Post on 16-Jul-2015
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Sarwar Raza
Director, Advanced Technology
Group
SDN Realized Application Directed Networking
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
Living the Dream….
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
The ‘S’ in my personal SDN Deployment..
SDN – Circa 1999…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
SDN Over the Years
Orchestrators and Network Applications
D = DefinedDirected Application
SD
N A
rch
itec
ture
Distributed Systems Architecture Control
Wire Protocols Infrastructure
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
Today’s “Application Aware” Approach
Service Source
Inspect, Infer & Act
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
Gain Contextual Insight Via Back-End
Integration
Service Source
Directories,
etc
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Encryption &
tunnelling subvert
‘application aware’
approaches
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Service Source
Spiraling Complexity & Cost
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Context
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
Leverage application
context via
programmable
software-defined
networks
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
The Application Directed Paradigm
Service Source
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
The Application Directed Paradigm
Service Source
Directories,
etc
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
Application Directed Infrastructure HP Network Optimizer for Lync
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Francisco-Javier
Ramón Salguero Head of Network Virtualisation Labs
Telefónica GCTO Unit, Telefónica I+D
Chair of Performance and Portability Expert
Group, ETSI NFV ISG
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
Teaming Up on SDN-enabled
Security Services
SDN Applications for
Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
SDN to cover the Many A’s in Security
AUTHENTICATION: Knowing WHO gets involved
AUTHORIZATION: WHAT & HOW can be done
ACCOUNTING: Register HOW MUCH resource usage
ENHANCED (OR REGULAR) AAA
ANALYSIS: Identify threats & attacks
ACTION: Alleviate incident & Collect information for response
NON-UNIFORM TREATMENT
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
Virtual DPI Probe: Completing the A’s
Extensible runtime elements
Forensic analysis feasible
Higher reachability to network footprint
Line rate (>80 Gbps) with table signatures
Advanced
analysis
Fine-grained
enforcement
RAW USER
TRAFFIC
OF Controller
OF Switch
Deeper
REAL-TIME
ANALYSIS
Network
Big Data RELEVANT
INFO Metadata interface
RAW USER TRAFFIC MITIGATION
Copy
POLICY
DECISIONS
Security
Alarms OpenFlow
Other data
xDRs
CENTRALISED
INTELLIGENCE
NFV
domain
ANALISIS
ENFORCEMENT
SDN
domain
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
Initial pilot in part of Telefónica I+D Corporate network
Apply reputation databases using
HP Network Protect SDN
Application
Identify & block infections at
customer terminals
1st step on action: Malware Interception
HP VAN SDN Controller
(Network Protector)
TEF Network
Mobile
Customer
Landline
Customer
Reputation
Database
DNS Server
HP VAN SDN Controller
(Network Protector)
DNS Server
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
Going Forward: General Security Application
Model
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
Guessing vs. Knowing
Application ‘Aware’ Application Directed
?
Traffic classification
Identity inference
Context inference
Telemetry
Inferred network policy
Inferred action
Traffic
classification
Telemetry
Network policy
Coordinated action
Identity
Event context
Service request
? User App
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Stop Guessing. Start Knowing.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you
Sarwar.Raza@hp.com
@razasarwar
www.hp.com/go/sdn