Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG 19.04.2013.

Slides:

Advertisements

Similar presentations

Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.

Advertisements

A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Data Security in Local Networks using Distributed Firewalls

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Stephen S. Yau CSE , Fall Security Strategies.

Department Of Computer Engineering

A Survey on Interfaces to Network Security

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Using Routing and Tunnelling to Combat DoS Attacks Adam Greenhalgh, Mark Handley, Felipe Huici Dept. of Computer Science University College London

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.

System Management for Virtualization and Automation in a Dynamic Data Center SVM’08 Munich Karsten Beins, Sen. Director Infrastructure Technology.

Sungkyunkwan University (SKKU) Security Lab. A Framework for Security Services based on Software-Defined Networking Jaehoon (Paul) Jeong 1, Jihyeok Seo.

CSC8320. Outline Content from the book Recent Work Future Work.

Current Practice for Network Analysis in CSTNet Chunjing Han CSTNET, CNIC

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Module 7: Advanced Application and Web Filtering.

AIMS Workshop Heidelberg, 9-11 March 1998 P616 - ENHANCED ATM ISSUES Network Layers over ATM Rüdiger Geib Deutsche Telekom Tel Fax +49.

Chapter 4: Implementing Firewall Technologies

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.

SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.

CSCI 465 D ata Communications and Networks Lecture 24 Martin van Bommel CSCI 465 Data Communications & Networks 1.

Brocade Flow Optimizer

Company LOGO Network Architecture By Dr. Shadi Masadeh 1.

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.

The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

SDN/NFV DDoS Requirements "The Mobile Use Case – 5G" Bipin Mistry, VP Product Management © 2015 Corero

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

IP/MPLS Backbone Transition to SDN: OpenDaylight Advisory Board

CONNECTING TO THE INTERNET

Peer-to-peer networking

* Essential Network Security Book Slides.

Chapter 6 Networks Communicating and Sharing Resources

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

AKAMAI INTELLIGENT PLATFORM™

Virtual Private Networks

Transport Layer Systems Firewalls and NAT

دیواره ی آتش.

Data Security in Local Networks using Distributed Firewalls

Network Architecture By Dr. Shadi Masadeh 1.

Hosted Security.

Tokyo OpenStack® Summit

Presentation transcript:

Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG

2 Content 1.SDN Concepts and Architecture 2.Use Cases

I2RS Use Cases. Vision for I2RS as one Building Block in the E2E picture. Access Core Network BNG Data Center End-2-End Orchestration Services Access I2RS Transit Trigger Probes e) Customer profile is configured/provisioned End-2-End orchestration provides network connectivity, allocates ressources (e.g. data center) and establishes services based on end user requirements.

I2RS Use Cases. Warding against DDoS Attacks (1 of 2).  DDoS protection architecture ensures:  Identify DDoS attacks from the Internet (traffic, attack pattern, …)  Warding of attacks against infrastructure or business services  The architecture should be  selective  independent of DDoS source  Mechanisms activated  „on Demand“ (e.g. customers requests) or  based on results from network probes DDoS Protection for Business Customers DC Transit BBRAR Peering LER IP Backbone BNG Business Customer DDoS Business Customer

I2RS Use Cases. Warding against DDoS Attacks (2 of 2).  If malicious traffic is detected, traffic is redirected towards a data center.  Data Center cleans up traffic before sending it towards end customers.  Simple interaction with existing routing (might also be applied to specific traffic) Threat Management System TMS /32 most specific route Target address of attack contains malicious traffic Redirection of traffic into filter (DC based)

I2RS Use Cases. Generalization: Flow Aware Traffic Steering.  Several problems are solved with different approaches. Goal is to use one common approach (and API) to solve those problems in a similar manner.  Previously shown use case basically boils down to injecting/removing routes in near real time  Same mechanisms can be easily applied to other higher layer use cases  Firewalling in DC, parental control for residential customers, ….  Benefit of using a common Interface:  Reduces complexity (not different solutions for different problems).  Higher flexibility (easy to add additional functionality without updating network node).  Decoupling of life cycles (network / data center / service implementation)