Hardware acceleration enhancing network security

Similar documents
Monitoring applications to increase security in 40G and 100G networks

High-Density Network Flow Monitoring

Hardware Acceleration for High-density Datacenter Monitoring

Extreme Load Test of Hardware-accelerated Adapter against DDoS Attacks

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring

Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University

Infrastructure for active and passive measurements at 10Gbps and beyond

Data Center and Cloud Computing Market Landscape and Challenges

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

Gaining Operational Efficiencies with the Enterasys S-Series

Network Security Platform 7.5

TIME TO RETHINK PERFORMANCE MONITORING

MoonGen. A Scriptable High-Speed Packet Generator Design and Implementation. Paul Emmerich. January 30th, 2016 FOSDEM 2016

Monitoring high-speed networks using ntop. Luca Deri

Wire-speed Packet Capture and Transmission

50. DFN Betriebstagung

High-Density Network Flow Monitoring

Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud

APRIL 2010 HIGH PERFORMANCE NETWORK SECURITY APPLIANCES

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

MIDeA: A Multi-Parallel Intrusion Detection Architecture

IBM Security Network Protection

Windows TCP Chimney: Network Protocol Offload for Optimal Application Scalability and Manageability

Why 25GE is the Best Choice for Data Centers

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

Cisco Integrated Services Routers Performance Overview

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

Server Based Desktop Virtualization with Mobile Thin Clients

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Precision Time Protocol (PTP/IEEE-1588)

AntiDDoS1000 DDoS Protection Systems

Securing the Intelligent Network

APRIL 2010 HIGH PERFORMANCE INTRUSION PREVENTION SYSTEMS

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Scalable Architecture for Accelerating IA Designs. SYSTEM ON A CHIP (SoC) 1-2 Gbps

Scalable Network Monitoring with SDN-Based Ethernet Fabrics

Secure Access Complete Visibility

QRadar Security Intelligence Platform Appliances

C-GEP 100 Monitoring application user manual

The Role of Precise Timing in High-Speed, Low-Latency Trading

Router Architectures

Open-source routing at 10Gb/s

Foundation for High-Performance, Open and Flexible Software and Services in the Carrier Network. Sandeep Shah Director, Systems Architecture EZchip

Cisco and Visual Network Systems: Implement an End-to-End Application Performance Management Solution for Managed Services

Network Monitoring and Traffic CSTNET, CNIC

NetQoS Delivers Distributed Network

Research Report: The Arista 7124FX Switch as a High Performance Trade Execution Platform

Cisco Catalyst 4948E NetFlow- lite

VMWARE WHITE PAPER 1

End-to-End Network Centric Performance Management

Cray Gemini Interconnect. Technical University of Munich Parallel Programming Class of SS14 Denys Sobchyshak

Performance of Software Switching

NGN Next Generation Nightmare? What telco 2.0 really means

Infrastructure Matters: POWER8 vs. Xeon x86

Accelerating High-Speed Networking with Intel I/O Acceleration Technology

Next-Generation Firewalls: Critical to SMB Network Security

How To Monitor And Test An Ethernet Network On A Computer Or Network Card

Active Visibility for Multi-Tiered Security // Solutions Overview

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

Solving Monitoring Challenges in the Data Center

100 Gigabit Ethernet is Here!

From Ethernet Ubiquity to Ethernet Convergence: The Emergence of the Converged Network Interface Controller

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Achieving Low-Latency Security

TIME TO RETHINK REAL-TIME BIG DATA ANALYTICS

CS550. Distributed Operating Systems (Advanced Operating Systems) Instructor: Xian-He Sun

Core Technology for the Wireless Network Virtualization

Next Generation Operating Systems

BILOXI PUBLIC SCHOOL DISTRICT. Ethernet Switches

Solving the Hypervisor Network I/O Bottleneck Solarflare Virtualization Acceleration

Cisco Unified Computing Remote Management Services

How To Fix A Fault Notification On A Network Security Platform (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent

Distributed Compute for Both Performance and Cost Optimization - Maximizing Data Center Performance in Financial Services

Open Source in Network Administration: the ntop Project

Observer Probe Family

Packet Level Authentication Overview

Maximizing Hadoop Performance and Storage Capacity with AltraHD TM

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

SDN software switch Lagopus and NFV enabled software node

Parallel Firewalls on General-Purpose Graphics Processing Units

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V. Technical Brief v1.

