2014 Yanick Pouffary Chief Technologist HP Network Services Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein
Virtualization techniques for network functions. Fabrice Guillemin, Orange Labs, OLN/CNC/NCA September 14, 2015
Virtualization techniques for network functions Fabrice Guillemin, Orange Labs, OLN/CNC/NCA September 14, 2015 Introduction Network functions are today hosted by dedicated hardware, typically high performance
Introduction to Software Defined Networking
Introduction to Software Defined Networking Introduction to SDN Ahmed Maged MENOG 15 Dubai April 2015 @amaged [email protected] Agenda What is SDN and What it is not SDN Trends Getting Ready for SDN 2
NFV ISG PoC Proposal VNF Router Performance with DDoS Functionality
NFV ISG PoC Proposal VNF Router Performance with DDoS Functionality 1. NFV ISG PoC Proposal 1.1 PoC Team Members Include additional manufacturers, operators or labs should additional roles apply. PoC Project
Virtual Application Networks Innovations Advance Software-defined Network Leadership
Virtual Application Networks Innovations Advance Software-defined Network Leadership Simplifying, Scaling and Automating the Network Bethany Mayer Senior Vice President and General Manager HP Networking
Blue Planet. Introduction. Blue Planet Components. Benefits
Blue Planet Introduction Cyan Blue Planet is the first Software- Defined Network (SDN) and Network Function Virtualization (NFV) platform purpose- built for service providers and the wide area network.
Securing the Interconnect Signaling Network Security
Securing the Interconnect Signaling Network Security Travis Russell Director, Cyber Security, Service Provider Networks Oracle Communications August, 2015 Current security landscape Much attention has
Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain
SESSION ID: ANF-T08 Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain Sean Doherty VP Technology Partnerships and Alliances Symantec @SeandDInfo Deb Banerjee Chief Architect,
LTE Overview October 6, 2011
LTE Overview October 6, 2011 Robert Barringer Enterprise Architect AT&T Proprietary (Internal Use Only) Not for use or disclosure outside the AT&T companies except under written agreement LTE Long Term
Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
Five Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
Accurate Anomaly Detection using Adaptive Monitoring and Fast Switching in SDN
I.J. Information Technology and Computer Science, 2015, 11, 34-42 Published Online October 2015 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijitcs.2015.11.05 Accurate Anomaly Detection using Adaptive
Top virtualization security risks and how to prevent them
E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced
