- DDoS attacks are increasing in complexity by combining different attack vectors, though the peak size of volumetric attacks decreased - More service providers are adopting SDN/NFV technologies, with the proportion doubling over the previous year, though interoperability and cost remain barriers - NFV aims to deploy network services through software on generic hardware rather than proprietary appliances, improving flexibility, but challenges include integration, orchestration, availability, and licensing

1. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 1

2. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 2
NEXT GENERATION DDoS
SERVICES
an we do this with NFV?
F Chui, Principal Security Technologist

3. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 3
• While the size of the very largest attack was down,
proportion of volumetric attacks was up overall
• Attackers realized that there is very little you can do
with 800 Gbps of firepower that you can’t do with 60
Gbps
• Marked increase in the complexity of attacks
olumetric Attacks Are Down in Peak Size
0
200
400
600
800
1000
1200
1400
1600
1800
2000
Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18
DDoS peak attack size (Gbps) - Global

4. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 4
Attack Innovation Seen at the Edge
ulti-vector attacks combine high
lume floods, application-layer attacks
nd TCP-state exhaustion attacks in a
ngle sustained offensive, increasing
tigation complexity and attacker's
ance for success
sing Complexity
20% increase
over last year

5. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 5
Across All Business Types
eaponization of botnets and cheap
DoS for hire services threaten all
usiness types
hese same verticals are driving
emand for DDoS services
oud and IoT are having an impact
22% of ISPs see attacks originating
from on-net IoT
36% see attacks targeting cloud
services, up from a quarter
ot Just ‘The Usual Suspects’

6. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 6
DN & NFV
Proportion of SP with SDN or NFV in
production has doubled over previous year
Operational Concerns, Interoperability, and
Cost leading barriers to SDN / NFV

7. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 7
What is NFV?
Deploy network services on
generic x86-based hardware
Flexible resource allocation
Scale-out architectures
Bare-metal or virtual machines
Typical router HW architecture

8. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 8
• Programmable infrastructure
• Stable, common interface*
• Lifecycle management of virtual network functions
• Must be able to associate services
• Refined control of network path
Requirements for NFV

9. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 9
NFV eco-system – enter ETSI NFV
ropean Telecommunications Standards Institute
Reference architecture for NFV
Developed by European Telecommunications
Standards Institute, 2012
Define key components and relationships
tp://www.etsi.org/

10. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 10
NFV reference architecture
Virtual infrastructure manager
• Virtual resource allocation and management
• Virtual resource operations
• Example: OpenStack, CloudStack, vCloud
Director
VNF manager: VNF lifecycle management
• VNF instantiation and termination
• VNF query & configuration
• VNF scaling
Service Orchestrator
• Map service requests into VNFs
• Request VNF instantiation and provisioning

11. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 11
NFV reference architecture
utomation and Orchestration selection criteria
Orchestration system requirements
• Service templates
• Automatic provisioning
Appliance requirements
• APIs
• Prefer REST

12. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 12
Why would we want NFV?
Run network services on 3d party server vendors
Reduce maintenance cost and sparing
Reduce number of redundant components
Reduce time-to-market and time-to-deployment
Increase flexibility and agility
Increase resource utilization
Replace CAPEX (h/w) model to OPEX (subscription)
Pay-as-You-Grow model works well

13. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 13
• Product deliver challenges
– Packaging
– Multi-vendor integration
– Support
– Licensing
– Integration orchestration systems
• Provisioning challenges
– Service decomposition
– Sevice provisioning
– Service insertion and stitching
– VM orchestration
NFV Challenges
• Operation challenges
– High availability
– Auto-scaling
– Service monitoring
– Monitoring an auditing of scale-out
infrastructure

14. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 14
Orchestration and automation
– Service decomposition
– Integration with orchestration/provisioning systems
– Provisioning and configuration automation
– High-availability (auto-healing)
– Auto-scaling
– Service insertion for transparent services
– On-demand service chaining
– No standard deployment process or API
Licensing challenges
– Vendors like to license boxes (instances), not throughput
NFV Challenges

15. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 15
• Reduced CapEx/OpEx, TCO(?)
• COTS hardware
• Autoscaling services: deploy at need, eliminate idle virtual
resources
• Programmability means customizability
• Service function chaining
romised NFV payoff?

16. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 16
elco Services offering through NFV
• A way to leapfrog competition
• A way to roll out new services faster
• A way to reach customers not connected to their network
Firewall
Remote VPN
WAF
Anti-SPAM
Anti-DDoS
IPS
Vulnerability
scanning
Endpoint
Secuirty
Web security
GW
DLP
PKI
IDM
Security Operations Center

17. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 17
xperience sharing - implement DDoS mitigation service
Choosing MANO vendor
Choosing Infra-structure & SDN
vendor
Choosing NFV vendor

18. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 18
A superficial review of how things work
se Cloudband as an example
Operator creates service templates in
the catalog
User logs into portal and subscribes to
the service
Portal calls Cloudband Network
Director or CBND (NFV-O module)
CBND calls Cloudband Application
Manager or CBAM (VNFM module) to
create VNFs, OpenStack (VIM) to
provision compute resources and calls
Nuage (SDN controller) to create a
service chain
CBAM deploys VNFs and then
monitors their lifecycle
NFVO
VNFM
VIM
VNF
NFVI
Service Catalog
Compute Network Storage
Portal
SDN
controller
1
2
3
4
5

19. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 19
essons learned
• License model which is closer to what user would like to pay for:
• based on actual mitigated/inspected traffic volume (consumption-
based license)
• based on clean traffic
• HA support for VNFs.
• Configuration synchronization
• Backup license?
• User Portal console
• Multi-tenancy
• KPIs to monitor VNF health.
• How does VNF-M learn that mitigation device went down?
• KPIs to trigger scale up / scale down
• VNF-M needs to resize VNF – compute and license

20. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 20
VNFs must have programmable interfaces
– Enhance APIs
Element management
– Provide client libraries or orchestration modules
– Python module, Ansible module, NSO NED?
Provide customers with sample templates, playbooks
– HOT, TOSCA, NSO VNFD, Ansible
Consideration for choosing NFV

21. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 21
Arbor’s NFV strategy
Virtualizing platforms and services
– SP, TMS, APS all virtualized
Flexible licensing
– Pay-as-you-grow
Orchestration
– Cisco Network Services Orchestrator
– Nokia CloudBand
– OpenStack Tacker

22. RIGHT © 2018 NETSCOUT SYSTEMS, INC. 22
Thank You.
ww.netscout.com
ontact: cfchui@arbor.net