FI technologies on cloud computing and trusty networking

Similar documents
SDN Architecture and Service Trend

Open Source Network: Software-Defined Networking (SDN) and OpenFlow

Lecture 02a Cloud Computing I

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Proactively Secure Your Cloud Computing Platform

Funded in part by: NSF, Cisco, DoCoMo, DT, Ericsson, Google, Huawei, NEC, Xilinx

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Lecture 02b Cloud Computing II

Virtualization & Cloud Computing (2W-VnCC)

Limitations of Current Networking Architecture OpenFlow Architecture

<Insert Picture Here> Cloud Computing Strategy

Cloud Computing Security. Belmont Chia Data Center Solutions Architect

Chapter 11 Cloud Application Development

A Gentle Introduction to Cloud Computing

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Auto-Scaling Model for Cloud Computing System

Xperience of Programmable Network with OpenFlow

How To Orchestrate The Clouddusing Network With Andn

Cloud Models and Platforms

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

New Cloud Networking Enabled by ProgrammableFlow

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

OpenFlow: Enabling Innovation in Campus Networks

Cloud Computing Standards: Overview and ITU-T positioning

Cloud OS. Philip Meyer Partner Technology Specialist - Hosting

Emerging Technology for the Next Decade

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

<Insert Picture Here> Infrastructure as a Service (IaaS) Cloud Computing for Enterprises

From Active & Programmable Networks to.. OpenFlow & Software Defined Networks. Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S.

Network Virtualization

Data Centers and Cloud Computing

CS6204 Advanced Topics in Networking

White Paper on CLOUD COMPUTING

SDN Solutions ~SDN for Carrier Data Center~ November, 2013 NEC Corporation

<Insert Picture Here> Enterprise Cloud Computing: What, Why and How

THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING

Cisco Intercloud Fabric for Business

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

Network Security Demonstration - Snort based IDS Integration -

Software Defined Networking & Openflow

Stanford SDN-Based Private Cloud. Johan van Reijendam Stanford University

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

Cloud Courses Description

Novel Network Computing Paradigms (I)

Software Defined Networking What is it, how does it work, and what is it good for?

Stanford Clean Slate Program

OpenFlow: History and Overview. Demo of routers

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Certified Cloud Computing Professional Sample Material

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

T Mobile Cloud Computing Private Cloud & Assignment

SDN Use Cases: Leveraging Programmable Networks

Using LISP for Secure Hybrid Cloud Extension

Cloud Computing Technology

THE CHANGING FACE OF SDN. Guido Appenzeller 2014

Secure Cloud Computing with a Virtualized Network Infrastructure

Introduction to OpenStack

Software Defined Network (SDN)

Multiple Service Load-Balancing with OpenFlow

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

BRINGING NETWORKS TO THE CLOUD ERA

Architectural Implications of Cloud Computing

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Cloud Computing Architecture: A Survey


SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS. Jason Kleeh September 27, 2012

Commercial Software Licensing

Information- Centric Networks. Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics

Comparison of Several Cloud Computing Platforms

Software Defined Networking

Solution for private cloud computing

Infrastructure as a Service (IaaS)

IBM Cloud Computing for SAP IBM Corporation

White Paper on NETWORK VIRTUALIZATION

Remote Voting Conference

Architecting Security for the Private Cloud. Todd Thiemann

SDN and NFV in the WAN

OpenFlow: Load Balancing in enterprise networks using Floodlight Controller

CLOUD COMPUTING. When It's smarter to rent than to buy

SERVER 101 COMPUTE MEMORY DISK NETWORK

The Safe Harbor. 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Ch. 13 Cloud Services. Magda El Zarki Dept. of CS UC, Irvine

How To Understand Cloud Computing

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

SDN PARTNER INTEGRATION: SANDVINE

From Grid Computing to Cloud Computing & Security Issues in Cloud Computing

Cloud Courses Description

AUTOMATION. Tihomir Hrastovscak HP Software

Outline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages

Tutorial: OpenFlow in GENI

Conference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING

IBM EXAM QUESTIONS & ANSWERS

OpenFlow Technology Investigation Vendors Review on OpenFlow implementation

How To Understand Cloud Computing

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Planning, Provisioning and Deploying Enterprise Clouds with Oracle Enterprise Manager 12c Kevin Patterson, Principal Sales Consultant, Enterprise

CS244 Lecture 5 Architecture and Principles

Transcription:

FI technologies on cloud computing and trusty networking Dr. Yu-Huang Chu ( 朱 煜 煌 ) yhchu@cht.com.tw Chunghwa Telecommunication Labs. 99/8/26 1/7

