© 2013 NAIM Networks – All rights reserved. 3 / 34
보안은 어떻게?I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
NIC
OS #3...
© 2013 NAIM Networks – All rights reserved. 4 / 34
지금의 보안 구성I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
NIC
OS #...
© 2013 NAIM Networks – All rights reserved. 5 / 34
문제가 없을까?I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
NIC
OS #3...
© 2013 NAIM Networks – All rights reserved. 6 / 34
VM 보안 제품은 어려워요??I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
N...
© 2013 NAIM Networks – All rights reserved. 7 / 34
개선 방향은 없나요??I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
NIC
O...
© 2013 NAIM Networks – All rights reserved. 8 / 34
SDN을 이용한 유연한 구현?I
Software Switch Software Switch
NIC
OS #1
NIC
OS #2
N...
© 2013 NAIM Networks – All rights reserved.
1
2
3
4
Virtualized Environment in Cloud
Cloud Management: OpenStack
SDN Roles...
© 2013 NAIM Networks – All rights reserved. 11 / 34
Virtualized WorldI
 Virtualization
The creation of something virtual ...
© 2013 NAIM Networks – All rights reserved. 12 / 34
Virtualized World: Cloud (1)I
 Server Virtualization  Network Virtua...
© 2013 NAIM Networks – All rights reserved. 13 / 34
Virtualized World: Cloud (2)I
Physical
server
VM
(tenant #1)
VM
(tenan...
© 2013 NAIM Networks – All rights reserved. 15 / 34
OpenStack Intro.
 OpenStack is a collection of open source software
p...
© 2013 NAIM Networks – All rights reserved. 16 / 34
Evolution of OpenStack
 Six Month Cycle
Releases are timed to
corresp...
© 2013 NAIM Networks – All rights reserved. 17 / 34
Havana: ArchitectureII
 Emphasizing the management of cloud
Celiomete...
© 2013 NAIM Networks – All rights reserved. 18 / 34
OpenStack: NovaII
 Overview
The core of IaaS Management System in Ope...
© 2013 NAIM Networks – All rights reserved. 19 / 34
OpenStack: NeutronII
 Quick Intro
Quantum Neutron is an OpenStack pro...
© 2013 NAIM Networks – All rights reserved. 21 / 34
 OpenvSwitch plugin
Network Virtualization with NeutronII
Logical Net...
© 2013 NAIM Networks – All rights reserved. 22 / 34
Compute Node C2 Compute Node C3
Network NodeCompute Node C1Br-tun
Br-i...
© 2013 NAIM Networks – All rights reserved. 23 / 34
OpenStack with Virtualization
 Realizing *-as-a-service with server &...
© 2013 NAIM Networks – All rights reserved. 25 / 34
SDN Overview
 Agility on Networks
 Controllability of Entire Network...
© 2013 NAIM Networks – All rights reserved. 26 / 34
SDN Roles in OpenStack
 Centralized control of network using OpenStac...
© 2013 NAIM Networks – All rights reserved. 27 / 34
SDN Roles in OpenStack
 Why OpenStack + SDN?
Finally free application...
© 2013 NAIM Networks – All rights reserved. 28 / 34
 OpenStack test bed with SDN in NAIM Networks
OpenStack
SDN Roles in ...
© 2013 NAIM Networks – All rights reserved. 30 / 34
Overview
 Current security appliances
Cost: expensive
Maximum bandwid...
© 2013 NAIM Networks – All rights reserved. 31 / 34
Architecture (1)
 Logical Architecture
IV
Network
Data
Gather
Network...
© 2013 NAIM Networks – All rights reserved. 32 / 34
 Architectural Components
Architecture (2)
OpenFlow Enabled Switch
(P...
© 2013 NAIM Networks – All rights reserved. 33 / 34
Case: Demo
 Scenario
Network with anomaly traffic
OVSs monitors traff...
© 2013 NAIM Networks – All rights reserved. 34 / 34
Summary
 Separated virtualization management: server
virtualization &...
www.NAIMNetworks.com
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
6th SDN Interest Group Seminar - Session6 (131210)
Upcoming SlideShare
Loading in...5
×

6th SDN Interest Group Seminar - Session6 (131210)

204

Published on

지난 2013년 12월 10일 진행된 오픈플로우코리아와 Open Networking Foundation 이 공동으로 기획한 Open & Virtual Networking Conference 2013의 발표 자료입니다.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
204
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

6th SDN Interest Group Seminar - Session6 (131210)

