Your SlideShare is downloading. ×
6th SDN Interest Group Seminar - Session6 (131210)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

6th SDN Interest Group Seminar - Session6 (131210)

126
views

Published on

지난 2013년 12월 10일 진행된 오픈플로우코리아와 Open Networking Foundation 이 공동으로 기획한 Open & Virtual Networking Conference 2013의 발표 자료입니다.

지난 2013년 12월 10일 진행된 오픈플로우코리아와 Open Networking Foundation 이 공동으로 기획한 Open & Virtual Networking Conference 2013의 발표 자료입니다.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
126
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2013 NAIM Networks – All rights reserved. 3 / 34 보안은 어떻게?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] [VM] [VM] [VM]
  • 2. © 2013 NAIM Networks – All rights reserved. 4 / 34 지금의 보안 구성I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  • 3. © 2013 NAIM Networks – All rights reserved. 5 / 34 문제가 없을까?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  • 4. © 2013 NAIM Networks – All rights reserved. 6 / 34 VM 보안 제품은 어려워요??I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 Security [VM] [VM] [VM] [VM] [VM]
  • 5. © 2013 NAIM Networks – All rights reserved. 7 / 34 개선 방향은 없나요??I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] NIC OS #1 NIC OS #2 NIC OS #3 [VM] [VM][VM] Security Security
  • 6. © 2013 NAIM Networks – All rights reserved. 8 / 34 SDN을 이용한 유연한 구현?I Software Switch Software Switch NIC OS #1 NIC OS #2 NIC OS #3 IP Fabric Compute Node #1 Compute Node #2 [VM] [VM] [VM] NIC OS #1 NIC OS #2 NIC OS #3 [VM] [VM][VM] Security Security SDN Controller App App App Security Appliance
  • 7. © 2013 NAIM Networks – All rights reserved. 1 2 3 4 Virtualized Environment in Cloud Cloud Management: OpenStack SDN Roles in Cloud Management Case: Security (SDN + DPI)
  • 8. © 2013 NAIM Networks – All rights reserved. 11 / 34 Virtualized WorldI  Virtualization The creation of something virtual (rather than actual) in the computer world Pros. Isolation Consolidation Testing Mobility Cons. Concentration Risk Cost Performance Penalty Hardware Support
  • 9. © 2013 NAIM Networks – All rights reserved. 12 / 34 Virtualized World: Cloud (1)I  Server Virtualization  Network Virtualization  Cloud with Virtualization Remarkable growth on server virtualization • Hypervisors: VMware ESXi, MS Hyper-V, Citrix XenServer, … • Hardware support: Intel VT/VT-x/EPT, AMD-V Supporting data center networks (large # of hosts & traffic) • VLAN, GRE tunneling, VxLAN, …
  • 10. © 2013 NAIM Networks – All rights reserved. 13 / 34 Virtualized World: Cloud (2)I Physical server VM (tenant #1) VM (tenant #2) Network for tenant #1 Network for tenant #2 Virtualization http://www.microsoftvirtualacademy.com/ - WS-B327
  • 11. © 2013 NAIM Networks – All rights reserved. 15 / 34 OpenStack Intro.  OpenStack is a collection of open source software projects used to setup and run cloud infrastructure (e.g., compute, storage, networking). II
  • 12. © 2013 NAIM Networks – All rights reserved. 16 / 34 Evolution of OpenStack  Six Month Cycle Releases are timed to correspond with the developer summit meeting Currently no reliable upgrade paths between releases Expect large deltas between releases for the next year or so as new features and core functionalities are added. Release name Release date Included Component code names Austin 21 October 2010 Nova, Swift Bexar 3 February 2011 Nova, Glance, Swift Cactus 15 April 20 11 Nova, Glance, Swift Diablo 22 Septem ber 2011 Nova, Glance, Swift Essex 5 April 201 2 Nova, Glance, Swift, Horizon, Keyst one Folsom 27 Septem ber 2012 Nova, Glance, Swift, Horizon, Keyst one, Quantum, Cinder Grizzly 4 April 201 3 Nova, Glance, Swift, Horizon, Keyst one, Quantum, Cinder Havana 17 October 2013 Nova, Glance, Swift, Horizon, Keystone, Neutron, Cinder, Heat, Ceilometer Src.: http://en.wikipedia.org/wiki/OpenStack II Nova: Server virtualization mgmt. Quantum/Neutron : Network virtualization mgmt.
  • 13. © 2013 NAIM Networks – All rights reserved. 17 / 34 Havana: ArchitectureII  Emphasizing the management of cloud Celiometer: metering Heat: orchestration
  • 14. © 2013 NAIM Networks – All rights reserved. 18 / 34 OpenStack: NovaII  Overview The core of IaaS Management System in OpenStack Support large-scale deployment of compute instances Applied to NASA’s open source cloud project – Nebula Asynchronous eventually consistent communication REST-based API Hypervisor agnostic: support for Xen ,XenServer, Hyper-V, KVM, UML and ESX is coming Horizontally and massively scalable Hardware agnostic: standard hardware, RAID not required
