1. SDN and Security
Some real-world experience
Jeff Young
Product Architecture, Global Platforms
2. Agenda
• Telstra Programmable Network
• How do I view the problem?
• Network vulnerabilities (Openflow, control plane, data plane)
• Application vulnerabilities
• Our Solution(s)
• Research and Presentations
3. 3
The Telstra Programmable Network
(7)
(3)
(1)
(5)
(4)
(2)
(3)
(1)
(1)
(1)
(1)
(1)
NFV Farm Internet Breakout VPN Interconnect
NFV Farm
Sydney, Hong Kong, Tokyo, Singapore, Los
Angeles, New Jersey, London
Internet
Sydney, Hong Kong, Tokyo, Singapore, Los
Angeles, Secaucus New Jersey, London
Telstra NextIP
Interconnect
Sydney, Melbourne
IPVPN/GWAN
Interconnect
Hong Kong, Singapore, New Jersey, London
External
exchanges
AWS (7), ECX (6), AxonVX (2), Epsilon (2), Westin
(1)
• Fortinet Fortigate NGFW
• Fortinet Fortiweb vAppliance
• Palo Alto VM-series
• Cisco vASA
• Cisco CSR1000v • Riverbed vSteelhead
• VeloCloud
• Juniper vSRX
• Cisco Primare vNAM
• FortiAnalyzer
35 Programmable Network
PoPs in 17 cities and 11
countries and territories
Directly connected to
Telstra’s network of more
than 2,000 points of
presence in 200 countries
Connect to leading public
cloud providers via various
DC Exchange providers
How do I view the problem?
4. Openflow Basics
4
Network Attributes
• Separation of control/data planes
• Controller is smart, switches are dumb
• switches act on simple match/act
• switches have limited fwd tables
• By use of a protocol, switches discovered
• OFDP ~ LLDP
• Controller has both north and southbound
• Network traffic CAN prompt controller to
• create forwarding rules
• create drop rules
• do something else?
Telstra PN
5. Openflow Basics
5
Possible Attacks
• Attack the controller/application (later)
• Controller is smart, switches are dumb
• overload the controller
• overload the switch tables
• By use of a protocol, switches discovered
• snoop/react to OFDP
• masquerade as a switch (send bad info)
• Controller has both north and southbound
• reveal controller patterns to identify
• specific attacks on controller type
• Network traffic CAN prompt controller to
• create malicious rules
Telstra PN
6. Openflow Basics
6
Possible Solutions
• Protect controller/application (later)
• Controller is smart, switches are dumb
• drop unknown traffic rather than fwd
• not always possible…
• By use of a protocol, switches discovered
• don’t use OFDP (or modify it)
• LLDP encryption, BFD, (see research)
• Controller has both north and southbound
• write your own controller :-)
• Network traffic CAN prompt controller to
Telstra PN
11. Application Security
11
Authentication
• carry token at every step
• both in the web UI
• and in the API
DOS
• be vigilant at the API interface
• ready/protected from DOS
Future
• P4
• product direction exposes _____
• who knows?
12. Research and Presentations:
12
A Security Enforcement Kernel for OpenFlow Networks
Phillip Porras†
Seungwon Shin‡
Vinod Yegneswaran†
Martin Fong†
Mabry Tyson†
Guofei Gu‡
http://www.cs.columbia.edu/~lierranli/coms6998-8SDNFall2013/papers/FortNox-
HotSDN2012.pdf
sOFTDP: Secure and Efficient Topology Discovery Protocol for SDN
Abdelhadi Azzouni1, Raouf Boutaba2, Nguyen Thi Mai Trang1, and Guy Pujolle1
https://arxiv.org/pdf/1705.04527.pdf
A Survey on the Security of Stateful SDN Data Planes
Tooska Dargahi, Alberto Caponi, Moreno Ambrosin, Giuseppe Bianchi, and Mauro Conti
http://ieeexplore.ieee.org/document/7890396/
Data Plane Programmability the next step in SDN
http://sites.ieee.org/netsoft/files/2017/07/Netsoft2017_Keynote_Bianchi.pdf