SlideShare a Scribd company logo

Troubleshooting for Intent-based Networking

Open Networking Summit
Open Networking Summit

Joon-Myung Kang and Mario A. Sánchez's presentation at the 2017 Open Networking Summit. Intent-based networking has gained a lot of interest in recent years with several different open source communities (including ONF, OpenDaylight and ONOS). However, network diagnosis and troubleshooting remain two essential aspects of network management that still require massive manual effort and extensive expert knowledge. So far, no approach has focused on troubleshooting the network at the intent level. We argue that providing reasoning capabilities about why an observed network state happens according to specified input policies can help simplify this complexity. In this talk, we present our work on network troubleshooting at the intent level. Our solution provides capabilities to enable posing what-if type questions at the policy level –e.g. when a new input policy is introduced– to help answer reachability questions both at the policy and infrastructure level.

1 of 37
Download to read offline
Troubleshooting for Intent-based Networking Joon-Myung Kang and Mario A. Sánchez Hewlett Packard Labs Open Networking Summit 2017
Intent-based Networking Policy Graph Abstraction and Demo Troubleshooting and Demo QnA 2
Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 3
Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 4
Intent-based Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces − Application Plane says “What” (doesn’t care how) − Control Plane reasons “How” (doesn’t care why) Intent − “what”, not “how” (non-prescriptive) − Is portable − Is universal − Is compose-able − Is invariant − Is scale-able Source: Dave Lenrow, “Intent As The Common Interface to Network Resources,” Intent Based Network Summit 2015 ONF Boulder: Intent NBI Intent “I want my headache to stop” Prescription “Give me two aspirins” 5
Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless Configure new guest WiFi 6
Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless INVISIBLE Configure new guest WiFi 7
Intent-based Networking Open Source Efforts – ONF Open Source SDN Boulder – Define Intent North Bound Interface (NBI) – http://opensourcesdn.org/projects/project-boulder-intent-northbound-interface-nbi/ – https://community.opensourcesdn.org/wg/IntentNBI/dashboard – OpenDaylight NIC – Network Intent Composition – Manage and direct network services and network resources based on the given “Intent” – https://wiki.opendaylight.org/view/Network_Intent_Composition:Main – ONOS Intent Framework – Allows applications to specify their network control desires in form of policy rather than mechanism (Intent) – https://wiki.onosproject.org/display/ONOS/Intent+Framework ONF Intent NBI – Definition and Principles, Draft Version 6, Sep. 2016 https://wiki.opendaylight.org/view/Network_Intent_Composition:Graph 8
Policy Graph Abstraction (PGA) PGA overview Troubleshooting for Intent-based Networking 9
PGA is Real Public resources ACM SIGCOMM 2015 London, UK Research Paper and Demo Running System and Open Source Contributions OpenStack Summit 2015, 2016 OpenDaylight Summit 2015, 2016 10
Policy Management in Practice 11
Policy Graph Abstraction (PGA) Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC graph composition Quarantined Remedy Service Policy sources Graph abstraction Unified, conflict-free policy graph Deploy 12
PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels 13 CPU Utilization > 90% <= 90%
PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − 4 individual input policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 14
PGA Example − 4 individual input policies − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − Proactive, automatic composition − Scalable algorithm: 13 mins to compose 20K ACL + service chain policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 15
PGA Current status PGA implementation and impact − PGA model, composition, deployment, and tool to convert ACL policy configuration to PGA intent specification − PGA prototype for OpenStack (Juno ~ Newton) − PGA Intent APIs and graph compiler contributed to ODL/NIC Beryllium release − Troubleshooting for intent based policy management − Conflict detection − Composition correctness verification − Intent addition/modification/deletion 16
Live Demo PGA Basic Operations 17
PGA Demo 18
Troubleshooting With Intent-based Networking
Network debugging/troubleshooting a difficult task Picture sources: http://simplearchitectures.blogspot.com/2013/08/addressing-data-center-complexity.html http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2- 1/ServSecDC/8_NIDS.html WEB NO CONNECT Picture source: http://www.ntstn.com/category/troubleshooting/network- troubleshooting Policy Network ping traceroute tcpdump SNMP sflow
Systematic troubleshooting –Know intent of the operator –Check network behavior against operator intent Intent-based networking –Policy is a first-class citizen –Intent explicitly expressed at policy layer –Forwarding semantics explicitly defined –Code compiles policy description into lower-level configuration Difficult to achieve in legacy networks Opportunity to rethink network debugging
Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow)
Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow) • Each layer performs one piece of translation process • Every layer should correctly map to every other layer • Most errors in SDN are mistranslations between layers
Checking network behavior against intent –Early debugging tools for OpenFlow-enabled networks –Ndb, OFRewind, NetSight, netwatch, netshark, nprof… –Easier to discover the source of network problems [Faulty device firmware, inconsistent flow rules, faulty routing…] –Testing and verification complement network troubleshooting and debugging [Loop freedom, black holes, performance of OpenFlow switches…] Too low level!
Knowing the operator’s intent Does the Actual Network Behavior Match the Policy? –If NO… Match the symptoms to responsible system component –If YES… The policy itself is the problem, a human must resolve the discrepancy –If unwanted behavior persists & all state layers are equivalent: –The configured policy must not match the operator’s intent
Troubleshooting System Composed graph User/App1 User/App2 User/Appn User Intents Input graphs Infrastructure Controllers PGA Results Metadata GUI Query Query Examples – Reachability/Connectivity checking – Can A talk to B? – Security vulnerability or Risk assessment – Addition/removal/edition correctnessTroubleshooting System
Troubleshooting Examples Reachability –Can A talk to B? –What EPG do nodes belong to? –Is there an edge connecting both EPGs? –What security groups should be checked? –What middleboxes should be checked?
Troubleshooting example Troubleshooting network connectivity (reachability) (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint web Engg client HR site
Troubleshooting example Intent addition/modification/removal (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint compare 29
Troubleshooting example Risk Assessment Indicator may be composed using different data points: e.g. # of compromised hops; # of network functions traversed, etc. What if a host from “Web&Cloud” is compromised? What EPGs might be able to reach host ‘x’ (through intermediate host compromise)?
Troubleshooting Demo Marketing Employee Campus Admin 10.10.20.1 Connectivity Problem Intent edition Remote desktop connection
PGA and Troubleshooting Demo 32
Summary –Intent-based Networking is beneficial to simplify network control & management 33
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples 34
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily do troubleshooting network problems 35
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily identify network problems –What’s next – More More More practical experiences from network operators/administrators/developers… 36
Thank you joon-myung.kang@hpe.com mario.ant.sanchez@hpe.com 37

