Brocade Flow Optimizer 05/11/2015 Openlab Technical Workshop Adam Krajewski Edoardo Martelli Stefan Stancu

Brocade Flow Optimizer software An SDN application for optimal network traffic flow management OpenDaylight controller for OpenFlow-based network control sFlow for monitoring the network traffic Flow management through policies Traffic pattern match Decision how to handle the flow (drop, redirect etc) User friendly GUI provides interactive and real-time events logs and traffic statistics Collaboration goal: Enhance and generalize the Brocade Flow Optimizer architecture to meet CERN requirements 05/11/2015 IT-CS-CE - CERN openlab

IT-CS-CE - CERN openlab Use case 1: Intelligent Dynamic Policy Based Routing Open Daylight Brocade Flow Optimizer Internet traffic (non-physics) accidentally arriving via “physics” network. physics data Two distinct external networks Internet LHC dedicated (physics data) Use Brocade Flow Optimizer to ensure that: Physics data stays on the physics network Internet data stays on the campus network 05/11/2015 IT-CS-CE - CERN openlab

Use case 2: firewall offload Use Brocade Flow Optimizer to: Identify top talkers The user can decide what to do with such flows: Discard (e.g. DDoS attack) Bypass Firewall (know trusted traffic) Don’t touch (neutral internet traffic) Twofold optimization Offload firewall (expensive resource) from handling high amounts of trusted traffic Higher bandwidth for physics research traffic Brocade Flow Optimizer Open Daylight 05/11/2015 IT-CS-CE - CERN openlab

Use case 3: IDS traffic mirroring Use OpenFlow technology OpenFlow gives high flexibility for specific fields to be matched for traffic flows Use Brocade Flow Optimizer for scalable and flexible flow mirroring distributed mirroring traffic matching IP=***0  mirror to port 1 (IDS - 1) traffic matching IP=***1  mirror to port 2 (IDS - 2) don't mirror trusted traffic traffic matching trusted IP  “forward normal” Open Daylight Brocade Flow Optimizer 05/11/2015 IT-CS-CE - CERN openlab

IT-CS-CE - CERN openlab Current status Current status: Lab environment ready ICX Campus LAN switches at CERN MLX Series Core Routers at Brocade Fellow integrated with the Brocade developer team Playing an active role in the development Some code already pushed and merged successfully Firewall offload use case already addressed in the Brocade Flow Optimizer 1.1 release Other use cases to be tackled in the future releases 05/11/2015 IT-CS-CE - CERN openlab