Veille technologique en TIC
Aspects stratégiques des réseaux
Eric Vyncke
evyncke@cisco.com
Derniè re mise à jour: 27 fé vr...
01/30/15 2
References & Misc
• Slides on http://mastertic.blogspot.com/
• Contacts
– Main job: Cisco Systems as Distinguis...
01/30/15 3
Agenda
• Introduction to network
• The acronym soup
• The impact of security
• The impact of IP telephony
• The...
Introduction to Network
01/30/15 5
Why a Section on Networks?
• TIC = Technologie de l’Information et
Communication
 pas de TIC sans ré seaux 
...
The Acronyms Soup
Or a small touch of technology
01/30/15 7
Importance de la standardisation
• peu de domaines ont autant besoin de standards
– la communication est un dom...
01/30/15 8
Gé né ralité s
• les communications sont un domaine complexe
et en é volution constante => besoin d’un
modè le:...
01/30/15 9
...AN Based on the Span
• A lot of acronym ending with ...AN
– Area Network
• Like
– LAN Local Area Network: se...
01/30/15 10
...AN Based on Usage
• A lot of acronym ending with ...AN
– Area Network
• Like
– SAN Storage Area Network:
• ...
01/30/15 11
Local Area Network: LAN
• LAN are usually a layer 2 technology
– Using a single media
• Most common Ethernet o...
01/30/15 12
Ethernet Topologies
How to connect more than 2
hosts?
• bus topology popular through mid 90s
– all nodes in sa...
01/30/15 13
Ethernet Hub
• Frames are repeated on all ports...
• 8 x 100 Mbps ports ~ 15 €
A

C
A B C D
A
C
A

C
A

C
01/30/15 14
Ethernet Switch
• Frames are repeated only on destination port
– Don’t disturb other machines
– While A sends ...
01/30/15 15
Virtual LAN: VLAN
A B C D
• Switched can be partitioned in virtual LAN
– VLAN#1: ports A & C
– VLAN#2: ports B...
01/30/15 16
Going Faster than Ethernet
• Ethernet is 1 Gbps (10 Gbps) 109
bit/s 1010
bit/s
– 1 CD-ROM 800 MB = 64 108
bits...
01/30/15 17
High Performance Computing
Low-latency,
High-message
rate market data
environments
Real-time
analytics
Increas...
01/30/15 18
Another LAN: Infiniband
• Point to point link
• Each link can be 2, 4 or 8 Gbps
• Links can be aggregated (app...
01/30/15 19
Wide Area Network Services
• WAN: transfer of data over 100’s of km
• Enterprises cannot build their own netwo...
01/30/15 20
WAN: As Layer 1 or 2 Services
• Layer 1: leased line = a pair of copper wire with
modem
• Like from your ADSL ...
01/30/15 21
3: couche ré seau
• permet le transfert de paquets via plusieurs couches
de liaison de donné es diffé rentes
–...
01/30/15 22
Network Layer: IP at Home
• IP is the network layer we all use 
• Our IP packets traverse multiple data links...
01/30/15 23
What is an IP address?
• In IPv4, an address is a 32 bit quantity that
uniquely identifies a network interface...
01/30/15 24
Basic Addressing
64.100.24.1
• IP addresses are
written in dotted
decimal format.
• Four sections are
separate...
01/30/15 25
IP Addressing at Home
Access Point ADSL Router
Your ISP
Internet =
All other ISP
I’m
192.168.100.
2
I’m
192.16...
01/30/15 26
IP Address Hierarchy
For Mr. Postman
• IP address is divided into two parts to achieve
efficient “packet proce...
01/30/15 27
Can we Automate Addressing?
• Defining static IP addresses on each host
– Does not scale
– Error prone (moving...
01/30/15 28
What is IPv6?
• The current IP is version 4
– Limited address space (32 bits), exhaustion in 2010
• The next I...
01/30/15 29
IPv4 Address Fractal Map Jan-2000
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 30
IPv4 Address Fractal Map Jan-2001
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 31
IPv4 Address Fractal Map Jan-2002
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 32
IPv4 Address Fractal Map Jan-2003
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 33
IPv4 Address Fractal Map Jan-2004
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 34
IPv4 Address Fractal Map Jan-2005
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 35
IPv4 Address Fractal Map Jan-2006
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 36
IPv4 Address Fractal Map Jan-2007
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 37
IPv4 Address Fractal Map Jan-2008
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 38
IPv4 Address Fractal Map Jan-2009
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 39
IPv4 Address Fractal Map - Today
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApca...
01/30/15 40
IPv4 Address Fractal Map Jan-2010
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 41
IPv4 Address Fractal Map Jan-2011
Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApc...
01/30/15 42
Wide Area Network
As a Layer 3 Service
• The prevalent solution
– Service offered by a Service Provider (SP)
–...
01/30/15 43
Wide Area Network
Layer 3 Service or In House Network?
SP Layer 3
Services
01/30/15 44
Layer 3 Service
Pros and Cons
• Pros
– Outsource the WAN to SP: no more CAPEX, reduce
OPEX
– Easier to deploy
...
01/30/15 45
What about Congestion?
• Congestion: too many packets arriving in atoo many packets arriving in a
router/switc...
01/30/15 46
Quality of Service: QoS
• QoS is a sense of quality for packet transfer
– Packet loss: due to congestion or fr...
01/30/15
Delay Variation—“Jitter”
t
t
Sender Transmits
B Receives
C B A
C B A
d1d2
D1 = d1D2 = d2
Jitter
01/30/15 48
How to Guarantee QoS?
• Classify & mark
– Each IP packet is marked with its priority
(precedence)
• The is a b...
01/30/15 49
Campus
Backbone
Multimedia
Training
Servers
Order Entry,Order Entry,
Finance,Finance,
ManufacturingManufacturi...
01/30/15 50
Service Level Agreement: SLA
• This is the contract between
– A customer
– A provider
• About
– Penalties (dis...
The Security Impact
01/30/15 52
100% Security
“
”
The only system which is truly secure is
one which is switched off and unplugged,
locked in ...
01/30/15 53
Risk Assessment in 2006
In the 2004 CSI/FBI survey (481 US
organizations):
Over 52% reported security breaches...
01/30/15 54
Insiders…
“
”
Over 75% of hacking is done by insiders
and it’s easy to see why. The person on
the inside is on...
01/30/15 55
Regulations and Compliance...
• EU directives on data protection & privacy
– Identity Theft legislation, Perso...
01/30/15 56
Facts about PCI DSS
• Published January 2005
– v1.1 released Sept 7, 2006
– All new audits must use
v.1.1
• Im...
01/30/15 57
The Principles of Security: C I A
I
C
A
Confidentiality
- Ability to ensure secrecy
Availability
-Of service
-...
01/30/15
Attack against Confidentiality
telnet foo.bar.org
username: dan
password:
m-y-p-a-s-s-w-o-r-d d-a-n
01/30/15
Attack on Integrity
BankCustomer
Deposit $1000
in Bob’s Account
Deposit $900 in
Mallet’s Account
and $100 in
Bob’...
01/30/15 60
Attacks of Integrity: Web Defacing
01/30/15
Denial of Service (DoS)
Prevents authorised people
from using a service
01/30/15 62
Handling Risk…
• Transfer: to an insurance company
• Reduce: implement countermeasure(s)
– Also called control...
01/30/15 63
Controls
• Administrative controls
– Policies, standards, procedures
– Screening personnel, education
• Techni...
01/30/15 64
Technical Control:
Access Control
• SubjectSubject
– Active entity
– Request access
– E.g.: users, program, pr...
01/30/15 65
Access Control
Id, Authen, Author, Account
• Consecutive steps for access control
1. Identification: who are y...
01/30/15 66
Technical Control:
Cryptography
• The science of hiding a message
Plaintext:
Hello
Plaintext:
Hello
Encryption...
01/30/15 67
Some Words on Cryptography
• Encryption/decryption
– mathematical functions with 2 parameters
• Message (plain...
01/30/15 68
Technical Controls
More Words on Crypto
• Symmetric cryptosystems
– Current minimum key size: 128 bits
– Examp...
01/30/15 69
Crypto on Networks
• IPsec
– Used to encrypt all IP packets between two
routers/hosts
– Virtual Private Networ...
01/30/15 70
Technical Controls
Perimeter Security and Firewalls
• Security often relies on segregation of security
domains...
01/30/15 71
Technical Controls
Security Perimeter
Trusted Zone
Untrusted Zone
firewall
01/30/15
Technical Controls
Usual Firewall Locations
Internet
intranet Partner XPartner Y
HR Network Source: Cisco Systems
01/30/15 73
Technical Controls: Firewalls
Deep Packet Inspection
• More and more protocols run over HTTP
– SOAP (= XML ove...
Impact of Voice
01/30/15 75
Why Voice over IP?
• Before voice had a separated network
• If voice is over IP then
– Single network to opera...
01/30/15 76
Voice Payload
Voice PayloadRTP
Voice PayloadRTPUDP
Voice PayloadRTPUDPIP
1. Transform usual voice (analog) in ...
01/30/15 77
Analog Audio Source
= 0101
G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is th...
01/30/15 78
IP Telephony vs. Voice over IP
• IP telephony is a super-set of services over IP
– Pure Voice over IP transpor...
01/30/15 79
Network Requirements for Voice
• Power over the Ethernet
– No need for power cord for the phone
• Quality of s...
01/30/15 80
The Skype Service
• P2P based VoIP software
• Founded by the founders of
Kazaa
• Can be downloaded free at:
– ...
01/30/15 81
Skype Architecture
Hierarchical P2P
architecture but
involves a central
Skype authority for
registration and
c...
01/30/15 82
Should You Use Skype?
• If you can answer yes to four questions:
– Are you willing to circumvent the perimeter...
Impact of Virtualization
01/30/15 84
What is Virtualization
• Separation of location and services
– Services can run anywhere
– Users cannot see th...
01/30/15 85
“[Virtualization is] a technique for hiding the physical characteristics
of computing resources from the way i...
01/30/15 86
Why Virtualization
• Flexibility
– Can add a new server/service in less than 1 second
– Can move a service to ...
01/30/15 87
“By 2008, 50% of Today’s Data Centers Will Have Insufficient Power
and Cooling Capacity to Meet the Demands of...
01/30/15 88
Data Center Virtualization
• Enables consolidation or sharing of
physical assets to increase utilization
 Red...
01/30/15 89
 Consolidation of physical SANs
 Improved storage utilization
 Greater flexibility
Storage Virtualization
...
01/30/15 90
Network Virtualization
• The basis of other virtualization
– Virtual LAN: sharing an Ethernet switch for sever...
01/30/15 91
Storage Virtualization
• Network Attached Storage
– Attaching a hard-disk to ONE computer via
USB/Network
– NO...
01/30/15 92
Why SAN?
• Virtualization allows
– Sharing disk
– Adding storage easily without disruption
– Single place for ...
01/30/15 93
Storage Volume Virtualization
• Adding more storage requires administrative
changes
• Administrative overhead,...
01/30/15 94
SAN
Fabric
Storage Volume Virtualization
• A SCSI operation from the host is mapped in
one or more SCSI operat...
01/30/15 95
Server Virtualization
• Multiple Computers inside a Computer
– Guest OS can be different than host OS
– Guest ...
01/30/15
VMware Virtualization Layer
Virtual Server Migration
• VMotion, aka VM Migration
allows a VM to be reallocated on...
How to Deploy a Network?
Or the right questions to be asked?
01/30/15 98
Basic Networking
• IPv6 Readiness
• Addressing (mainly technical)
– Use of DHCP?
– Important for mobile user
•...
01/30/15 99
Levels of Security
• Does the security policy include network?
• Risk management: assets, confidentiality
requ...
01/30/15 100
QoS
• Do you need QoS in your network?
– Probably for IP telephony
• What are my critical application?
– ERP?...
01/30/15 101
High Availability
• Availability is usually important
• Redundancy
– Hot or cold standby?
– Redundant links?
...
01/30/15 102
Open Standards
• Pros
– Competition means lower price
– Can switch vendors easily
• Cons
– Having multiple ve...
01/30/15 103
Future Proof...
• Find the balance between
– Proven technologies: but obsolete in a few years
• Think IPv4 vs...
01/30/15 104
Operation Cost
• Cheap to buy cheap to run≠
01/30/15 105
Outsourcing Network
• Pros
– Reduces CAPEX
– Improves balance sheet
• Cons
– Your business relies on another ...
01/30/15 106
Outsourcing Web Portal
• Pros
– Learning curve pretty small
– Cheaper (CAPEX & OPEX)
– More secure (no link t...
01/30/15 107
Green Impact
• A tornado since early 2008
• Sometime a simple excuse to reduce cost
• Power consumption
– Fas...
01/30/15 108
End
THE
END
Upcoming SlideShare
Loading in …5
×

Aspects Strategiques Des Réseaux 2008 2009

986 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
986
On SlideShare
0
From Embeds
0
Number of Embeds
55
Actions
Shares
0
Downloads
39
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • <number>
  • <number>
    Transcript:
    Okay, so that's sort of our vision of how to put solutions together, how far have we gotten, we've got solutions defined as verticals and horizontals. So there's actually seven different verticals that we have defined and we're working on more. Let me pick a couple of examples here. Let's say in the EDA space, so when we say we have a solution, one of the things we have is a customer facing deck. So it's easy for you folks to go, our EDA deck for example has all the scripts, but we also have people that have implemented this or put the deck together. So it's very targeted to the customer set. And if you look at the benefits, actually across all the markets, shorten time to tape-out, improve yield, reduce time to market for new products in the manufacturing space. One of the really exciting things about high-performance computing is the benefits are directly tied to a customer's revenue. It's not often that we can go and tell a customer, Customer we have a solution if you implement this, you can improve your top line. This is a very fundamental powerful solution, a message that Cisco can bring when you sort of couple it together with the integrated solution, we believe this is extremely valuable. Sorry, I lost my train of thought there, but one of the things -- I used to work at Goldman Sachs for many years. One of the things that's very valuable for an IT individual who gets this kind of message is to go to the business and say I've got this message. So your IT contacts are going to love the fact that you're bringing them this kind of a message. So when you think about the customers in your space, please think about who fits into one of these buckets. And even I would argue -- even if they don't buy a lick of this stuff. The fact that you can go in and show that you understand this space, show that you understand the business problem that they have. And the fact that you have a solution that ties into their top line is a powerful message that you can leverage for any of your products. And as you can see here in each of these spaces, we've called out specific customers that have implemented this.
  • <number>
  • <number>
  • <number>
    If not, the information regarding which host is where is going to increase dramatically.
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
  • <number>
    The Payment Card Industry is a consortium of multiple credit card companies.
    In essence, PCI is different than legal regulatory compliance because it was created by the card brands, not legislature. This makes the standard much easier to read and understand (it’s 12 pages in total), and is more detailed than the government standards.
    Important is that it applies to more than just processing credit cards. It also applies to 3rd party hosting companies, information storage companies, etc.
    PCI is NOT specific to retail only – it’s applicable to ANY industry that touches credit cards – i.e.. Most of them!
    This is not US specific, it is global. However, the fines and enforcement have not reached outside the US – yet.
    Each card brand – VISA, MC, Discover, etc have their own security programs. This includes the PCI standard, but has the process of reporting security breach, assessment questions, programmatic information, etc. They all are built upon the PCI standard though.
    To date: less than 25% Level 1 merchants are compliant. The other 75% have submitted their initial Report on Compliance.
  • Unauthorized access to data
    Confidentiality
    Password theft
  • Data corruption
    Data is tampered in transit
    Data is altered to change the eventual outcome
  • <number>
  • Preventing authorized people from using a service
    Using up all of the resources
    SYN attacks
    Finger attacks
    Mailbombing
    Killing the service
    Ping o’ death
    udp attacks
  • <number>
    l
  • <number>
  • <number>
  • <number>
  • <number>
    However, although IT has been an enabler that has driven significant increases in productivity, the data center, where IT systems and data are housed, may now be an inhibitor to business growth. Several factors are now coming into play that limit, and in some cases prevent, IT’s ability to meet business objectives. What can be seen is that there are a mixture of factors that singly, or in combination can significantly limit business top- and bottom-line growth.
    DAYS TO DEPLOY APPLICATIONS
    Delays in deploying new applications reduce productivity and can reduce the window of opportunity for competitive advantage. In many cases this is due to limitations with:
    Space
    power and cooling or
    limitations with acquiring or deploying storage and server assets.
    SERVER / STORAGE UTILIZATION
    Server and storage assets are often aligned with applications or business units that often leads to duplicated, siloed resources that are significantly underutilized and cannot be easily shared.
    It should be noted that assets that are underutilized need the same power as those that have higher utilization.
    This has a direct affect on a business’ ability to respond to changing business conditions to achieve top-line growth, and also affects the bottom-line as under-utilized assets consume space, power and cooling that could be used for new applications.
    ANNUAL STORAGE GROWTH
    Storage is growing at anywhere between 40% and 400%, often driven by new regulatory mandates such as Sarbanes-Oxley, Gramm-Leach-Bliley, which demand longer and more stringent data retention. This places greater stress on the data center environment, especially if storage infrastructure is siloed and under-utilized as spare capacity cannot be easily shared…
    DC POWER & COOLING COSTS
    Modern data center technologies such as multicore CPU servers and blade servers require more power and generate more heat, and moving to new technologies can significantly impact data center power and cooling budgets. Additionally, Under-utilized assets – servers and storage –require power and cooling at 100%. As more and more infrastructure is added, it is little wonder that power and cooling is now becoming a significant portion of IT budgets. This is also starting to impact DC operational budgets that are now an increasing part of the overall IT budget (>30%) and rising.
    Branch office
    Although branch offices are not data center, branch offices typically have mini-IT infrastructure – typically 6 servers – to deliver application services and consequently share many common challenges with the data center: long deployment cycles, under-utilized assets, data management and security & compliance challenges, and inconsistent back-up and restore.
    The problems posed by these demands has been largely driven by ad-hoc acquisition of applications and systems in reaction to prevailing market conditions that has lead to an Accidental Architecture of IT systems and organizational alignments. This plus developments in newer, data center technologies, such as high performance servers with multi-core technologies, are now driving data center obsolescence as they simply cannot accommodate modern data center technologies, nor modern application trends…
  • <number>
  • <number>
    Transcript:
    So at the end of the day, this presentation, we'll focus on network virtualization from a data center front-end standpoint on the server virtualization itself and on the storage virtualization of the backend. So to give you a broad perspective. So just pull your seatbelts, and let's go to the journey.
  • <number>
    Transcript:
    Another key concept when dealing with designs for VMware is migration. So everybody knows about VMotion. So this is a key concept because it has certain implications when you're planning for the network. So first of all, what does VMotion do? It allows you to move a VM, virtual machine, from an ESX host to another ESX host while the client is still performing transaction to the VM and so the client doesn't notice any disruption. There are different advantages of having this technology in place. You can take a server into maintenance mode so that you can change hardware, fix things. And prior to doing that, you want the VM to automatically go to another host so that users will still be able to perform transactions and eventually you can do whatever you need to do on the host. So that's one use of it. The other use has to do with the fact that you can create a pool of machines and then you can run a VM on the most appropriate machine. So if you specify the resource requirements of a given VM, then when you launch the VM, you can make sure it's going to be started on the most appropriate hardware based on how much CPU is being utilized, how much memory is available. And then it's all done for you by technology which is called DRS, the Dynamic Resource Scheduler. On top of that, you can move that VM over time to the machine that has the best resources available. So that can change over time and you don't want the users to see that the machine is moving and so that happens behind the curtains. So that is migration. Now there are two different key types of migrations and this is something to keep in mind because it has significant implications on which kind of network you're planning for. So there's the regular migration which is the migration of a powered-off VM which is you basically say, I want to associate a VM with a given ESX host. And that VM is going to be started off of a different ESX host. Then there is the other concept of VM which requires its own license which is the VMotion migration which is the migration of a VM that is powered on while the user is performing interactions with this VM. So the aspect that poses most quote, unquote, challenges for us is the VMotion migration because basically, you have to guarantee that during the migration, there's no interruption of service to the VM that is moving.
    Author’s Original Notes:
    Explain the requirements, similar CPUs, etc…
  • Aspects Strategiques Des Réseaux 2008 2009

    1. 1. Veille technologique en TIC Aspects stratégiques des réseaux Eric Vyncke evyncke@cisco.com Derniè re mise à jour: 27 fé vrier 2009
    2. 2. 01/30/15 2 References & Misc • Slides on http://mastertic.blogspot.com/ • Contacts – Main job: Cisco Systems as Distinguished Engineer – Email: evyncke@cisco.com – Mobile: +32 475 312458
    3. 3. 01/30/15 3 Agenda • Introduction to network • The acronym soup • The impact of security • The impact of IP telephony • The impact of Virtualization • Wrap-up: The Questions to be asked
    4. 4. Introduction to Network
    5. 5. 01/30/15 5 Why a Section on Networks? • TIC = Technologie de l’Information et Communication  pas de TIC sans ré seaux  – Connaî tre les technos ré seaux = faire des bons choix  les ré seaux ont impacté le business depuis la fin de 90’s
    6. 6. The Acronyms Soup Or a small touch of technology
    7. 7. 01/30/15 7 Importance de la standardisation • peu de domaines ont autant besoin de standards – la communication est un domaine complexe: besoin de spé cifications pré cises – communication entre diverses machines – communication entre divers constructeurs informatiques • plusieurs types de standards: – standards proprié taires: parfois non public, ré servé à un constructeur: SNA d’IBM, NetWare de Novell, DECnet de Digital, Transdata de Siemens Nixdorf, ... • Presque disparus mais encore actifs dans les domaines ‘pre- standard’ • Voix sur IP: SCCP de Cisco, wireless security, … – standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ... – standards ouverts de facto: TCP/IP, Ethernet, ...
    8. 8. 01/30/15 8 Gé né ralité s • les communications sont un domaine complexe et en é volution constante => besoin d’un modè le: – é tablir des spé cifications et les tests – comparer des solutions – é tablir des thé ories • le modè le sera en plusieurs couches simples à vocation pré cise afin de faciliter la compré hension et l’implé mentation
    9. 9. 01/30/15 9 ...AN Based on the Span • A lot of acronym ending with ...AN – Area Network • Like – LAN Local Area Network: several 100’s of meters – MAN Metropolitan Area Network: a city, 10’s of km – WAN Wide Area Network: the whole Earth – PAN Personal Area Network: one meter or so – RAN Radio Area Network: from a single antenna
    10. 10. 01/30/15 10 ...AN Based on Usage • A lot of acronym ending with ...AN – Area Network • Like – SAN Storage Area Network: • linking servers and hard-disks so that server do not know that disk are not attached
    11. 11. 01/30/15 11 Local Area Network: LAN • LAN are usually a layer 2 technology – Using a single media • Most common Ethernet over twisted pair – 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ... – Standard IEEE 802.3 • Before over a coax cable now over twisted pair and hub/switch • Unique Ethernet address on each Network Interface Card (NIC) – 24 bits unique per vendor: 00-02-8A (Cisco) – 24 bits assigned by vendor: 09-07-CF   48-bits unique global address: 00-02-8A-09-07-CF
    12. 12. 01/30/15 12 Ethernet Topologies How to connect more than 2 hosts? • bus topology popular through mid 90s – all nodes in same collision domain (can collide with each other) • today: star topology prevails – active switch in center – each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other) switch bus: coaxial cable star
    13. 13. 01/30/15 13 Ethernet Hub • Frames are repeated on all ports... • 8 x 100 Mbps ports ~ 15 € A  C A B C D A C A  C A  C
    14. 14. 01/30/15 14 Ethernet Switch • Frames are repeated only on destination port – Don’t disturb other machines – While A sends to C, B can simultaneously send to D • 5 x 100 Mbps ports ~ 20 € • High density (8 x 48 ports) => up to 100 € /port A  C A B C D A  C Enterprises always use switches Enterprises always use switches
    15. 15. 01/30/15 15 Virtual LAN: VLAN A B C D • Switched can be partitioned in virtual LAN – VLAN#1: ports A & C – VLAN#2: ports B & D • Use to separate traffic for security, ...