Outlines Cloud Computing Introduction Future Internet Future Internet Technologies on Cloud Computing Trusty Network Inter-Cloud Standard 2

Cloud: Computing + Virtualization Computing (Hadoop) Virtualization (Microsoft VMWare KVM Xen Trend Micro) Server Server Ethernet SW L2 Ethernet (802.1Q) Ethernet SW L2 Ethernet (IEEE DCB (802.1Qbb 802.1Qaz ) FCoE) 3

3 Cloud Service Models Cloud Infrastructure as a Service (IaaS) or Cloud infrastructure services Rent and control processors, storage, data center space or network equipment (Amazon Elastic Compute Cloud (EC2), Simple Storage Service (S3)) Cloud Platform as a Service (PaaS) or Cloud platform services Rent programming languages and tools supported by the provider (e.g., java, python,.net, IBM Pangoo, Gigaspace, IBM Azure,Hadoop) Cloud Software as a Service (SaaS) Use provider s applications over a network (e.g., web-based email, CRM ERP software) To be considered cloud they must be deployed on top of cloud infrastructure (Hypervisor) 4

Service Model Architectures Cloud Infrastructure SaaS Cloud Infrastructure PaaS SaaS Cloud Infrastructure IaaS PaaS SaaS Software as a Service (SaaS) Architectures Cloud Infrastructure PaaS Cloud Infrastructure IaaS PaaS Platform as a Service (PaaS) Architectures (IBM Pangoo, Gigaspace, IBM Azure,Hadoop) Cloud Infrastructure IaaS Infrastructure as a Service (IaaS) Architectures Storage, VM (Virtual Machine) Pay by usage on demand Provision,Flexible Billing 5 5

4 Cloud Deployment Models Private cloud enterprise owned or leased Community cloud shared infrastructure for specific community Public cloud Sold to the public, mega-scale infrastructure Hybrid cloud composition of two or more clouds 6

Trend of Cloud Public Clouds Hybrid Public Cloud Evolution SaaS PaaS IaaS SaaS PaaS IaaS Private Cloud Evolution (NOW) Virtual Private Cloud App1 App2 App3 App1 App2 App3 App1 App2 App3 App1 App2 App3 Private PaaS Private PaaS Private PaaS Private IaaS Private IaaS Private IaaS Silo d Grid Private Cloud Hybrid Virtual Shared services Dynamic Standardized appliances Self-service Policy-based resource mgmt Chargeback Capacity planning Federation with public clouds Interoperability Inter-Cloud Cloud bursting 7

Core Principles/Challenges of Cloud Computing Security Scalability Availability Performance Cost-effective Acquire resources on demand Release resources when no long needed (Green) Pay for what you use (Flexible Billing) Source: Amazon CTO Werner Vogels 8

Challenges/issues of Cloud 9

Future Network vs Future Internet ITU-T, ISO: NGN -> Future Network ISO: Future Network The Network of the Future, not limited in Internet NSF, FP7: Current Internet -> Future Internet NICT: NGN -> NWGN 10

Why FN (ITU-T SG13 ) The Future Internet (Network), which is anticipated to provide futuristic functionalities beyond the limitation of the current network including Internet, is getting a global attention in the field of communication network and services. We see growing concerns about the following aspects on current network, including IP based networks: Scalability, ubiquity, security, robustness, mobility, heterogeneity, Quality of Service (QoS), reconfigurability, context-awareness, manageability, datacentric, network virtualization, economics, etc. These topics will be the requirements for Future Internet, which will meet future services and overcome the deficiencies of the current IP based network. Source: Future Internet Standardization (Eun Kyoung PAIK, KT) 2008.8 Future Internet Summer Camp 2008/ Asia Future Internet Summer School 11

Future Internet Technologies on Cloud Computing VM mobility Energy saving Network Devices Convergence Security 12

OpenFlow apply to VM mobility Stanford University demo the VM mobility using OpenFlow (SIGCOMM 2008) VM mobility: devices and VMs are allowed keep their original IP addresses, maintaining all existing connections. Ref: A demonstration of virtual machine mobility in an OpenFlow network 13

LISP LISP (Locator/ID Separation Protocol) separate node identifiers from its locators Overcome the following problems Mobility management Multi-homing Security and privacy Traffic engineering Scalable routing WAN VM mobility 14

Data Center Energy Saving Increasing utilization in data center Concentrating servers and network devices Low utilization servers can be aggregated into designated physical servers Unused servers and network devices can detach from active data center, and shut down their power supply Network (Devices) convergence OpenFlow can easily change the data path for energy saving purpose Ref: New Cloud Networking Enabled by ProgrammableFlow 15

