You can keep your firewall (if you want to) Practical, simple and cost saving applications of OpenDaylight you can implement today
|
|
- Junior Jasper McGee
- 8 years ago
- Views:
Transcription
1 You can keep your firewall (if you want to) Practical, simple and cost saving applications of OpenDaylight you can implement today John Sobanski, Engineer, Solers Inc. July #OpenSDN
2 What You Will Learn today (By Demonstration) 10,000 Foot Views of Software Defined Networking (SDN), OpenDaylight (ODL) and Service Function Chains (SFC) Solve real world data center problems with ODL RESTCONF API ODL Service Function Chaining Feel free to contact me for any details I don't cover here jsobanski@solers.com 2
3 Top three emerging technologies of the decade? My take Big Data DevOps Software Defined Networks Any Others? 3
4 Is SDN Hype? Big Data and DevOps have clear applications and use cases but Software Defined Networks appears to be a solution in search of a problem. Most SDN activity is focused in Academia or dedicated Network Function Virtualization (NFV) shops... not relevant to us. "SDN/ NFV only applies to Greenfield Architectures." These slides will prove these opinions wrong 4
5 Who cares about networks? Answer: You Do! Network latency and/ or loss breaks services. 5
6 Latency and Loss doesn t apply to my Data Center Latency and Loss? I've got dozens of 10GbE ports!!! Layer 2: Spanning tree protocol Blocks all but one path to prevent loops (Enable LACP/ LAG) Layer 3: Shortest path first Sends all traffic through a congested "one hop" path over a wide open "two hop" path (Try Traffic Engineering) Layer 4: Default TCP buffers Small buffers mean more round trips. Latency throttles throughput. (Tune the buffer) You need to care about the network! 6
7 What are Network Services? Familiar Network Services Load Balancing Firewall Deep Packet Inspection (DPI) Access Control Lists Parental Control Other Network Services "Global State" (Routing) Broadcast Domain Scoping (VLAN) Resource Signaling Prioritization and Preemption Multicast N-Cast 7
8 10,000 Foot Overview 10,000 Foot view of SDN At any give time, use a centralized controller to move data through your network equipment as you see fit Doesn't seem like a big deal to non-network types but this is incredibly powerful! 10,000 Foot view of OpenDaylight Allows you to install network services as "Apps" Provides a single REST API to configure heterogeneous hardware This is a no brainer for developers but is HUGE for network engineers 10,000 Foot view of Service Function Chains Service Overlay Divorce Network Services From Topology For more detail see:
9 A Little More Detail: SDN Layers Top Layer Northbound Network Apps & Orchestration Business logic to monitor and control network behavior Thread services together Middle Layer Controller Platform Exposes "Northbound" APIs to the Application layer Lower Layer Southbound Command and control of hardware Network Devices (Physical or Virtual) Switches, Routers, Firewalls etc. 9
10 A Little More Detail: OpenDaylight OpenDaylight Open source project Modular/ Pluggable and flexible controller platform Java Virtual Machine (JVM) Dynamically Pluggable Modules for Network Tasks OSGi framework (local applications)/ bidirectional REST (local or remote) for the northbound API Network Apps House business logic and algorithms Gather network intelligence from the controler Run algorithms to perform analytics Orchestrate new rules (if any) via controller Southbound OpenFlow 1.3, OVSDB, SNMP, CLI Service Abstraction Layer links Northbound to Southbound 10
11 A Little More Detail: ODL 11
12 A Little More Detail: SFC SFC enables a service topology Overlay built on top of existing network topology Use any overlay or underlay technology to create service paths VLAN, ECMP, GRE, VXLAN, etc. SFC provides resources for consumption Service Topology connects those resources Quickly/ Easily add new service functions Requires no underlying network changes 12
13 One Caveat Before we begin WARNING: Software Defined Networking is incredibly powerful! You must protect your Southbound interfaces with the same regard as a firewall or any root privileges ODL accommodates TLS for Southbound interfaces The security, identity and bureaucratic planes are orthogonal to the technology plane we discuss here We do not discuss security, identity or policy but you must consider them when architecting your ODL solution 13