Recommended

Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
Yitao Cen
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
Schellman & Company
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 

Recommended

Secure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptxSecure AWS with Fortinet Security Fabric.pptx
Secure AWS with Fortinet Security Fabric.pptx
Yitao Cen
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
Schellman & Company
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988
termsfeed
 
How to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisHow to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap Analysis
Carlo Dapino
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)
Enterprise Management Associates
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and Metrics
Terranova Security
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
LTRSEC-2017-LG
LTRSEC-2017-LGLTRSEC-2017-LG
LTRSEC-2017-LGGurudatt pai
 
Network Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network OperationsNetwork Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network Operations
Enterprise Management Associates
 
Crisc prep-guide
Crisc prep-guideCrisc prep-guide
Crisc prep-guide
statisense
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Vaultastic
 
Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylight
OpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
Nikolay Milovanov
 

More Related Content

What's hot

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988
termsfeed
 
How to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisHow to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap Analysis
Carlo Dapino
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)
Enterprise Management Associates
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and Metrics
Terranova Security
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
develop security policy
develop security policydevelop security policy
develop security policy
Info-Tech Research Group
 
Network Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network OperationsNetwork Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network Operations
Enterprise Management Associates
 
Crisc prep-guide
Crisc prep-guideCrisc prep-guide
Crisc prep-guide
statisense
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Vaultastic
 

What's hot (20)

Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Australia Privacy Act of 1988
Australia Privacy Act of 1988Australia Privacy Act of 1988
Australia Privacy Act of 1988
 
How to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap AnalysisHow to perform an Infrastructure Security Gap Analysis
How to perform an Infrastructure Security Gap Analysis
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)Consumer Identity and Access Management (CIAM)
Consumer Identity and Access Management (CIAM)
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and Metrics
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
 
develop security policy
develop security policydevelop security policy
develop security policy
 
LTRSEC-2017-LG
LTRSEC-2017-LGLTRSEC-2017-LG
LTRSEC-2017-LG
 
Network Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network OperationsNetwork Observability: Delivering Actionable Insights to Network Operations
Network Observability: Delivering Actionable Insights to Network Operations
 
Crisc prep-guide
Crisc prep-guideCrisc prep-guide
Crisc prep-guide
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
 

Similar to Troubleshooting for Intent-based Networking

Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylight
OpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
Nikolay Milovanov
 
Cloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow AnalysisCloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow Analysis
Alex Henthorn-Iwane
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
videos
 
PACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With UtilitiesPACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With Utilities
Pace IT at Edmonds Community College
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Cisco Canada
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
ThomasGraf40
 
sdnppt.pdf
sdnppt.pdfsdnppt.pdf
sdnppt.pdf
AbhayDonde
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
Cisco Canada
 
Summit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologySummit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & Technology
OPNFV
 
SDN approach.pptx
SDN approach.pptxSDN approach.pptx
SDN approach.pptx
TrongMinhHoang1
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
Puppet
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Elena Marianenko
 
