Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security, Resiliency and Other Challenges Erik Linask Group Editorial Director TMC

Published byElizabeth Ford Modified over 9 years ago

Similar presentations

Presentation on theme: "Security, Resiliency and Other Challenges Erik Linask Group Editorial Director TMC"— Presentation transcript:

1

2 Security, Resiliency and Other Challenges Erik Linask Group Editorial Director TMC elinask@tmcnet.com Twitter: @elinask www.nfvzone.comwww.nfvzone.com / www.sdnzone.comwww.sdnzone.com

3 Security, scalability, resiliency = Traditional Deterrents Now, we are telling telcos they need to virtualize and “cloudify”

4 Security, Resiliency and Other Challenges Glen Gerhard VP, Product Management Sansay Nabil Damouny Sr. Director, Strategic Marketing Netronome

5

6 Security Concerns Very similar unless using a cloud infrastructure DEDICATED VMCLOUD NETWORK Protected Public

7 Resiliency Concerns VM can be made HA and fault tolerant – Easier and cheaper than h/w based systems – Cloud can be even more dynamic, normally not HA INX ROME INX MSX INX Route Management Plane Session Processing Plane Media Handling Plane Master-Slave ROME MSX

8 Resilency Geographic redundancy easy with both

9 PCI Compliance Very tightly controlled architecture Cloud support possible with hybrid systems

10 Security & Resiliency in SDN & NFV Nabil Damouny Sr. Director, Strategic Marketing, Netronome Vice Chair, Market Education Committee, ONF Editor, Compute Domain, ETSI NFV nabil.damouny@netronome.com

11 Agenda Netronome … Intro Network security services Deploying L4-L7 services in SDN-OpenFlow Inserting L7 intelligence in the data path ETSI NFV – complementary to SDN Faults & resiliency in NFV Summary

12 Santa Clara Pittsburgh Boston Cambridge Johannesburg Shenzhen Beijing Tokyo Company Fabless semiconductor company  Best-in-class flow processors  Designed for 10/40/400G communications designs Product and Markets  Leader in SDN-OpenFlow  Leader in NFV … COTS architecture  Cybersecurity  Sole licensee of Intel IXP Processor IP  Intel 22nm tri-gate process  100+ Patents Worldwide Headquarters Research and development center Regional sales and support center

13 L2-L4 forwarding – Switching – Routing – Packet forwarding – OpenFlow – Architectures optimized to process individual packets L4-L7 services – Security – Load balancing – WAN optimization – Architectures optimized to process flows and content What Are Layer 4 through 7 Services? Categorized by depth of Layer 4 through 7 inspection OpenFlow switch No Flow Inspection Load balancer Next-generation firewall WAN optimization Web application firewall Partial Flow Inspection Test and measurement Policing and metering Quality of Service (QoS) Traffic analysis Flow Monitoring Anti-virus / anti-spam Intrusion prevention system (IPS) SSL inspection VPN Full Flow Inspection 13 There are 4 service categories with specific processing requirements

14 Suggested Deployment Models Application Layer ApplicationsApplications Control Layer Network Controller SDN Control Software Network Controller SDN Control Software Infrastructure Layer Network Device Layer 4-7 Services 1 1 3 3 Intelligent Switch with Layer 4-7 Layer 4 through 7 Appliance 2 2 1.Running as applications on the controller Controller programs SDN switch on per-flow basis Northbound APIs Southbound API 2.Standalone network appliance Traffic directed to appliance either based on static policy or dynamically driven by controller Legacy or OF-enabled 3.Full Layer 4-7 network services running on intelligent switch Intelligent switch becomes L2-L7 device 14 Different deployment models to best fit service requirements, including performance and latency.

15 Use Case: Advanced Traffic Analysis … Embedded DPI feeds network intelligence to services on L7 device Application flows forwarded directly to specialized service processing Requires L4-L7 intelligence embedded directly in switches Application flows forwarded directly to specialized service processing Requires L4-L7 intelligence embedded directly in switches Application Layer ApplicationsApplications Control Layer SDN Control Software Infrastructure Layer Network Device Layer 4-7 Network Device Layer 7 Network Service Device Northbound APIs Southbound API Network Services Layer 7 Network Service Device VoIP P2P Video Email Web Data Plane Traffic Layer 4-7: Protocol and Application Identification IM Other Traffic Steering Video Optimization QoS / QoE AnalyticsAnalytics GGSNGGSN Content Filtering 15

16 SDN Data center … Intelligence is at the Edge SDN Gateway Interconnect new virtualized networks and legacy Focus on Gateway for Multi-tenant Data Center -to- MPLS WAN NFV Appliance Open, programmable host for virtual applications Focus on ETSI NFV Use Cases: – Two out of 9 pre-defined use cases Use Case #5 - VNF as a service Use Case #6 – Service Chaining