  • 15. © 2013 NAIM Networks – All rights reserved. 19 / 34 OpenStack: NeutronII  Quick Intro Quantum Neutron is an OpenStack project to provide “networking as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova)  Manages network virtualization just like compute (nova) manages server virtualization  Advocates multi-tenancy  Technology-agnostic
  • 16. © 2013 NAIM Networks – All rights reserved. 21 / 34  OpenvSwitch plugin Network Virtualization with NeutronII Logical Network Architecture OpenStack Neutron-related Components (OpenvSwitch plugin example)
  • 17. © 2013 NAIM Networks – All rights reserved. 22 / 34 Compute Node C2 Compute Node C3 Network NodeCompute Node C1Br-tun Br-int Br-tun Br-int Br-tun Br-int Br-tun Br-int A1 2 B1 1 B1 2 A2 1 A1 1 Local VLAN tags conv erted into GRE keys (a nd vice versa) DHCP L3 Br-ex  Physical Realization OVS Plugin – GRE Overlays Network Virtualization with NeutronII
  • 18. © 2013 NAIM Networks – All rights reserved. 23 / 34 OpenStack with Virtualization  Realizing *-as-a-service with server & network virtualization using OpenStack components II Source: Den Wendlandt – Quantum Hacket & PTL Note: “Quantum””Neutron”. ”Quantum” is now longer used
  • 19. © 2013 NAIM Networks – All rights reserved. 25 / 34 SDN Overview  Agility on Networks  Controllability of Entire Network Centralized network management III [1] Van Jacobson et al, “Networking Named Content”, CoNext 2009. [2] Thomas Michael Bohnert, “SDN in the Cloud”, invited talk @ CNSM 2013.
  • 20. © 2013 NAIM Networks – All rights reserved. 26 / 34 SDN Roles in OpenStack  Centralized control of network using OpenStack III [1] Thomas Michael Bohnert, “SDN in the Cloud”, invited talk @ CNSM 2013.
  • 21. © 2013 NAIM Networks – All rights reserved. 27 / 34 SDN Roles in OpenStack  Why OpenStack + SDN? Finally free applications from being aware of specific networking details (ports, IP addresses, etc.) Reducing network management complexities III Orchestration (OpenStack) Physical Machine Virtual Machines Servers on network infrastructure
  • 22. © 2013 NAIM Networks – All rights reserved. 28 / 34  OpenStack test bed with SDN in NAIM Networks OpenStack SDN Roles in OpenStack Compute Node #1 OpenVSwitch (OVS) Compute Node #2 OpenVSwitch (OVS) SDN Controller [VM] NIC OS #1 [VM] NIC OS #2 [VM] NIC OS #3 [VM] NIC OS #1 [VM] NIC OS #2 [VM] NIC OS #3 Controller Node Network Node Neutron OpenFlow Enabled Switch III SDN plugin
  • 23. © 2013 NAIM Networks – All rights reserved. 30 / 34 Overview  Current security appliances Cost: expensive Maximum bandwidth limits (Mostly) All the traffic is passed through the security appliances  Idea Distributed DPIs Managing & controlling distributed DPIs using SDN  Advantages Auto-scaling network resources Service chaining  Participants NAIM Networks (http://www.naimnetworks.com) • 서영석 팀장, 최영락 매니저, 이정복 매니저 OpenFlow Korea (http://www.openflow.or.kr) • 조충희, 임덕선 IV
  • 24. © 2013 NAIM Networks – All rights reserved. 31 / 34 Architecture (1)  Logical Architecture IV Network Data Gather Network Data Compare Actual State to Desired State Analysis + Reasoning + Learning Controller Data Models Data Models Data ModelsVirtual Machines Cloud Environment OpenVSwitch+DPI VMs OVS +DPI VMs OVS +DPI
  • 25. © 2013 NAIM Networks – All rights reserved. 32 / 34  Architectural Components Architecture (2) OpenFlow Enabled Switch (Physical Machine) OVS (Physical Machine) OVS SDN Controller Security Appliance [VM] OS #1 NIC [VM] OS #2 [VM] OS #3 Log Analyzer [VM] OS #1 [VM] OS #2 [VM] OS #3 syslog syslogDPI NIC NICNIC DPI NICNIC IV
  • 26. © 2013 NAIM Networks – All rights reserved. 33 / 34 Case: Demo  Scenario Network with anomaly traffic OVSs monitors traffic and sends flow information to “Analyzer” DPIs in each physical machine monitors traffic Controllers control all of the OVSs and OpenFlow enabled switches  Let’s see a short movie (about 2-min)! (One-month duration for this prototype) IV
  • 27. © 2013 NAIM Networks – All rights reserved. 34 / 34 Summary  Separated virtualization management: server virtualization & network virtualization  OpenStack was originally designed for server virtualization management, but it started to support network virtualization after the Folsom release (officially)  “OpenStack + SDN” supports better orchestration with centralized network management and abstraction from network details  We showed one security prototype that can be directly deployed to OpenStack+SDN environment !
  • 28. www.NAIMNetworks.com