  1. 1. © 2013 NAIM Networks – All rights reserved. 3 / 34 보안은 어떻게?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] [VM] [VM] [VM]
  2. 2. © 2013 NAIM Networks – All rights reserved. 4 / 34 지금의 보안 구성I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  3. 3. © 2013 NAIM Networks – All rights reserved. 5 / 34 문제가 없을까?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  4. 4. © 2013 NAIM Networks – All rights reserved. 6 / 34 VM 보안 제품은 어려워요??I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  5. 5. © 2013 NAIM Networks – All rights reserved. 7 / 34 개선 방향은 없나요??I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] NIC OS #1 NIC OS #2 NIC OS #3 [VM] [VM][VM] Security Security
  6. 6. © 2013 NAIM Networks – All rights reserved. 8 / 34 SDN을 이용한 유연한 구현?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] NIC OS #1 NIC OS #2 NIC OS #3 [VM] [VM][VM] Security Security SDN Controller App App App Security Appliance
  7. 7. © 2013 NAIM Networks – All rights reserved. 1 2 3 4 Virtualized Environment in Cloud Cloud Management: OpenStack SDN Roles in Cloud Management Case: Security (SDN + DPI)
  8. 8. © 2013 NAIM Networks – All rights reserved. 11 / 34 Virtualized WorldI  Virtualization The creation of something virtual (rather than actual) in the computer world Pros. Isolation Consolidation Testing Mobility Cons. Concentration Risk Cost Performance Penalty Hardware Support
  9. 9. © 2013 NAIM Networks – All rights reserved. 12 / 34 Virtualized World: Cloud (1)I  Server Virtualization  Network Virtualization  Cloud with Virtualization Remarkable growth on server virtualization • Hypervisors: VMware ESXi, MS Hyper-V, Citrix XenServer, … • Hardware support: Intel VT/VT-x/EPT, AMD-V Supporting data center networks (large # of hosts & traffic) • VLAN, GRE tunneling, VxLAN, …
  10. 10. © 2013 NAIM Networks – All rights reserved. 13 / 34 Virtualized World: Cloud (2)I Physical server VM (tenant #1) VM (tenant #2) Network for tenant #1 Network for tenant #2 Virtualization http://www.microsoftvirtualacademy.com/ - WS-B327
  11. 11. © 2013 NAIM Networks – All rights reserved. 15 / 34 OpenStack Intro.  OpenStack is a collection of open source software projects used to setup and run cloud infrastructure (e.g., compute, storage, networking). II
  12. 12. © 2013 NAIM Networks – All rights reserved. 16 / 34 Evolution of OpenStack  Six Month Cycle Releases are timed to correspond with the developer summit meeting Currently no reliable upgrade paths between releases Expect large deltas between releases for the next year or so as new features and core functionalities are added. Release name Release date Included Component code names Austin 21 October 2010 Nova, Swift Bexar 3 February 2011 Nova, Glance, Swift Cactus 15 April 20 11 Nova, Glance, Swift Diablo 22 Septem ber 2011 Nova, Glance, Swift Essex 5 April 201 2 Nova, Glance, Swift, Horizon, Keyst one Folsom 27 Septem ber 2012 Nova, Glance, Swift, Horizon, Keyst one, Quantum, Cinder Grizzly 4 April 201 3 Nova, Glance, Swift, Horizon, Keyst one, Quantum, Cinder Havana 17 October 2013 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer Src.: http://en.wikipedia.org/wiki/OpenStack II Nova: Server virtualization mgmt. Quantum/Neutron : Network virtualization mgmt.
  13. 13. © 2013 NAIM Networks – All rights reserved. 17 / 34 Havana: ArchitectureII  Emphasizing the management of cloud Celiometer: metering Heat: orchestration
  14. 14. © 2013 NAIM Networks – All rights reserved. 18 / 34 OpenStack: NovaII  Overview The core of IaaS Management System in OpenStack Support large-scale deployment of compute instances Applied to NASA’s open source cloud project – Nebula Asynchronous eventually consistent communication REST-based API Hypervisor agnostic: support for Xen ,XenServer, Hyper-V, KVM, UML and ESX is coming Horizontally and massively scalable Hardware agnostic: standard hardware, RAID not required
  15. 15. © 2013 NAIM Networks – All rights reserved. 19 / 34 OpenStack: NeutronII  Quick Intro Quantum Neutron is an OpenStack project to provide “networking as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova)  Manages network virtualization just like compute (nova) manages server virtualization  Advocates multi-tenancy  Technology-agnostic
