Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lutz Donnerhacke IKS Service GmbH

Published bySusanto Lie Modified over 6 years ago

Similar presentations

Presentation on theme: "Lutz Donnerhacke IKS Service GmbH"— Presentation transcript:

1 Lutz Donnerhacke IKS Service GmbH
ND Spoofing for Fun and Profit Distributing server farm traffic efficiently Lutz Donnerhacke IKS Service GmbH

2 The Problem High bandwidth servers Distributed clients
Distribute locations Intermediate bandwidth limited Third party appliances Internal communications? Single default gateway No technical contacts Design violation Should buy two clusters

3 First Hop Redundancy Single active router Traffic flow HSRP, etc.
Failover Traffic flow Deterministic Not optimal Intermediate bandwidth required

4 Disturb First Hop Redundancy
Prevent FHR communication Both nodes active Complicated, error prone Low latency = local First come, first serve Slow and unstable redundancy Do not disturb the cluster May harm internal communication Hard to operate Always a fail state

5 SDN for the rescue Inject the router twice Pro Con (for us)
MAC into BGP Least cost route Pro Stable Redundant Con (for us) Redesign of core network Expensive

6 Back to the blackboard Different gateways
Each server has an other router HSRP still possible Locality depend configuration Communicate with vendor Change application Change rollout Unlikely 

7 Can we fool the servers? Trivial idea Fails in practice
Same IP, different MAC First come, first server Fails in practice Duplicate IP detection Missing ND responses Core in danger

8 ND for the rescue Router ND-Server Server IPs from different networks
Down: Host routes to interface ND-Server Fake ND responses Rule based: who, whom, what Can respond with HSRP-MACs Server Automatically learn optimal MAC

9 Background xDSL networks PARPD Sources Carrier blocks Customers need
Rule based ARP/ND responder Sources Proxy-ARP-daemon show_bug.cgi?id=223594

Download ppt "Lutz Donnerhacke IKS Service GmbH"

Similar presentations

Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.

Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.
Implementing Layer 3 High Availability

Implementing Layer 3 High Availability
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—6-1 Implementing Layer 3 High Availability Configuring Layer 3 Redundancy with HSRP.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—6-1 Implementing Layer 3 High Availability Configuring Layer 3 Redundancy with HSRP.
Understanding Layer 3 Redundancy. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Upon completing this lesson, you will be able.

Understanding Layer 3 Redundancy. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Upon completing this lesson, you will be able.
Subnetting.

Subnetting.
Improving Availability in Multilayer Switched Networks

Improving Availability in Multilayer Switched Networks
Institute of Technology Sligo - Dept of Computing Chapter 11 Layer 3 Protocols Paul Flynn.

Institute of Technology Sligo - Dept of Computing Chapter 11 Layer 3 Protocols Paul Flynn.
10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.

10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
© 1999, Cisco Systems, Inc. 1-1 Chapter 2 Overview of a Campus Network © 1999, Cisco Systems, Inc.

© 1999, Cisco Systems, Inc. 1-1 Chapter 2 Overview of a Campus Network © 1999, Cisco Systems, Inc.
EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani 19.6.13 Advanced Topics in Storage Systems Spring 2013.

EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani Advanced Topics in Storage Systems Spring 2013.
Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.

Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.
Introducing a New Concept in Networking Fluid Networking S. Wood Nov. 2006 Copyright 2006 Modern Systems Research.

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.
S7C8 Hot Standby Router Protocol

S7C8 Hot Standby Router Protocol
Delivery and Forwarding Chapter 18 COMP 3270 Computer Networks Computing Science Thompson Rivers University.

Delivery and Forwarding Chapter 18 COMP 3270 Computer Networks Computing Science Thompson Rivers University.
The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.

The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.
Redundancy. Single point of failure Hierarchical design produces many single points of failure Redundancy provides alternate paths, but may undermine.

Redundancy. Single point of failure Hierarchical design produces many single points of failure Redundancy provides alternate paths, but may undermine.

Similar presentations

Ads by Google