© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Sarwar Raza

Director, Advanced Technology

Group

SDN Realized Application Directed Networking

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2

Living the Dream….

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3

The ‘S’ in my personal SDN Deployment..

SDN – Circa 1999…

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4

SDN Over the Years

Orchestrators and Network Applications

D = DefinedDirected Application

SD

N A

rch

itec

ture

Distributed Systems Architecture Control

Wire Protocols Infrastructure

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5

Today’s “Application Aware” Approach

Service Source

Inspect, Infer & Act

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6

Gain Contextual Insight Via Back-End

Integration

Service Source

Directories,

etc

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7

Encryption &

tunnelling subvert

‘application aware’

approaches

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8

Service Source

Spiraling Complexity & Cost

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9

Context

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10

Leverage application

context via

programmable

software-defined

networks

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11

The Application Directed Paradigm

Service Source

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12

The Application Directed Paradigm

Service Source

Directories,

etc

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13

Application Directed Infrastructure HP Network Optimizer for Lync

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Francisco-Javier

Ramón Salguero Head of Network Virtualisation Labs

Telefónica GCTO Unit, Telefónica I+D

Chair of Performance and Portability Expert

Group, ETSI NFV ISG

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15

Teaming Up on SDN-enabled

Security Services

SDN Applications for

Security

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16

SDN to cover the Many A’s in Security

AUTHENTICATION: Knowing WHO gets involved

AUTHORIZATION: WHAT & HOW can be done

ACCOUNTING: Register HOW MUCH resource usage

ENHANCED (OR REGULAR) AAA

ANALYSIS: Identify threats & attacks

ACTION: Alleviate incident & Collect information for response

NON-UNIFORM TREATMENT

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17

Virtual DPI Probe: Completing the A’s

Extensible runtime elements

Forensic analysis feasible

Higher reachability to network footprint

Line rate (>80 Gbps) with table signatures

Advanced

analysis

Fine-grained

enforcement

RAW USER

TRAFFIC

OF Controller

OF Switch

Deeper

REAL-TIME

ANALYSIS

Network

Big Data RELEVANT

INFO Metadata interface

RAW USER TRAFFIC MITIGATION

Copy

POLICY

DECISIONS

Security

Alarms OpenFlow

Other data

xDRs

CENTRALISED

INTELLIGENCE

NFV

domain

ANALISIS

ENFORCEMENT

SDN

domain

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18

Initial pilot in part of Telefónica I+D Corporate network

Apply reputation databases using

HP Network Protect SDN

Application

Identify & block infections at

customer terminals

1st step on action: Malware Interception

HP VAN SDN Controller

(Network Protector)

TEF Network

Mobile

Customer

Landline

Customer

Reputation

Database

DNS Server

HP VAN SDN Controller

(Network Protector)

DNS Server

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19

Going Forward: General Security Application

Model

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20

Guessing vs. Knowing

Application ‘Aware’ Application Directed

?

Traffic classification

Identity inference

Context inference

Telemetry

Inferred network policy

Inferred action

Traffic

classification

Telemetry

Network policy

Coordinated action

Identity

Event context

Service request

? User App

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21

Stop Guessing. Start Knowing.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you

Sarwar.Raza@hp.com

@razasarwar

www.hp.com/go/sdn