Scalable Extraction, Aggregation, and Response to Network Intelligence

PORTrockIT. Veeam : accelerating virtual machine replication with PORTrockIT

WHITE PAPER. Extending Network Monitoring Tool Performance

Big Data Performance Growth on the Rise

Five Essential Components for Highly Reliable Data Centers

SOFTWARE-DEFINED: MAKING CLOUDS MORE EFFICIENT. Julian Chesterfield, Director of Emerging Technologies

Centrata IT Management Suite 3.0

Radware s Attack Mitigation Solution On-line Business Protection

Traffic Monitoring using sflow

ethernet services for multi-site connectivity security, performance, ip transparency

Driving IBM BigInsights Performance Over GPFS Using InfiniBand+RDMA

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Network Forensics Buyer s Guide

Transcription:

Hardware acceleration enhancing network security Petr Kaštovský kastovsky@invea-tech.com High-Speed Networking Technology Partner

Threats Number of attacks grows together with damage caused Source: McAfee Threats Report: Fourth Quarter 2011 According to Czech National Security Authority Internet became critical infrastructure Drawbridge that can not be raised 6.4.2012 Hardware acceleration enhancing network security 2/14

Traffic growth Ethernet standards 1 GE 1998 10 GE 2002 100 GE 2010 We are either looking for needle in (petabyte) hay sack or trying to take a drink from fire hydrant. 6.4.2012 Hardware acceleration enhancing network security 3/14

Challenges, requirements Network monitoring has to cope with deployment in core network (visibility) high bandwidth and line utilization new link layer technologies (10G, 40G, 100G Ethernet) growing number of end users and devices (targets) While it is necessary to adapt to evolving network environment (IPv4, IPv6,...) detect all known and zero day threats maintain reasonable CAPEX & OPEX 6.4.2012 Hardware acceleration enhancing network security 4/14

Security tools Commodity hardware + Cheap and flexible - Limited I/O performance Dedicated equipment + High I/O performance - Expensive, limited flexibility Hardware acceleration for commodity hardware + High I/O performance + Reasonable price + Flexible 6.4.2012 Hardware acceleration enhancing network security 5/14

Embedded tools Real world example (billing is not security!) 6.4.2012 Hardware acceleration enhancing network security 6/14

Pre-processing Reduce working data set as soon as possible Less data to take care of Less privacy issues Different kinds of pre-processing Processed packets [%] 100 90 80 70 60 50 40 30 20 IPFIX 10 NIC 0 64 264 464 664 864 1064 1264 1464 Packet length [B] Filtration of specific service or user data/ packets (VoIP analysis, BotNet detection) Traffic features extraction (Packet header fields, alarms, scores) 6.4.2012 Hardware acceleration enhancing network security 7/14

Divide & conquer Network traffic composed of different flows (parallel) Multicore CPUs, dedicated memory controllers (NUMA) Intelligent data distribution is the key Common feature, typically flow-aware, configurable # of cores Arrival period Free CPU time 3GHz CPU instructions 1 67ns 30ns 90 8 536ns 500ns 1500 6.4.2012 Hardware acceleration enhancing network security 8/14

Synchronization World wide resources used for attacks Hard to correlate data without synchronization Different solutions for synchronization GPS, CDMA, PTP COMBO card + GPS synchronization approx. 2us deviation from global time 6.4.2012 Hardware acceleration enhancing network security 9/14

Platform example Hardware accelerator (CPU, NP, ASIC, GPGPU, FPGA) PCI-Express card Multiple queues Intelligent data distribution Commodity server CPU NUMA architecture Core level parallelism On-chip PCI-Express interface (Intel SB) Optimized software Network stack bypass Zero copy data access 6.4.2012 Hardware acceleration enhancing network security 10/14

Performance 6.4.2012 Hardware acceleration enhancing network security 11/14

Hardware acceleration Lifesaver in data deluge High-precision security analysis (no drops) Support for different scenarios/use cases Detection of events and NetFlow collection Filtering of service and trace recording Suitable for the most demanding applications National level security Evidence collection according to warrants Great flexibility and savings Reuse of software components, time-critical part in hardware 6.4.2012 Hardware acceleration enhancing network security 12/14

40G and beyond 40G and 100G Ethernet standard ratified June 2010 Initial adoption in core network elements New model of hardware acceleration card Computational resources (FPGA) Supported interfaces (4x10G, 40G, 100G) PCI-Express up to 16x gen 2 seamless application upgrade Hardware accelerated filtration Even more important for high-bandwidth links Data reduction with guaranteed performance and precise timestamps 6.4.2012 Hardware acceleration enhancing network security 13/14

Contacts High-Speed Networking Technology Partner Petr Kaštovský kastovsky@invea-tech.com INVEA-TECH a.s. U Vodárny 2965/2 616 00 Brno www.invea-tech.com 6.4.2012 Hardware acceleration enhancing network security 14/14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information