14 One more Caveat WARNING: If you are not a hands-on network engineer, this presentation may "spoil" you. To provide the following two OPSCON using legacy protocols may be impossible and at the very least requires intense, disciplined, meticulous network engineering. 14
15 DPI Bypass Approach #1: RESTCONF API 15
16 OPSCON #1: Deep Packet Inspection Bypass This scenario investigates how to reduce latency You have a data center that performs deep packet inspection (DPI) for inter-network flows DPI injects latency into the end to end (E2E) flow and increases Round Trip Time (RTT) Reminder: Network latency and loss breaks services! 16
17 Topology Network gateways in Firewall/ DPI appliance VLAN steer (bent pipe) traffic through DPI (via gateways) for inter-network flows Can we create logic to DPI only once? 17
18 One Approach Put logic (i.e. rules) in the DPI appliance to bypass certain flows This, however consumes resources and can saturate the backplane Put logic here? 18
19 Better Approach Use the OpenDaylight controller and put logic in the switch! Put logic here! 19
20 OPSCON #1 Detailed Topology 20
21 DPI Bypass Demo Approach #1: RESTCONF API Note: This section will be a live demonstration 21
22 Step 1: Start ODL Platform via Client Platform includes controller Install Network Apps via command line 22
23 Validate Topology Connect to controller and pingall 23
24 ODL Shows the Layer 2 Interfaces 24
25 Baseline: Two DPI = Severe Latency Ping from Client (h1) to Server (h3) shows 40+ ms latency mininet> h1 ping h3 PING ( ) 56(84) bytes of data. 64 bytes from : icmp_seq=1 ttl=62 time=42.1 ms 64 bytes from : icmp_seq=2 ttl=62 time=41.3 ms 64 bytes from : icmp_seq=3 ttl=62 time=41.1 ms ^C ping statistics packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = /41.546/42.143/0.465 ms 25
26 Baseline: End to End (E2E) Path Traceroute shows a path through the two DPI gateways, as expected mininet> h1 traceroute -n h3 traceroute to ( ), 30 hops max, 60 byte packets ms ms ms ms ms ms 3 * * ms mininet> 26
27 Configure Switch via ODL Platform REST API 27
28 Configure Switch via ODL Platform REST API Use these headers: Accept: application/xml Authorization: Basic YWRtaW46YWRtaW4= Then post the following flows (next slide) to Switch 2's table zero: PUT flow with ID 202 to PUT flow with ID 303 to 28
29 RESTCONF Flows (XML) 29
30 The Switch Accepts the Flows $ sudo ovs-ofctl -O OpenFlow13 dump-flows s2 cookie=0x0, duration= s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst= actions=set_field:f6:2f:25:06:ab:27- >eth_dst,output:4 cookie=0x1, duration=33.552s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst= actions=set_field:f2:3e:8d:a4:71:07- >eth_dst,output:5 30
31 Latency Reduced Ping now shows that the second, slow DPI is no longer in the path: mininet> h1 ping h3 PING ( ) 56(84) bytes of data. 64 bytes from : icmp_seq=1 ttl=63 time=21.3 ms 64 bytes from : icmp_seq=2 ttl=63 time=20.9 ms 64 bytes from : icmp_seq=3 ttl=63 time=20.7 ms ^C ping statistics packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = /20.983/21.320/0.252 ms 31
32 Latency Reduced Traceroute Confirms that the flow bypasses the second DPI mininet> h1 traceroute -n h3 traceroute to ( ), 30 hops max, 60 byte packets ms ms ms ms ms * 32
33 DPI Bypass Demo Approach #2: ODL SFC 33
34 A Little More Detail: ODL ODL Provides a Northbound SFC App 34
35 SFC Approach: Create a Service Overlay 1 1. Register Firewalls in service pool Service Functions 2. Configure switches to forward packets based on controller logic Service Function Forwarders 3. Configure SFC Logic Next Slide 2 3 #ODSummit
36 SFC Workflow (Highly Abstracted!) Register (Previous Slide) Service Functions (Appliances) -- AKA Network Services Service Function Forwarders (ODL SFC Controlled Switches) Create Service Function Chains Chain of Network Services I.e. First Firewall, then Apply Parental Control, then Virus Scan etc. Create Service Function Paths and Rendered Service Paths Selects path through actual appliance (SF) instances e.g. RSP-1 = Firewall-1, Parental-Control-1, Virus-Scan-1 RSP-7 = Firewall-3, Patental-Control-1, Virus-Scan-2 Create Classifier Apply SFC to flows #ODSummit
37 DPI Bypass Demo Approach #2: ODL SFC Note: This will be a live demo Based on: by Brady Johnson and Ricardo Noriega at Ericsson.com 37