OpenFlow apply to energy saving Data Center Network VM VM VM OpenFlow Controller Data Center Network High Utilization VM VM VM VM VM VM OpenFlow VM Low Utilization enter power saving mode shut down 16

Data Center Network Devices Convergence Diversity network devices: Firewall, SLB, Switch, etc. The function of Firewall, SLB and switch could be emulated on single OpenFlow switch Control plane of firewall, SLB and switch is moved to OpenFlow controller or Cloud Server Benefit Simplify data center network architecture Reduce data center network devices 17

Data Center Network Architecture Internet Internet FW Core Router FW FW Core Router FW SWx2 SWx2 SLB SLB SLB SW SW SLB Server Serve r. Serve r Serv er Serve r. Server Server Server. Server Server. 18

Network Device Emulation circuit switch Ethernet switch IP Router Firewall If Ether dst == X, send to port 2 If Ether dst == Z, send to port 6 If IP dst == X, send to port 2 If IP dst == Z, send to port 6 If dst port == X, send to port 2 If dst port == Z, drop If ingress port == 1, send to port 2 If ingress port == 3, send to port 6 OpenFlow Switch 19

Converged Transport Infrastructure Internet Core Router Firewall SLB Switch Controller Server Server. Server Server Server. Server software applications can reside on controller or remote server (Cloud) Switch SLB Firewall server 20

Service/Network on Demand 1. User subscribe the Cloud Service Portal 2. Cloud Service Portal summit the request and inform CRM and NOX 3. CRM provision Server and VM,NOX rewrite the flow table of OpenFlow Switch 4. On demand Services delivery (within 15 minutes) Cloud Portal Windows (OS) (OS) (OS) Cloud Server 1 2 2 CRM Linux Linux Linux Virtualization x86 (Computer) NOX Mac Mac Linux OS OS Internet/VPN OpenFlow Switch 4 3 3 App. Windows Windows (OS) (OS) ACS Linu Linu Linu xx x Virtualization App. Flo Ma Ma wvi cc sor OS OS x86 (Computer) 21

How to Provide a Trusty Network Access switch can behave like a security guard in front of a trusty network Only Specific user (i.e. specific packet pattern) can pass through Server farm is protected The network between server farm and user becomes trusty network End to End Virtualization 22

Trusty Network Implementation (Example) OpenFlow Controller Trusted user or traffic Untrusted user or traffic host 1 Trusted Network Server Farm host 2 OpenFlow switch behaves as a security guard 23

Trusty Network OpenFlow: Policy based management LISP: User ID Identified Virtualization: end to end Security Policy based Security App. ACS NOX App. ACS NOX Windows (OS) Linu Linu Linu xx x Virtualization Linu Mac Mac xos OS Trusted Network Windows (OS) Linu Linu Linu xx x Virtualization Linu x x86 (Computer) Controller Virus Spam Hacker Router Current Internet Untrusted Network Man-in-the-Middle Attacks Signaling Weakness DDoS x86 (Computer) Server Farm Server Farm Firewall 24

DDoS Defender based on OpenFlow DDoS defender OpenFlow switch could block DDoS attack traffic OpenFlow controller (NOX) uses flowfetcher API to get and monitor per-flow statistic Two stages of DDoS defender algorithm First stage: Detects the flow volume every 5 seconds. Second stage: Detects the flow volume every 1 second 25

DDoS Defender Algorithm (Example) Parameter Setting Setting timeout, reset the status and inspect again Detect all the flows on the OpenFlow switch (every 5sec) Drop/Stop No Packets over threshold? (3000) Yes No Yes Detect 5 times Inspecting the volume of suspected flows per second Packetover 800/Sec. Yes No 26

DDoS Defender Experimental Equipments: OpenFlow Switch NOX Controller (PC) Spirent Adtech AX/4000 Two Switches Controller Detect Attack, Send Rule: Dst_IP = 10.1.1.1 Action: drop Switch Send IP packets to 10.1.1.1 from 100 different source IP 10.0.0.1~10.0.0.100 Attackers/ Sender Adtech AX/4000 10.1.1.1 Server/ Receiver Switch 27

DDoS Defender Testing Result After 10 seconds, packets will be dropped 28

Multiple Standards and Associations 資 料 來 源 : [9] 29

Specific Intercloud Projects 30

Questions? 31

Reference New Cloud Networking Enabled by ProgrammableFlow No.2 (June, 2010) NEC TECHNICAL JOURNAL David Erickson, Glen Gibb, Brandon Heller, Jad Naous, David Underhill, Guido Appenzeller, Guru Parulkar, Nick McKeown, et al. A demonstration of virtual machine mobility in an OpenFlow network. In Proceedings of ACM SIGCOMM (Demo), page 513, Seattle, WA, August 2008. 32

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information