Network Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspectiveNetwork Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspective
Walid Shaari
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
Lori Head
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
AssadLeo1
 
ALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngineALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngine
Abdelkrim Boujraf
 
Question 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdfQuestion 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdf
aman05bhatia1
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 

Similar to Troubleshooting for Intent-based Networking (20)

Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
 
Cloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow AnalysisCloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow Analysis
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
 
PACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With UtilitiesPACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With Utilities
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
 
sdnppt.pdf
sdnppt.pdfsdnppt.pdf
sdnppt.pdf
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
 
Summit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologySummit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & Technology
 
SDN approach.pptx
SDN approach.pptxSDN approach.pptx
SDN approach.pptx
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
 
Network Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspectiveNetwork Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspective
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
ALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngineALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngine
 
Question 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdfQuestion 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdf
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
 

More from Open Networking Summit

Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
Open Networking Summit
 
Considerations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesConsiderations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and Services
Open Networking Summit
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RAN
Open Networking Summit
 
Design Principles for 5G
Design Principles for 5GDesign Principles for 5G
Design Principles for 5G
Open Networking Summit
 
Disaggregation @Equinix
Disaggregation @EquinixDisaggregation @Equinix
Disaggregation @Equinix
Open Networking Summit
 
Open Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of Cancer
Open Networking Summit
 
Building Business on Top of Open Source
Building Business on Top of Open SourceBuilding Business on Top of Open Source
Building Business on Top of Open Source
Open Networking Summit
 
Harmonizing of Open Source Networking
Harmonizing of Open Source NetworkingHarmonizing of Open Source Networking
Harmonizing of Open Source Networking
Open Networking Summit
 
Five Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverFive Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking Forever
Open Networking Summit
 
Container Networking
Container NetworkingContainer Networking
Container Networking
Open Networking Summit
 
Networking Challenges for the Next Decade
Networking Challenges for the Next DecadeNetworking Challenges for the Next Decade
Networking Challenges for the Next Decade
Open Networking Summit
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
Open Networking Summit
 
SDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceSDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity Service
Open Networking Summit
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open Networking Summit
 
Disaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityDisaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High Availability
Open Networking Summit
 
IoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsIoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling Applications
Open Networking Summit
 
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Networking Summit
 
Container Service Chaining
Container Service ChainingContainer Service Chaining
Container Service Chaining
Open Networking Summit
 
OpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and Contribution
Open Networking Summit
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Open Networking Summit
 

More from Open Networking Summit (20)

Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Considerations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesConsiderations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and Services
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RAN
 
Design Principles for 5G
Design Principles for 5GDesign Principles for 5G
Design Principles for 5G
 
Disaggregation @Equinix
Disaggregation @EquinixDisaggregation @Equinix
Disaggregation @Equinix
 
Open Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of Cancer
 
Building Business on Top of Open Source
Building Business on Top of Open SourceBuilding Business on Top of Open Source
Building Business on Top of Open Source
 
Harmonizing of Open Source Networking
Harmonizing of Open Source NetworkingHarmonizing of Open Source Networking
Harmonizing of Open Source Networking
 
Five Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverFive Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking Forever
 
Container Networking
Container NetworkingContainer Networking
Container Networking
 
Networking Challenges for the Next Decade
Networking Challenges for the Next DecadeNetworking Challenges for the Next Decade
Networking Challenges for the Next Decade
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
 
SDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceSDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity Service
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field Trial
 
Disaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityDisaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High Availability
 
IoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsIoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling Applications
 
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNF
 
Container Service Chaining
Container Service ChainingContainer Service Chaining
Container Service Chaining
 
OpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and Contribution
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 