38 Baseline No Flows in Switch, No Objects in GUI #ODSummit
39 Configure via REST API Add SF, SFF, SFC, SFP and RSP GUI Populated Controller then injects logic into SFF via flows $ sudo ovs-ofctl dump-flows sff1 -OOpenFlow13 #ODSummit
40 Test 1: Configure Classifier to Use RSP-1 tcpdump shows WGET goes through both service functions Total time: seconds SFF-1 Traffic SFF-2 Traffic #ODSummit
41 Test 2: Configure Classifier to Use RSP-3 tcpdump shows WGET goes through only one service functions Total time: seconds SFF-1: No Traffic SFF-2 Traffic #ODSummit
42 Backup Slides #ODSummit
43 OPSCON #2: Egress Bypass #ODSummit
44 OPSCON #2: Bypass DPI on Egress Scenario: You have a product distribution system where Egress throughput >> Ingress throughput. You perform Deep Packet Inspection on flows between External (EXT) hosts and your Demilitarized Zone (DMZ) Proxies. 44
45 Topology You implement a DPI "router on a stick," to ensure Inter-network communications pass through the DPI. A switch bent pipes the traffic at layer 2 45
46 Scenario The Egress traffic will increase past the capacity of the DPI appliance You realize that there are cheaper methods of securing your egress flows then upgrading to a bigger DPI appliance 46
47 Egress Security With egress flows you want to ensure that return/ ACK traffic does not include exploits and that egress flows do not facilitate zombies or phone home exploits. Some ideas: Ensure only approved ports Access Control Lists iptables Host firewalls Mitigate against malicious code over approved ports: HIDS on Servers Uni-directional bulk data push with Error Detection and Correction over one way fiber TLS with x509 certs 47
48 Trade Solutions END GOAL: You want to have DPI inspection on ingress flows, but not egress, since the other security measures will cover the egress flows. One approach is to put logic on your DPI appliance to say "don't scan egress flows," but that wastes capacity/ resources and could saturate the backplane An approach with legacy Network protocols is very difficult to implement and results in asymmetric routes (will break things) Using OpenDaylight, we have a simple solution that only requires matches/ actions on six (6) flows 48
49 The Goal When EXT initiates, pass through DPI When DMZ initiates: Bypass DPI on PUT (Egress) Scan on GET (Ingress) 49
50 Detailed Diagram 1. ACL 2. Scan all EXT DMZ 3. Bypass DMZ PUT 4. Scan DMZ GET 50
51 OpenFlow Logic 1. ACL only allows permitted flows 2. For Ingress ( EXT-> DMZ ) flows, allow normal path to virus scan via gateway 3. For Egress ( DMZ -> EXT ) PUT flows, intercept packet 1. Change destination MAC from Gateway to EXT 2. Change destination Port from Gateway to EXT 3. Decrement TTL by one 4. For Egress (DMZ -> EXT) GET flows (Treat as ingress) 1. DMZ uses dummy IP for EXT server 2. Switch intercepts packet 3. Switch changes source IP to dummy DMZ address 4. Switch changes dest IP to correct EXT IP 5. Packet continues on its way to gateway 6. Reverse logic for return traffic 51
52 OPSCON #2 Topology 52
53 OPSCON #2 Note: This will be a real time demo 53
54 Setup As before, start ODL, connect switch to controller and pingall 54
55 ODL Shows Connected L2 Interfaces 55
56 Baseline: Push a file from DMZ to EXT mininet> dmz curl --upload-file test.txt EXT Server Shows Successful PUT [10/Jul/ :50:22] "PUT /test.txt HTTP/1.1" TCPDUMP on firewall shows egress scan traffic (as expected) 56
57 Install the Flows via RESTCONF API Either via POSTMAN or CURL curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data -u admin:admin 2>&1 grep HTTP/1.1 57
58 DMZ PUT a file to EXT mininet> dmz curl --upload-file test.txt The EXT server shows this second, successful put [10/Jul/ :50:22] "PUT /test.txt HTTP/1.1" [10/Jul/ :53:05] "PUT /test.txt HTTP/1.1" The firewall TCPDUMP, however does not show additional traffic! 58
59 Plumb Statistics via API You can see a Match on the flow through the REST API: 59
60 Test DMZ to EXT GET (Ingress) Use a Dummy IP to trigger a flow match. The egress port of the switch will NAT it back to the real destination IP. We see instant feedback on the Mininet Console 60
61 EXT Server Shows Successful Get [10/Jul/ :50:22] "PUT /test.txt HTTP/1.1" [10/Jul/ :53:05] "PUT /test.txt HTTP/1.1" [10/Jul/ :01:27] "GET / HTTP/1.1" Note Dummy IP 61
62 FW TCPDUMP Shows DMZ to EXT GET Scan 62
63 Verify All EXT DMZ Traffic Scan Do PUT and GET 63
