Software Defined Networking
Software Defined Networking Hva kan du starte med i dag ? Geir Åge Leirvik – HP Networking Agenda • App Store – keeping it simple • HP apps: – Protector – Optimizer ‐ Lync • Partners apps: – BlueCat DNS – KEMP • Community apps: – Flow Maker – Blacklist HP SDN App Store http://hp.com/sdn/AppStore • Accelerated time to ROI with integrated and validated applications • Network agility with rapid and seamless deployment • Standards-based for open and simplified collaboration … and enterprise ready Current applications ‐ highlights Apps Circle 1 HP Apps Circle 2 Partner Apps Circle 3 Community Network Protector Bluecat, DNS Director – Central DNS security, globally delivered NorthboundNetworks, Flow Maker Network Optimizer Kemp vLoadMaster AT – Application Delivery Controller With SDN Adaptive Technology Blackhole Fortinet – Fortigate & FortiManager SDN extensions Privatizer TechMahindra – Server Load Balancer GuardiCore, Defense Suite Active Honeypot – Data center security redefined Ecode, evolve™ – Dynamic design to deployment Saisei Flow Command – Real time flow policy control, analysis and security suite Adara Orchestration suite Real‐Status, Hyperglance – Interactive 3D visibility and control Aricent – Pure SDN Load Balancer iBoss – FireSphere Threat Isolator NEC – Univerge Network Coordinator HP Apps • Optional subtitle Network Protector Modern malware, spyware, botnet businesses Client / server business and architecture Use it - $$$ Sell the capability - $ SDN Application example : BYOD botnet scenario WAN Wireless LAN Core Campus LAN Edge Internet 1 Employee Laptop + Son’s USB Stick + Star Buck’s WIFI 3 2 BotNet infected Laptop plugs back into Corp Net and attempts to infect all computers in LAN BotNet attempts to access external server via DNS request and is detected by Gatekeeper and blocked HP Network Protector SDN application Enabling real‐time threat detection across enterprise campus networks SDN Architecture Application Control Network Protector App VAN SDN Controller RepDV Database TippingPoint • Secure BYOD • Unprecedented Visibility • 1 million + every 2 hours Infrastructure Malicious-site.com HP Network Protector SDN Application Bringing security to the edge of the network Reputation DV data base (1M+ bad sites) HP VAN SDN Controller with Network Protector SDN Application Core Distribution Edge HP Network Protector SDN Application benefits Simple security for BYOD Reduce time IT spends on security from weeks to hours Based on open standards Unprecedented visibility High visibility automation and control Protects the internal network from its host Malware/Botnet Enables real‐time threat protection /Spyware Protects from more than 1M malware/botnet & spyware protection HP TippingPoint Reputation DV service Identifying “known bad” hosts Spammers Up to 80% of spam generated by top 100 spammers Botnet CnC 5,000 ‐ 6,000 sites worldwide Malware Depots Estimates of 2,500 ‐ 50,000 new malware depots discovered daily Phishing Sites Compromised Hosts 50,000+ new phishing sites discovered monthly Millions worldwide Reputation DV identifies these as “Known Bad” devices so you can block traffic to and from these sites Malicious DNS requests reporting Per VLAN visibility RepD V DB Network Protector App DNS HP SDN controller 10.10.120.11 10.10.105.25 IRF DC Core Switch (non OF capable) 10.10.150.72 Findings and Outcomes – Resulting in a more secure network Proven efficiency Block Botnet propagation. Provide Blacklisting capability. Easiness of deployment OF at access layer or even few aggregation points. Legacy core is kept unchanged. Security reporting Instantaneous reporting of malicious DNS queries showing threat level Network Optimizer HP Network Optimizer for Lync Automating policy for campus enterprise business applications SDN Architecture Application Network Optimizer SDN API POC • Simplified operation • Visibility Control VAN SDN Controller Legacy LAN‐WAN Infrastructure • Enhanced user experience • Preserve existing core and WAN High level overview Active Directory, Exchange & SharePoint Lync SDN API HP Network Optimizer SDN Application Lync SDN Manager . SDN Controller HP Server HP Server HP OpenFlow Switch User: James HP OpenFlow Switch User: Linda Network Optimizer Demo HP SDN Lync Demo Network Optimizer Configuration DSCP setting Network Optimizer – Dashboard Network Optimizer – Lync/Sessions Network Optimizer – QoE metrics Findings and Outcomes Lync just works better Proven QoS marking for Lync dynamic flows Lync flows are configured based on Lync FE servers DB. Easiness of deployment OF at access layer or even only on very few aggregation points. Legacy core QoS is kept almost unchanged. Lync application performance metrics Instantaneous reporting of Lync application quality in a networking operational dashboard. PARTNER APPLICATIONS Optional subtitle BlueCat DNS Director DNS Director Secures the open enterprise with global visibility and centralized control over all DNS traffic across all connected devices. Central DNS security, globally delivered across all devices regardless of ownership & configuration Features Benefits • • • • Prevents devices from bypassing DNS‐driven security policies & accessing untrusted DNS servers Detects, intercepts and transparently redirects DNS queries at the edge of the network to secure DNS servers Enables elastic DNS service delivery for Enterprise & Carriers (NFV) • • Complete network visibility and control of all DNS traffic Prevent data exfiltration through DNS tunneling Ensure DNS‐driven security policies are applied to all connected devices, regardless of ownership and configuration Central DNS security, globally delivered across all devices regardless of ownership & configuration BlueCat DNS Director Central DNS Security, Globally Delivered • Complete network visibility and control over all DNS traffic • Prevent data exfiltration through DNS tunneling • Ensure DNS‐driven security policies are applied to all connected devices BlueCat DNS Director Application SDN Architecture B VAN SDN Controller Control A VM Connected Things C A DNS queries intercepted at edge through SDN rules when not targeted at corporate DNS B Intercepted queries redirected to BlueCat’s DNS/DHCP server where policies are applied C BlueCat’s DNS response structured to appear as if it came from originally targeted server so interception is undetected Infrastructure VM VM VM Hypervisor Customer DC VM Hybrid Cloud BlueCat DNS Server with Threat Protection Non‐Corporate DNS Servers Compromised DNS Servers https://www.youtube.com/watch?v=vZQg9VYiAJI KEMP LoadMaster LoadMaster Application Delivery Controller With SDN Adaptive Technology Central DNS security, globally delivered across all devices regardless of ownership & configuration Features Benefits • • • • Dynamically adapt flow distribution based on network switch statistics Redirecting flows to optimize the overall QoE for the client • Increased Application Delivery Performance Eliminates session outages and slow application response due to network congestion conditions Better overall quality of experience for end users of application services Application Delivery Controller With SDN Adaptive Technology SDN Adaptive Load Balancing Enriching Load Balancing Policies Application flow 1 Virtual Load Master 3 VAN SDN Controller Control 1 Inbound traffic Infrastructure 4 2 Server Cluster2 SDN Architecture REST API Application flow Server Cluster1 Application 1 Typical flow path to the server access layer switch 2 Controller detects the congestion on the Openflow switch port connecting to server 3 3 LoadMaster is pulling that layer 2 congestion information from the controller 4 Kemp Loadmaster makes automated adjustment to sending traffic to server 3 , instead distributing the load across servers 1 and 2 until the congestion condition clears COMMUNITY APPLICATIONS FLOW MAKER Blacklist Optional subtitle Privatizer Quiz
© Copyright 2024