Troubleshooting for Intent-based Networking

  • 1. Troubleshooting for Intent-based Networking Joon-Myung Kang and Mario A. Sánchez Hewlett Packard Labs Open Networking Summit 2017
  • 2. Intent-based Networking Policy Graph Abstraction and Demo Troubleshooting and Demo QnA 2
  • 3. Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 3
  • 4. Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 4
  • 5. Intent-based Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces − Application Plane says “What” (doesn’t care how) − Control Plane reasons “How” (doesn’t care why) Intent − “what”, not “how” (non-prescriptive) − Is portable − Is universal − Is compose-able − Is invariant − Is scale-able Source: Dave Lenrow, “Intent As The Common Interface to Network Resources,” Intent Based Network Summit 2015 ONF Boulder: Intent NBI Intent “I want my headache to stop” Prescription “Give me two aspirins” 5
  • 6. Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless Configure new guest WiFi 6
  • 7. Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless INVISIBLE Configure new guest WiFi 7
  • 8. Intent-based Networking Open Source Efforts – ONF Open Source SDN Boulder – Define Intent North Bound Interface (NBI) – http://opensourcesdn.org/projects/project-boulder-intent-northbound-interface-nbi/ – https://community.opensourcesdn.org/wg/IntentNBI/dashboard – OpenDaylight NIC – Network Intent Composition – Manage and direct network services and network resources based on the given “Intent” – https://wiki.opendaylight.org/view/Network_Intent_Composition:Main – ONOS Intent Framework – Allows applications to specify their network control desires in form of policy rather than mechanism (Intent) – https://wiki.onosproject.org/display/ONOS/Intent+Framework ONF Intent NBI – Definition and Principles, Draft Version 6, Sep. 2016 https://wiki.opendaylight.org/view/Network_Intent_Composition:Graph 8
  • 9. Policy Graph Abstraction (PGA) PGA overview Troubleshooting for Intent-based Networking 9
  • 10. PGA is Real Public resources ACM SIGCOMM 2015 London, UK Research Paper and Demo Running System and Open Source Contributions OpenStack Summit 2015, 2016 OpenDaylight Summit 2015, 2016 10
  • 11. Policy Management in Practice 11
  • 12. Policy Graph Abstraction (PGA) Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC graph composition Quarantined Remedy Service Policy sources Graph abstraction Unified, conflict-free policy graph Deploy 12
  • 13. PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels 13 CPU Utilization > 90% <= 90%
  • 14. PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − 4 individual input policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 14
  • 15. PGA Example − 4 individual input policies − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − Proactive, automatic composition − Scalable algorithm: 13 mins to compose 20K ACL + service chain policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 15
  • 16. PGA Current status PGA implementation and impact − PGA model, composition, deployment, and tool to convert ACL policy configuration to PGA intent specification − PGA prototype for OpenStack (Juno ~ Newton) − PGA Intent APIs and graph compiler contributed to ODL/NIC Beryllium release − Troubleshooting for intent based policy management − Conflict detection − Composition correctness verification − Intent addition/modification/deletion 16
  • 20. Network debugging/troubleshooting a difficult task Picture sources: http://simplearchitectures.blogspot.com/2013/08/addressing-data-center-complexity.html http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2- 1/ServSecDC/8_NIDS.html WEB NO CONNECT Picture source: http://www.ntstn.com/category/troubleshooting/network- troubleshooting Policy Network ping traceroute tcpdump SNMP sflow
  • 21. Systematic troubleshooting –Know intent of the operator –Check network behavior against operator intent Intent-based networking –Policy is a first-class citizen –Intent explicitly expressed at policy layer –Forwarding semantics explicitly defined –Code compiles policy description into lower-level configuration Difficult to achieve in legacy networks Opportunity to rethink network debugging
  • 22. Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow)
  • 23. Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow) • Each layer performs one piece of translation process • Every layer should correctly map to every other layer • Most errors in SDN are mistranslations between layers
  • 24. Checking network behavior against intent –Early debugging tools for OpenFlow-enabled networks –Ndb, OFRewind, NetSight, netwatch, netshark, nprof… –Easier to discover the source of network problems [Faulty device firmware, inconsistent flow rules, faulty routing…] –Testing and verification complement network troubleshooting and debugging [Loop freedom, black holes, performance of OpenFlow switches…] Too low level!
  • 25. Knowing the operator’s intent Does the Actual Network Behavior Match the Policy? –If NO… Match the symptoms to responsible system component –If YES… The policy itself is the problem, a human must resolve the discrepancy –If unwanted behavior persists & all state layers are equivalent: –The configured policy must not match the operator’s intent
  • 26. Troubleshooting System Composed graph User/App1 User/App2 User/Appn User Intents Input graphs Infrastructure Controllers PGA Results Metadata GUI Query Query Examples – Reachability/Connectivity checking – Can A talk to B? – Security vulnerability or Risk assessment – Addition/removal/edition correctnessTroubleshooting System
  • 27. Troubleshooting Examples Reachability –Can A talk to B? –What EPG do nodes belong to? –Is there an edge connecting both EPGs? –What security groups should be checked? –What middleboxes should be checked?
  • 28. Troubleshooting example Troubleshooting network connectivity (reachability) (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint web Engg client HR site
  • 29. Troubleshooting example Intent addition/modification/removal (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint compare 29
  • 30. Troubleshooting example Risk Assessment Indicator may be composed using different data points: e.g. # of compromised hops; # of network functions traversed, etc. What if a host from “Web&Cloud” is compromised? What EPGs might be able to reach host ‘x’ (through intermediate host compromise)?
  • 31. Troubleshooting Demo Marketing Employee Campus Admin 10.10.20.1 Connectivity Problem Intent edition Remote desktop connection
  • 33. Summary –Intent-based Networking is beneficial to simplify network control & management 33
  • 34. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples 34
  • 35. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily do troubleshooting network problems 35
  • 36. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily identify network problems –What’s next – More More More practical experiences from network operators/administrators/developers… 36