64 DMZ Server Log Shows Success for Both 64
65 TCPDUMP: All EXT to DMZ traffic scanned 65
66 Thank You #ODSummit
Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat
Software Defined Networking (SDN) OpenFlow and OpenStack Vivek Dasgupta Principal Software Maintenance Engineer Red Hat CONTENTS Introduction SDN and components SDN Architecture, Components SDN Controller
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationPolicy Based Forwarding
Policy Based Forwarding Tech Note PAN-OS 4.1 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Security... 3 Performance... 3 Symmetric Routing... 3 Service Versus
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationAn Introduction to Software-Defined Networking (SDN) Zhang Fu
An Introduction to Software-Defined Networking (SDN) Zhang Fu Roadmap Reviewing traditional networking Examples for motivating SDN Enabling networking as developing softwares SDN architecture SDN components
More informationVM-Series Firewall Deployment Tech Note PAN-OS 5.0
VM-Series Firewall Deployment Tech Note PAN-OS 5.0 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Supported Topologies... 3 Prerequisites... 4 Licensing... 5
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationProject 4: SDNs Due: 11:59 PM, Dec 11, 2014
CS168 Computer Networks Fonseca Project 4: SDNs Due: 11:59 PM, Dec 11, 2014 Contents 1 Introduction 1 2 Overview 2 2.1 Components......................................... 2 3 Setup 3 4 Shortest-path Switching
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationH3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5)
H3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5) Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted
More informationSDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network
SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability
More informationTCP Labs. WACREN Network Monitoring and Measurement Workshop Antoine Delvaux a.delvaux@man.poznan.pl perfsonar developer 30.09.
TCP Labs WACREN Network Monitoring and Measurement Workshop Antoine Delvaux a.delvaux@man.poznan.pl perfsonar developer 30.09.2015 Hands-on session We ll explore practical aspects of TCP Checking the effect
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationBROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE
BROADCOM SDN SOLUTIONS OF-DPA (OPENFLOW DATA PLANE ABSTRACTION) SOFTWARE Network Switch Business Unit Infrastructure and Networking Group 1 TOPICS SDN Principles Open Switch Options Introducing OF-DPA
More informationData Center Infrastructure of the future. Alexei Agueev, Systems Engineer
Data Center Infrastructure of the future Alexei Agueev, Systems Engineer Traditional DC Architecture Limitations Legacy 3 Tier DC Model Layer 2 Layer 2 Domain Layer 2 Layer 2 Domain Oversubscription Ports
More informationQualifying SDN/OpenFlow Enabled Networks
Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationEthernet-based Software Defined Network (SDN)
Ethernet-based Software Defined Network (SDN) Tzi-cker Chiueh Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 Cloud Data Center Architecture Physical Server
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationhttp://tinyurl.com/nanog57-roster http://tinyurl.com/nanog57-slides
Sign-in here: http://tinyurl.com/nanog57-roster Workshop Slides: http://tinyurl.com/nanog57-slides copyright Indiana University Openflow 90 minutes Indiana Center for Network Translational Research and
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationHow To Orchestrate The Clouddusing Network With Andn
ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -
More informationTRILL for Data Center Networks
24.05.13 TRILL for Data Center Networks www.huawei.com enterprise.huawei.com Davis Wu Deputy Director of Switzerland Enterprise Group E-mail: wuhuajun@huawei.com Tel: 0041-798658759 Agenda 1 TRILL Overview
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationThe following normative disclaimer shall be included on the front page of a PoC report:
Annex B (normative): NFV ISG PoC #28 Report The following normative disclaimer shall be included on the front page of a PoC report: Submission of this NFV ISG PoC Report as a contribution to the NFV ISG
More informationWHITE PAPER. Network Virtualization: A Data Plane Perspective
WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationCarrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable
Brocade Flow Optimizer Making SDN Consumable Business And IT Are Changing Like Never Before Changes in Application Type, Delivery and Consumption Public/Hybrid Cloud SaaS/PaaS Storage Users/ Machines Device
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More information2015 Spring Technical Forum Proceedings
Virtualizing the Home Network Michael Kloberdans CableLabs Abstract One of the areas of focus in the Cable industry has been a virtualized home network. This paper proposes a road map with an analysis
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationOverlay networking with OpenStack Neutron in Public Cloud environment. Trex Workshop 2015
Overlay networking with OpenStack Neutron in Public Cloud environment Trex Workshop 2015 About Presenter Anton Aksola (aakso@twitter,ircnet,github) Network Architect @Nebula Oy, started in 2005 Currently
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationSoftware-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe
Software-Defined Networking for the Data Center Dr. Peer Hasselmeyer NEC Laboratories Europe NW Technology Can t Cope with Current Needs We still use old technology... but we just pimp it To make it suitable
More informationUsing SDN-OpenFlow for High-level Services
Using SDN-OpenFlow for High-level Services Nabil Damouny Sr. Director, Strategic Marketing Netronome Vice Chair, Marketing Education, ONF ndamouny@netronome.com Open Server Summit, Networking Applications
More informationSoftware Defined Networking
Software Defined Networking Dr. Nick Feamster Associate Professor In this course, you will learn about software defined networking and how it is changing the way communications networks are managed, maintained,
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationConfiguring the Transparent or Routed Firewall
5 CHAPTER This chapter describes how to set the firewall mode to routed or transparent, as well as how the firewall works in each firewall mode. This chapter also includes information about customizing
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationCCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network
CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network Olga Torstensson SWITCHv6 1 Components of High Availability Redundancy Technology (including hardware and software features)
More informationTrusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015
Trusting SDN Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015 Who I am 18 years experience in Cryptography, Computer and Network Security Currently work at Trust Mechanisms,
More informationNetwork Virtualization for Large-Scale Data Centers
Network Virtualization for Large-Scale Data Centers Tatsuhiro Ando Osamu Shimokuni Katsuhito Asano The growing use of cloud technology by large enterprises to support their business continuity planning
More informationOutline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering
Institute of Computer and Communication Network Engineering Institute of Computer and Communication Network Engineering Communication Networks Software Defined Networking (SDN) Prof. Dr. Admela Jukan Dr.
More informationSet Up a VM-Series Firewall on an ESXi Server
Set Up a VM-Series Firewall on an ESXi Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara,
More informationAdditional Information: A link to the conference website is available at: http://www.curtin.edu.my/cutse2008/index.html
Citation: Veeramani, S. and Gopal, Lenin. 2008. Network monitoring tool, in Curtin University of Technology (ed), Curtin University of Technology Science and Engineering International Conference CUTSE
More informationDEMYSTIFYING ROUTING SERVICES IN SOFTWAREDEFINED NETWORKING
DEMYSTIFYING ROUTING SERVICES IN STWAREDEFINED NETWORKING GAUTAM KHETRAPAL Engineering Project Manager, Aricent SAURABH KUMAR SHARMA Principal Systems Engineer, Technology, Aricent DEMYSTIFYING ROUTING
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationSimplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015
Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?
More informationDefining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014
Defining SDN Overview of SDN Terminology & Concepts Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014 2013 Cisco and/or its affiliates. All rights reserved. 2 2013 Cisco and/or its affiliates.
More informationHAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer
HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN
More informationSoftware Defined Networking (SDN) - Open Flow
Software Defined Networking (SDN) - Open Flow Introduction Current Internet: egalitarian routing/delivery based on destination address, best effort. Future Internet: criteria based traffic management,
More informationSimplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014
Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow
More informationService Delivery Automation in IPv6 Networks
Service Delivery Automation in IPv6 Networks C. Jacquenet christian.jacquenet@orange.com Slide 1 Outline Rationale Beyond the SDN hype: a true need for automation Global framework From service negotiation
More informationFirewalls, NAT and Intrusion Detection and Prevention Systems (IDS)
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
More informationTEIN2 Measurement and Monitoring Workshop. Bruce.Morgan@aarnet.edu.au
TEIN2 Measurement and Monitoring Workshop Bruce.Morgan@aarnet.edu.au Introduction Agenda TEIN2 Topology Network Monitoring Network Measurement Day 1 Session I: Introduction 09:00-09:30 Introduction to
More informationTRILL Large Layer 2 Network Solution
TRILL Large Layer 2 Network Solution Contents 1 Network Architecture Requirements of Data Centers in the Cloud Computing Era... 3 2 TRILL Characteristics... 5 3 Huawei TRILL-based Large Layer 2 Network
More informationInternet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationFWSM introduction Intro 5/1
Intro 5/0 Content: FWSM introduction Requirements for FWSM 3.2 How the Firewall Services Module Works with the Switch Using the MSFC Firewall Mode Overview Stateful Inspection Overview Security Context
More informationSoftware Defined Networking
Software Defined Networking Richard T. B. Ma School of Computing National University of Singapore Material from: Scott Shenker (UC Berkeley), Nick McKeown (Stanford), Jennifer Rexford (Princeton) CS 4226:
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationGregSowell.com. Mikrotik Basics
Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied
More informationSDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków
SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his
More informationWedge Networks: Transparent Service Insertion in SDNs Using OpenFlow
Wedge Networks: EXECUTIVE SUMMARY In this paper, we will describe a novel way to insert Wedge Network s multiple content security services (such as Anti-Virus, Anti-Spam, Web Filtering, Data Loss Prevention,
More informationODL: Service Function Chaining
ODL: Service Function Chaining Reinaldo Penno (repenno@cisco.com)! Paul Quinn (paulq@cisco.com)! #ODSummit 1 Agenda Why do we care about service function chaining? A modern architecture for service function
More informationUsing SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014
Using SouthBound APIs to build an SDN Solution Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Agenda About Midokura Drivers of SDN & Network Virtualization Adoption SDN Architectures Why OpenDaylight? Use
More informationOpenDaylight Project Proposal Dynamic Flow Management
OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table
More informationHow OpenFlow-based SDN can increase network security
How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks
More informationCisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time
Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------
More informationGetting to know OpenFlow. Nick Rutherford Mariano Vallés {nicholas,mariano}@ac.upc.edu
Getting to know OpenFlow Nick Rutherford Mariano Vallés {nicholas,mariano}@ac.upc.edu OpenFlow Switching 1. A way to run experiments in the networks we use everyday. A pragmatic compromise Allow researchers
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationUnderneath OpenStack Quantum: Software Defined Networking with Open vswitch
Underneath OpenStack Quantum: Software Defined Networking with Open vswitch Principal Software Engineer Red Hat, Inc. April 24, 2013 1 Part One Why Open vswitch? Open vswitch enables Linux to become part
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationSecuring Local Area Network with OpenFlow
Securing Local Area Network with OpenFlow Master s Thesis Presentation Fahad B. H. Chowdhury Supervisor: Professor Jukka Manner Advisor: Timo Kiravuo Department of Communications and Networking Aalto University
More informationHow To Secure Network Threads, Network Security, And The Universal Security Model
BUILDING AN UNIVERSAL NETWORK SECURITY MODEL Zahari Todorov Slavov, Valentin Panchev Hristov Department of Computer Systems and Technology, South-West University Neofit Rilski, Blagoevgrad, Bulgaria, e-mail:
More informationSOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel
SOFTWARE DEFINED NETWORKS REALITY CHECK DENOG5, Darmstadt, 14/11/2013 Carsten Michel Software Defined Networks (SDN)! Why Software Defined Networking? There s a hype in the industry!! Dispelling some myths
More information299-01 Q&A. DEMO Version
299-01 Riverbed Certified Solutions Professional Network Performance Management Q&A DEMO Version Copyright (c) 2014 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration
More informationEffective disaster recovery using Software defined networking
Effective disaster recovery using Software defined networking Thyagaraju, Mrs. Jyothi. K.S, Girish.L PG Student, Associate professor, Assistant Professor Dept of CSE, Cit, Gubbi, Tumkur Abstract In this
More informationSDN-NFV Open Source. Landscape, Scaling, Use-Cases Sharon Barkai Cofounder, ConteXtream. Santa Clara, CA USA April 2015
SDN-NFV Open Source Landscape, Scaling, Use-Cases Sharon Barkai Cofounder, ConteXtream Santa Clara, CA USA April 2015 1 Agenda SDN-NFV Open Source Landscape and Tiers SDN Open Source Tier for Scalability
More informationDatacenter Network Virtualization in Multi-Tenant Environments
Chair for Network Architectures and Services Technische Universität München Datacenter Network Virtualization in Multi-Tenant Environments 8. DFN-Forum Kommunikationstechnologien Viktor Goldberg, Leibniz-Rechenzentrum,
More informationDynamic Service Chaining for NFV/SDN
Dynamic Service Chaining for NFV/SDN Kishore Inampudi A10 Networks, Inc. Agenda Introduction NFV Reference Architecture NFV Use cases Policy Enforcement in NFV/SDN Challenges in NFV environments Policy
More informationNetwork Configuration Example
Network Configuration Example Configuring IP Monitoring on an SRX Series Device for the Branch Published: 2014-01-10 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationFlexible SDN Transport Networks With Optical Circuit Switching
Flexible SDN Transport Networks With Optical Circuit Switching Multi-Layer, Multi-Vendor, Multi-Domain SDN Transport Optimization SDN AT LIGHT SPEED TM 2015 CALIENT Technologies 1 INTRODUCTION The economic
More informationPrioritization of Important Mice Flows in a Software Defined Network (SDN Application)
Prioritization of Important Mice Flows in a Software Defined Network (SDN Application) Rajani Srivastava & Yogesh Pandey April 2015 1 Copyright 2015 Tata Consultancy Services Limited Agenda 1 Prioritization
More informationNetwork Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013
Network Virtualization and Software-defined Networking Chris Wright and Thomas Graf Red Hat June 14, 2013 Agenda Problem Statement Definitions Solutions She can't take much more of this, captain! Challenges
More informationLarge-Scale Passive Monitoring using SDN
Global Foundation Services C# DATA CENTERS NETWORK S SERVERS ENERG Y SOFTWARE SECURIT Y Large-Scale Passive Monitoring using SDN Mohan Nanduri mnanduri@microsoft.com Justin Scott juscott@microsoft.com
More informationOpen vswitch and the Intelligent Edge
Open vswitch and the Intelligent Edge Justin Pettit OpenStack 2014 Atlanta 2014 VMware Inc. All rights reserved. Hypervisor as Edge VM1 VM2 VM3 Open vswitch Hypervisor 2 An Intelligent Edge We view the
More informationSecurity Challenges & Opportunities in Software Defined Networks (SDN)
Security Challenges & Opportunities in Software Defined Networks (SDN) June 30 th, 2015 SEC2 2015 Premier atelier sur la sécurité dans les Clouds Nizar KHEIR Cyber Security Researcher Orange Labs Products
More informationRestorable Logical Topology using Cross-Layer Optimization
פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical
More informationSDN Overview for UCAR IT meeting 19-March-2014. Presenter Steven Wallace (ssw@iu.edu) Support by the GENI Program Office!
SDN Overview for UCAR IT meeting 19-March-2014 Presenter Steven Wallace (ssw@iu.edu) Support by the GENI Program Office! Patterns (here, there, everywhere) Patterns (here, there, everywhere) Today s Internet
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationConcepts and Mechanisms for Consistent Route Transitions in Software-defined Networks
Institute of Parallel and Distributed Systems Department Distributed Systems University of Stuttgart Universitätsstraße 38 D-70569 Stuttgart Studienarbeit Nr. 2408 Concepts and Mechanisms for Consistent
More informationJK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
More informationBusiness Cases for Brocade Software-Defined Networking Use Cases
Business Cases for Brocade Software-Defined Networking Use Cases Executive Summary Service providers (SP) revenue growth rates have failed to keep pace with their increased traffic growth and related expenses,
More informationSDN/OpenFlow. Dean Pemberton Andy Linton
SDN/OpenFlow Dean Pemberton Andy Linton Agenda What is SDN and Openflow? Understanding Open vswitch and RouteFlow Understanding RYU and SDN applications Simple SDN programming python vs IOS or Junos! Building
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More information