  16. 16. © 2013 NAIM Networks – All rights reserved. 21 / 34  OpenvSwitch plugin Network Virtualization with NeutronII Logical Network Architecture OpenStack Neutron-related Components (OpenvSwitch plugin example)
  17. 17. © 2013 NAIM Networks – All rights reserved. 22 / 34 Compute Node C2 Compute Node C3 Network NodeCompute Node C1Br-tun Br-int Br-tun Br-int Br-tun Br-int Br-tun Br-int A1 2 B1 1 B1 2 A2 1 A1 1 Local VLAN tags conv erted into GRE keys (a nd vice versa) DHCP L3 Br-ex  Physical Realization OVS Plugin – GRE Overlays Network Virtualization with NeutronII
  18. 18. © 2013 NAIM Networks – All rights reserved. 23 / 34 OpenStack with Virtualization  Realizing *-as-a-service with server & network virtualization using OpenStack components II Source: Den Wendlandt – Quantum Hacket & PTL Note: “Quantum””Neutron”. ”Quantum” is now longer used
  19. 19. © 2013 NAIM Networks – All rights reserved. 25 / 34 SDN Overview  Agility on Networks  Controllability of Entire Network Centralized network management III [1] Van Jacobson et al, “Networking Named Content”, CoNext 2009. [2] Thomas Michael Bohnert, “SDN in the Cloud”, invited talk @ CNSM 2013.
  20. 20. © 2013 NAIM Networks – All rights reserved. 26 / 34 SDN Roles in OpenStack  Centralized control of network using OpenStack III [1] Thomas Michael Bohnert, “SDN in the Cloud”, invited talk @ CNSM 2013.
  21. 21. © 2013 NAIM Networks – All rights reserved. 27 / 34 SDN Roles in OpenStack  Why OpenStack + SDN? Finally free applications from being aware of specific networking details (ports, IP addresses, etc.) Reducing network management complexities III Orchestration (OpenStack) Physical Machine Virtual Machines Servers on network infrastructure
  22. 22. © 2013 NAIM Networks – All rights reserved. 28 / 34  OpenStack test bed with SDN in NAIM Networks OpenStack SDN Roles in OpenStack Compute Node #1 OpenVSwitch (OVS) Compute Node #2 OpenVSwitch (OVS) SDN Controller [VM] NIC OS #1 [VM] NIC OS #2 [VM] NIC OS #3 [VM] NIC OS #1 [VM] NIC OS #2 [VM] NIC OS #3 Controller Node Network Node Neutron OpenFlow Enabled Switch III SDN plugin
  23. 23. © 2013 NAIM Networks – All rights reserved. 30 / 34 Overview  Current security appliances Cost: expensive Maximum bandwidth limits (Mostly) All the traffic is passed through the security appliances  Idea Distributed DPIs Managing & controlling distributed DPIs using SDN  Advantages Auto-scaling network resources Service chaining  Participants NAIM Networks (http://www.naimnetworks.com) • 서영석 팀장, 최영락 매니저, 이정복 매니저 OpenFlow Korea (http://www.openflow.or.kr) • 조충희, 임덕선 IV
  24. 24. © 2013 NAIM Networks – All rights reserved. 31 / 34 Architecture (1)  Logical Architecture IV Network Data Gather Network Data Compare Actual State to Desired State Analysis + Reasoning + Learning Controller Data Models Data Models Data ModelsVirtual Machines Cloud Environment OpenVSwitch+DPI VMs OVS +DPI VMs OVS +DPI
  25. 25. © 2013 NAIM Networks – All rights reserved. 32 / 34  Architectural Components Architecture (2) OpenFlow Enabled Switch (Physical Machine) OVS (Physical Machine) OVS SDN Controller Security Appliance [VM] OS #1 NIC [VM] OS #2 [VM] OS #3 Log Analyzer [VM] OS #1 [VM] OS #2 [VM] OS #3 syslog syslogDPI NIC NICNIC DPI NICNIC IV
  26. 26. © 2013 NAIM Networks – All rights reserved. 33 / 34 Case: Demo  Scenario Network with anomaly traffic OVSs monitors traffic and sends flow information to “Analyzer” DPIs in each physical machine monitors traffic Controllers control all of the OVSs and OpenFlow enabled switches  Let’s see a short movie (about 2-min)! (One-month duration for this prototype) IV
  27. 27. © 2013 NAIM Networks – All rights reserved. 34 / 34 Summary  Separated virtualization management: server virtualization & network virtualization  OpenStack was originally designed for server virtualization management, but it started to support network virtualization after the Folsom release (officially)  “OpenStack + SDN” supports better orchestration with centralized network management and abstraction from network details  We showed one security prototype that can be directly deployed to OpenStack+SDN environment !
  28. 28. www.NAIMNetworks.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×