    16. 16. 01/30/15 16 Going Faster than Ethernet • Ethernet is 1 Gbps (10 Gbps) 109 bit/s 1010 bit/s – 1 CD-ROM 800 MB = 64 108 bits – 1 DVD 4.7 GB = 40 109 bits – Ethernet 1 Gbps transfer • CD-ROM = 6 seconds • DVD = 40 seconds • A very fast hard disk is 800 MB/s write = 6.4 Gbps • Too slow for High Performance Computing – Needs faster 
    17. 17. 01/30/15 17 High Performance Computing Low-latency, High-message rate market data environments Real-time analytics Increase accuracy of Reservoir Modeling and Seismic Analysis Deliver large datasets optimally Reduce time to market for new products Better Safety & Product Design through Simulation Expand Research Capabilities Complex Research Problems Greater Industry Outreach Accelerate time to market Molecular Modeling and Protein folding experiments for drug discovery Financial Services Oil & Gas Manufacturing Biotech Academic Research JPMC – 2000+ Servers in Global Deployment Citi – Fixed Income Trading Statoil – Multiple Clusters ONGC ENI Occidental Honda Ferrari – F1 RedBull Racing Airbus Boeing NCSA @ UIUC Stanford Univ MIT Harvard Univ UNC Chapel Hill DE Shaw R&D Cedar Sinai Stanford BioX Scripps Institute Shorten Time for Tape-Out Improve Yield EDA Intel Motorola TSMC Altis Semiconductor
    18. 18. 01/30/15 18 Another LAN: Infiniband • Point to point link • Each link can be 2, 4 or 8 Gbps • Links can be aggregated (appearing as one) – 4x => 8, 16 or 32 Gbps – 12x => 24, 48 or 96 Gbps
    19. 19. 01/30/15 19 Wide Area Network Services • WAN: transfer of data over 100’s of km • Enterprises cannot build their own network – Too expensive • Service is offered by SP (service provider) – Nation wide: Belgacom, Voo, Mobistar, Telenet – Worldwide: British Telecom, Colt, Verizon, ... • Layer 1: transmit elementary bit • Layer 2 (= Data-Link): transmit a frame (like a packet)
    20. 20. 01/30/15 20 WAN: As Layer 1 or 2 Services • Layer 1: leased line = a pair of copper wire with modem • Like from your ADSL router to Skynet/Belgacom • Layer 1: optical fiber • Dark fiberDark fiber (you need to add laser transmitter): just for you, €€€ • Shared fiber (each customer uses a different color for laser): cheaper • Layer 2: point to point link (or star network) where SP handles the layer 1 (modulation) and repeats frame (layer 2) • Used to be the prevalent solution: X.25, Frame Relay • But now reserved for MAN with Ethernet Do we care? Decision based on price for bandwidth Sharing issue? May means less bandwidth
    21. 21. 01/30/15 21 3: couche ré seau • permet le transfert de paquets via plusieurs couches de liaison de donné es diffé rentes – Permet de passer de WiFi à ADSL à Internet à Ethernet – Notion de route à suivre – Notion d’adresse ré seau unique au niveau mondial • Exemple: IP (Internet Protocol utilisé sur Internet) A b Zf e
    22. 22. 01/30/15 22 Network Layer: IP at Home • IP is the network layer we all use  • Our IP packets traverse multiple data links and media Access Point ADSL Router Your ISP Internet = All other ISP1st data link: wifi 2nd data link: Ethernet 3rd data link: ADSL or Cable Nth data link: Ethernet or ...
    23. 23. 01/30/15 23 What is an IP address? • In IPv4, an address is a 32 bit quantity that uniquely identifies a network interface. • In IPv4 there are 232 = 4,294,967,296 unique addresses possible
    24. 24. 01/30/15 24 Basic Addressing 64.100.24.1 • IP addresses are written in dotted decimal format. • Four sections are separated by dots. • Each section contains a number between 0 and 255. Dots separate the sections Each section contains a number between 0 and 255
    25. 25. 01/30/15 25 IP Addressing at Home Access Point ADSL Router Your ISP Internet = All other ISP I’m 192.168.100. 2 I’m 192.168.100.1 And 192.168.1.2 I’m 192.168.1.1 And 80.123.34.89 • If a node has multiple network interfaces, it typically has multiple IP addresses Network Printer I’m 192.168.1. 3
    26. 26. 01/30/15 26 IP Address Hierarchy For Mr. Postman • IP address is divided into two parts to achieve efficient “packet processing” 1. Network-id: Represents the physical network commonly called a “prefix” (often first 24 bits) 2. Host-id: Represents a computer on the network (often last 8 bits) Tasman Dr. 250 Tasman Dr. 260 Tasman Dr. MainSt. 100 Main St. 101 Main St.