17 Examples of types of Faults 17 VNF1 Hypervisor X86-1 VM1VM2 Hypervisor X86-2 VM1VM2 Physical Network Infrastructure Less severe impact More severe impact Failure of the VNF – Application Crash, Overload condition – Tolerable if clustered topology, Service degradation (SD) possible Failure of the VM – OS Crash, Resource exhaustion – Tolerable in clustered topology, SD possible Failure of the Hypervisor – Tolerable in clustered topology, SD Failure of the server – OS Crash, Resource exhaustion – Tolerable in clustered topology, SD Possible Failure in the physical Infrastructure – Device power cycle/crash, Loss of Connectivity – Tolerable if infra is HA capable VM1-OSVM2-OS VM3-OSVM4-OS CPU Mem Disc I/O CPU Mem Disc I/O CPU Mem Disc I/O CPU Mem Disc I/O CPU Mem Disc I/O CPU Mem Disc I/O

18 SDN-aware NFV security platforms Netronome offerings – Flow processors scaling to 200Gbps – FlowNICs for acceleration of standard servers – Production-ready reference platforms

19 SDN-aware security platforms Features and benefits – 216 programmable processing cores – 4 x PCIe Gen 3 to connect to x86 sockets 200Gbps+ throughout to standard servers – Support >500 BIPS per 2U to apply to workloads in NFV environments Support for high-touch security applications – Fully SDN capable Support for OpenFlow 1.3 – Carrier grade resiliency in COTS server architecture platforms Numerous high-availability options – Integrated fail-to wire – Active-passive and active-active HA modes of operation Netronome’s FlowNICs and reference platforms are ideal to solve the security and resiliency challenges facing SDN and NFV

20 Looking Ahead What are some of the obstacles for a Telco to work with ISV's in the security area? How can a Telco achieve the traditional 5 9's reliability? How about high availability? Is it easier and less costly to design for redundancy, in NFV & SDN? How about Federation and the need for interoperability between carriers? What is the role of cloud orchestration in security & resiliency?

21 BACKUP

22 ETSI ISG NFV Structure ISG E-E Documents (Ratified) 1.Architecture Framework 2.Use Cases (9 total) 3.(Business) Requirements 4.Terminology Technical Working Groups 1.Infrastructure (INF) 2.Software Architecture (SWA) 3.Management & Orchestration (MANO) 4.Reliability & Availability (REL) – Performance Expert Group (PER) – Security Expert Group (SEC) SDN & NFV are complementary & synergistic. Source: ETSI ISG NFV

23 Topologies for hosting Network Functions in VMs Single instance topology – VNF deployed on a single virtual machine. Clustered or Composite Topology – Consists of multiple VNF Components (VNFCs) L2/L3 connectivity between VNF instances when multiple physical servers hosting same VNF. Simple vs. Clustered VNFs 23 x86 VNF1 Hypervisor x86 VM1VM2 VNF1VNF2 Hypervisor x86 VM1VM2 VNFC1 Hypervisor x86 VM1VM2 VNF1VNF3VNF2 Hypervisor X86-1 VM1VM2 Hypervisor X86-2 VM1VM2 1 23 4 5 NFV Deployment Examples VNFC2 VNFC1VNFC2 VNFC3VNFC4

Download ppt "Security, Resiliency and Other Challenges Erik Linask Group Editorial Director TMC"

Similar presentations

M A Wajid Tanveer http://www.IctDirector.com Infrastructure M A Wajid Tanveer http://www.IctDirector.com.

M A Wajid Tanveer Infrastructure M A Wajid Tanveer
ETSI NFV Management and Orchestration - An Overview

ETSI NFV Management and Orchestration - An Overview
Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.

Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Grant agreement n°318514 SDN architectures for orchestration of mobile cloud services with converged control of wireless access and optical transport network.

Grant agreement n° SDN architectures for orchestration of mobile cloud services with converged control of wireless access and optical transport network.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
Utilizing OpenStack to Meet Telco Needs

Utilizing OpenStack to Meet Telco Needs
Ralph Santitoro Director, Strategic Market Development SDNs and Network Virtualization: Evolving Packet Optical Networking.

Ralph Santitoro Director, Strategic Market Development SDNs and Network Virtualization: Evolving Packet Optical Networking.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
Keith Wiles Keith.Wiles@Intel.com DPACC vNF Overview and Proposed methods Keith Wiles Keith.Wiles@Intel.com 2015.04.03 – v0.5.

Keith Wiles DPACC vNF Overview and Proposed methods Keith Wiles – v0.5.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
SERVER LOAD BALANCING Presented By : Priya Palanivelu.

SERVER LOAD BALANCING Presented By : Priya Palanivelu.
NFVRG Meeting@IETF92, Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.

NFVRG Dallas Verification of NFV Services : Problem Statement and Challenges draft-shin-nfvrg-service-verification-01 M-K. Shin, ETRI.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
CON7349 - Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

Similar presentations

Ads by Google