    27. 27. 01/30/15 27 Can we Automate Addressing? • Defining static IP addresses on each host – Does not scale – Error prone (moving a PC to another network), ... • Dynamic Host Configuration Protocol (DHCP) – DHCP server (Windows or a router) is configured with the list of IP addresses for a network – When a host boots, it ask the DHCP for an IP address (and other information like routing, DNS, ...) Most enterprises use DHCP except for servers keeping the log to see who is using which address Most enterprises use DHCP except for servers keeping the log to see who is using which address
    28. 28. 01/30/15 28 What is IPv6? • The current IP is version 4 – Limited address space (32 bits), exhaustion in 2010 • The next IP is version 6 – Addresses are 128-bits wide – No more exhaustion – Else nothing has changed – Already in Windows Vista or Mac OS/X or Linux • Windows XP: ‘ipv6 install’ IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6 IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6
    29. 29. 01/30/15 29 IPv4 Address Fractal Map Jan-2000 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 Reserved 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 Reserved 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 Reserved 218 Reserved 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    30. 30. 01/30/15 30 IPv4 Address Fractal Map Jan-2001 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 236 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    31. 31. 01/30/15 31 IPv4 Address Fractal Map Jan-2002 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 Reserved 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    32. 32. 01/30/15 32 IPv4 Address Fractal Map Jan-2003 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    33. 33. 01/30/15 33 IPv4 Address Fractal Map Jan-2004 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    34. 34. 01/30/15 34 IPv4 Address Fractal Map Jan-2005 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 RIPE 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 RIPE 093 Reserved 094 Reserved 075 Reserved 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    35. 35. 01/30/15 35 IPv4 Address Fractal Map Jan-2006 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    36. 36. 01/30/15 36 IPv4 Address Fractal Map Jan-2007 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 Reserved 118 Reserved 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 Reserved 119 Reserved 120 Reserved 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    37. 37. 01/30/15 37 IPv4 Address Fractal Map Jan-2008 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 Reserved 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
    38. 38. 01/30/15 38 IPv4 Address Fractal Map Jan-2009 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
    39. 39. 01/30/15 39 IPv4 Address Fractal Map - Today Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
    40. 40. 01/30/15 40 IPv4 Address Fractal Map Jan-2010 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
    41. 41. 01/30/15 41 IPv4 Address Fractal Map Jan-2011 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Next 050 Next 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Next 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Next 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Next 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Next 033 US DoD 032 AT&T 031 Next 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Next 036 Next 027 Next 024 Cable 023 Next 020 CsC 127 Loopback 042 Next 041 AFRNic 038 PSI 037 Next 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Next 182 Next 185 Next 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Next 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
    42. 42. 01/30/15 42 Wide Area Network As a Layer 3 Service • The prevalent solution – Service offered by a Service Provider (SP) – Transfer IP packets from your site to another site • Customers does not care about routing – Looks like the Internet but more € but with quality defined (see later) – Typical technology: MPLS (also called IP service) SP Layer 3 Services SP manages Layer 1: cable Layer 2: Ethernet or ... Layer 3: addressing and routing Easier for enterprise Fixed budget... ... But you loose control
    43. 43. 01/30/15 43 Wide Area Network Layer 3 Service or In House Network? SP Layer 3 Services
    44. 44. 01/30/15 44 Layer 3 Service Pros and Cons • Pros – Outsource the WAN to SP: no more CAPEX, reduce OPEX – Easier to deploy – Easier international WAN • Specially in weird countries • Cons – Lost of network ownership • Could be impossible for some business – Need to check quality of delivered service (SLA see later) • NB: the cost is not a deal breaker usually
    45. 45. 01/30/15 45 What about Congestion? • Congestion: too many packets arriving in atoo many packets arriving in a router/switchrouter/switch – Specially when input throughput > output throughput – Routers/switches will store the peak in memory • Issue: packets wait in queue, longer delay – Memory exhausted?  dropping packets • Issue: packets are lost forever (hence the need of TCP for retransmission) ADSL Router 100 Mbps = 100.000 pps 1 Mbps = 1.000 pps
    46. 46. 01/30/15 46 Quality of Service: QoS • QoS is a sense of quality for packet transfer – Packet loss: due to congestion or frame corruption (rare) – Latency (or delay): the time to transfer data from source to destination – Jitter: variation of the delay (see next slide)
    47. 47. 01/30/15 Delay Variation—“Jitter” t t Sender Transmits B Receives C B A C B A d1d2 D1 = d1D2 = d2 Jitter
    48. 48. 01/30/15 48 How to Guarantee QoS? • Classify & mark – Each IP packet is marked with its priority (precedence) • The is a byte reserved for it in IP packet • By the host • By a network device based on TCP/UDP ports • Enforce – Make different queues: routine, normal, priority, ... – In case of congestion • Drop packets from routine queue • Always process priority packets first – Think about fire trucks in traffic jam
    49. 49. 01/30/15 49 Campus Backbone Multimedia Training Servers Order Entry,Order Entry, Finance,Finance, ManufacturingManufacturing Finance Manager Remote Campus QoS in Action Classification Classification Enforcement
    50. 50. 01/30/15 50 Service Level Agreement: SLA • This is the contract between – A customer – A provider • About – Penalties (discount) when SLA not met – Quality of service: • Data traffic: packet loss, latency, jitter • Availability: – 99,999% availability is 5 minutes down per year – Maintenance window (scheduled network down) don’t count • Change request: time to establish a new circuit Never forget to put SLA in any service Never forget to put SLA in any service
    51. 51. The Security Impact
    52. 52. 01/30/15 52 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it…. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
    53. 53. 01/30/15 53 Risk Assessment in 2006 In the 2004 CSI/FBI survey (481 US organizations): Over 52% reported security breaches. Reported security incidents totaled losses over $52 million.  in decrease  Highest source of loss was virus – over $15 million alone followed by unauthorized use $10 million. Of the top causes of loss, insider misuse of resources was in top 3. -Source: CSI/FBI 2006 Computer Crime & Security Survey
    54. 54. 01/30/15 54 Insiders… “ ” Over 75% of hacking is done by insiders and it’s easy to see why. The person on the inside is on the right side of the firewall—they know the computer systems and they have access to the passwords Neil Barrett, Bull Information Systems, ‘Computer Crime Fighter’—Personal Computer World, Feb 1999
    55. 55. 01/30/15 55 Regulations and Compliance... • EU directives on data protection & privacy – Identity Theft legislation, Personal Data Protection (Directive 95/46/EC on the protection of personal data) • Sarbanes Oaxley – Mainly for US companies (listed on Wall Street) – But also for their WW partners • Section 302 requires CEO and CFO to make quarterly and annual certifications regarding company’s internal control over financial reporting. • Section 404 requires management assessment and audit report regarding management’s assessment. • Basel II • Payment Card Industry Data Security Standard: PCI DSS • Even ISO 27001 (or BS 7799)
    56. 56. 01/30/15 56 Facts about PCI DSS • Published January 2005 – v1.1 released Sept 7, 2006 – All new audits must use v.1.1 • Impacts ALL who – Process – Transmit – Store: cardholder data • Developed by MasterCard and Visa, endorsed by other brands • Global reach – Account Information Security (AIS) regulation outside of US Payment Card Industry Data Security Standard January 2005
    57. 57. 01/30/15 57 The Principles of Security: C I A I C A Confidentiality - Ability to ensure secrecy Availability -Of service -Of data Integrity - Ability to ensure asset/data in not modified security
    58. 58. 01/30/15 Attack against Confidentiality telnet foo.bar.org username: dan password: m-y-p-a-s-s-w-o-r-d d-a-n
    59. 59. 01/30/15 Attack on Integrity BankCustomer Deposit $1000 in Bob’s Account Deposit $900 in Mallet’s Account and $100 in Bob’s Account
    60. 60. 01/30/15 60 Attacks of Integrity: Web Defacing
    61. 61. 01/30/15 Denial of Service (DoS) Prevents authorised people from using a service
    62. 62. 01/30/15 62 Handling Risk… • Transfer: to an insurance company • Reduce: implement countermeasure(s) – Also called controls • Rejecting/Ignoring: foolish… • Accepting: when cost of CM does not make sense
    63. 63. 01/30/15 63 Controls • Administrative controls – Policies, standards, procedures – Screening personnel, education • Technical controls – Access control, encryption, security devices • Physical controls – Facility protection, security guards, locks, monitoring, intrusion detection • All the above to protect company assetsAll the above to protect company assets
    64. 64. 01/30/15 64 Technical Control: Access Control • SubjectSubject – Active entity – Request access – E.g.: users, program, process, … • Object:Object: – Passive entity – Contain information or other objects – E.g.: computer, disk, file, … • Access:Access: – Flow of information between subject and object • Access Control:Access Control: – Mechanisms to control the access
    65. 65. 01/30/15 65 Access Control Id, Authen, Author, Account • Consecutive steps for access control 1. Identification: who are you ? 2. Authentication: prove it ! 3. Authorization: what can you do ? 4. Accounting/Auditing: what have you done ? (after the object access) • Sometimes called AAAAAA for Authentication, Authorization and Accounting
    66. 66. 01/30/15 66 Technical Control: Cryptography • The science of hiding a message Plaintext: Hello Plaintext: Hello Encryption Decryption Ciphertext: %z$*@ Encryption keys
    67. 67. 01/30/15 67 Some Words on Cryptography • Encryption/decryption – mathematical functions with 2 parameters • Message (plain text or cipher text) • Key – Strength: linked to function and size of key – Two classes of crypto systems • Symmetric crypto systems: encryption key = decryption key • Asymmetric crypto systems: encryption key decryption≠ key
    68. 68. 01/30/15 68 Technical Controls More Words on Crypto • Symmetric cryptosystems – Current minimum key size: 128 bits – Examples: AES (from Belgium), RC4 – Very fast: 1 Gbps – Issue: how can we safely share a key? • Asymmetric cryptosystems – Current minimum key size: 2048 bits – Examples: RSA – Very slow: 100 kbps – No shared key, easy to deploy – Mainly used for signatures (non reputable proof of origin) or for authentication (who you are)
    69. 69. 01/30/15 69 Crypto on Networks • IPsec – Used to encrypt all IP packets between two routers/hosts – Virtual Private Network (VPN) • Linking remote branches over the public Internet • Linking a remote user over the public Internet • Secure Session Layer (SSL) – Used to encrypt a single TCP (like HTTP) connection • https://  allows for e-commerce • Also used for remote user over the public Internet Cryptography alone is NEVER ENOUGH to guarantee security! Cryptography alone is NEVER ENOUGH to guarantee security!
    70. 70. 01/30/15 70 Technical Controls Perimeter Security and Firewalls • Security often relies on segregation of security domains – Trusted – Untrusted: Internet, … • Trusted domains are protected by a perimeter – Hence the term of security perimeter • When a point of passage between domains is required – Firewall: security policy enforcement
    71. 71. 01/30/15 71 Technical Controls Security Perimeter Trusted Zone Untrusted Zone firewall
    72. 72. 01/30/15 Technical Controls Usual Firewall Locations Internet intranet Partner XPartner Y HR Network Source: Cisco Systems
    73. 73. 01/30/15 73 Technical Controls: Firewalls Deep Packet Inspection • More and more protocols run over HTTP – SOAP (= XML over HTTP) – … • Security policy must be enforced for those new protocols  need to also inspect the payload of HTTP • This is called Deep Packet Inspection
    74. 74. Impact of Voice
    75. 75. 01/30/15 75 Why Voice over IP? • Before voice had a separated network • If voice is over IP then – Single network to operate (or to outsource) – Toll by-pass: • Data communication is usually cheaper than voice communication – More functions in phones • Video • User directory – Data and voice applications can merge • Voice mail • Web conferencing • Customer Relation Management systems
    76. 76. 01/30/15 76 Voice Payload Voice PayloadRTP Voice PayloadRTPUDP Voice PayloadRTPUDPIP 1. Transform usual voice (analog) in digital with CODEC 2. Cut voice in small chunks 3. Transport those chunks over IP Voice in an IP Packet
    77. 77. 01/30/15 77 Analog Audio Source = 0101 G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0 Everything Is Bits Sample Compand Quantize Encode Frame 4000 Hz Analog Signal = Sample 8,000/sec Nyquist Frequency Quantize 256 Steps Using 8 Bits DS0 64 Kbps What Is a CODEC? Analog to Digital Conversion
    78. 78. 01/30/15 78 IP Telephony vs. Voice over IP • IP telephony is a super-set of services over IP – Pure Voice over IP transport – Conferencing – Voice mail – ...
    79. 79. 01/30/15 79 Network Requirements for Voice • Power over the Ethernet – No need for power cord for the phone • Quality of service – Voice is delay sensitive (< 150 msec) • Other issue – Relationships between • Network department • Voice department
    80. 80. 01/30/15 80 The Skype Service • P2P based VoIP software • Founded by the founders of Kazaa • Can be downloaded free at: – http://www.skype.com • Services – Both paid and free services available – Free - Instant Messaging - Voice and Video communication (PC to PC) A typical Skype user interface
    81. 81. 01/30/15 81 Skype Architecture Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Skype Architecture: Normal peers, super nodes, and centralized Skype server
    82. 82. 01/30/15 82 Should You Use Skype? • If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable?
    83. 83. Impact of Virtualization
    84. 84. 01/30/15 84 What is Virtualization • Separation of location and services – Services can run anywhere – Users cannot see the difference • Corollary – Several services in the same location
    85. 85. 01/30/15 85 “[Virtualization is] a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource.” Mann, Andi, Virtualization 101 Enterprise Management Associates (EMA) © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85 BRKDCT-1870 14484_04_2008_c2
    86. 86. 01/30/15 86 Why Virtualization • Flexibility – Can add a new server/service in less than 1 second – Can move a service to a better server • Being faster, more secure, cheaper • Cost efficiency – Share a physical €€€ server by several application • Green – No need to power 10 servers for 10 services if all 10 services can run on a single server
    87. 87. 01/30/15 87 “By 2008, 50% of Today’s Data Centers Will Have Insufficient Power and Cooling Capacity to Meet the Demands of High-Density Equipment” Data Center Trends Days to Deploy Applications Server/Storage Utilization Annual Storage Growth DC Records Retention (Years) DC Power and Cooling Costs Data Center Operations Source: Gartner, 2008 60–180 < 25% 40–400% 7–10 ~ 25–30% > 30%
    88. 88. 01/30/15 88 Data Center Virtualization • Enables consolidation or sharing of physical assets to increase utilization  Reduces physical devices and cabling, space, power, and cooling  Enables rapid deployment and redeployment of resources to meet business objectives
    89. 89. 01/30/15 89  Consolidation of physical SANs  Improved storage utilization  Greater flexibility Storage Virtualization  Consolidation of physical servers  Improved server utilization  Greater flexibility Server Virtualization Network Virtualization Data Center Virtualization • Consolidation of physical networks • Greater flexibility • Improved capacity utilization OS App Hypervisor OS App OS App OS App OS App Network Virtualization Storage Virtualization Server Virtualization
    90. 90. 01/30/15 90 Network Virtualization • The basis of other virtualization – Virtual LAN: sharing an Ethernet switch for several independent LAN – Virtual Private Network (VPN) sharing a WAN infrastructure among several independent WAN
    91. 91. 01/30/15 91 Storage Virtualization • Network Attached Storage – Attaching a hard-disk to ONE computer via USB/Network – NOT a real virtualization: computer is aware of the remote disk • Storage Area Network (SAN) – Attaching hard-disk to SEVERAL computers via network – Virtualization because computers are unaware of the disks being remote – Network must be really fast: Infiniband or Fibre Channel
    92. 92. 01/30/15 92 Why SAN? • Virtualization allows – Sharing disk – Adding storage easily without disruption – Single place for all storage • Easier to secure • Easier to take back-up – Storage is no more local to the computer • Can move the computer and keep the same disk • Important when the computer becomes virtual
    93. 93. 01/30/15 93 Storage Volume Virtualization • Adding more storage requires administrative changes • Administrative overhead, prone to errors • Complex coordination of data movement between arrays Target SAN Fabric Initiator Initiator Target
    94. 94. 01/30/15 94 SAN Fabric Storage Volume Virtualization • A SCSI operation from the host is mapped in one or more SCSI operations to the SAN- attached storage • Zoning connects real initiator and virtual target or virtual initiator and real storage • Virtual Volume 2 Virtual Target 1 VSAN_10 Virtual Volume 1 Virtual Target 2 VSAN_20 Virtual Initiator VSAN_30 Virtual Initiator VSAN_30 Initiator VSAN_20 Initiator VSAN_10
    95. 95. 01/30/15 95 Server Virtualization • Multiple Computers inside a Computer – Guest OS can be different than host OS – Guest machines are isolated by default CPU m em ory Modified Stripped Down OS with Hypervisor Guest OS App VM CPU m em ory Host OS VM Hypervisor VMware Microsoft Guest OS App Guest OS App Guest OS App
    96. 96. 01/30/15 VMware Virtualization Layer Virtual Server Migration • VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without having to interrupt service. • Downtime in the order of few milliseconds to few minutes, not hours or days • Can be used to perform Maintenance on a server, • Can be used to shift workloads more efficiently VMware Virtualization Layer OS OS Console OS OS App. App. App. CPU m em ory CPU m em ory Console OS Hypervisor Hypervisor
    97. 97. How to Deploy a Network? Or the right questions to be asked?
    98. 98. 01/30/15 98 Basic Networking • IPv6 Readiness • Addressing (mainly technical) – Use of DHCP? – Important for mobile user • Routing (mainly technical)
    99. 99. 01/30/15 99 Levels of Security • Does the security policy include network? • Risk management: assets, confidentiality requirements – Specific requirements for some business: Basel II, PCI • Which are my security domains? – HR – Sales? – Guests – What about contractors?
    100. 100. 01/30/15 100 QoS • Do you need QoS in your network? – Probably for IP telephony • What are my critical application? – ERP? – Emails? – Back-up?
    101. 101. 01/30/15 101 High Availability • Availability is usually important • Redundancy – Hot or cold standby? – Redundant links? – Redundant Service Providers? • What are your disaster recovery procedure?
    102. 102. 01/30/15 102 Open Standards • Pros – Competition means lower price – Can switch vendors easily • Cons – Having multiple vendors cost a lot of € (training the operators and users) – Lagging (not leading edge) • Be prepared for some compromise – But ask your vendor for commitment to support future standards
    103. 103. 01/30/15 103 Future Proof... • Find the balance between – Proven technologies: but obsolete in a few years • Think IPv4 vs. IPv6 – Leading edge technos: but unstable and expensive
    104. 104. 01/30/15 104 Operation Cost • Cheap to buy cheap to run≠
    105. 105. 01/30/15 105 Outsourcing Network • Pros – Reduces CAPEX – Improves balance sheet • Cons – Your business relies on another party (could go bankrupt or be acquired by competitor) – Less flexibility – Long process cycle • Never forget about SLA in the contract
    106. 106. 01/30/15 106 Outsourcing Web Portal • Pros – Learning curve pretty small – Cheaper (CAPEX & OPEX) – More secure (no link to your real data) • Cons – Less control – No access to your life data • No e-business
    107. 107. 01/30/15 107 Green Impact • A tornado since early 2008 • Sometime a simple excuse to reduce cost • Power consumption – Faster means more power means more cooling... – Data Center location is no more based on salary but power stability & price – Turn off devices when not in use: RFID, electronics, ... – Reduce consumption => slower device? – SHARE equipment: importance of virtualization
    108. 108. 01/30/15 108 End THE END

    ×