Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

Slides:

Advertisements

Similar presentations

Berlin – November 10th, 2011 NetFPGA Programmable Networking for High-Speed Network Prototypes, Research and Teaching Presented by: Andrew W. Moore (University.

Advertisements

RIP V1 W.lilakiatsakun.

An Overview of Software-Defined Network Presenter: Xitao Wen.

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.

© Cisco Systems, Inc. All rights reserved. Cisco Public ITE PC v4.1 Chapter 4 1 Chapter 12: Advanced Troubleshooting IT Essentials v5.0.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)

The Stanford Clean Slate Program A couple of platforms (Or: “Why can’t I innovate in my wiring closet?”) Nick McKeown

OpenFlow on top of NetFPGA Part I: Introduction to OpenFlow NetFPGA Spring School 2010 Some slides with permission from Prof. Nick McKeown. OpenFlow was.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

An Overview of Software-Defined Network Presenter: Xitao Wen.

Networking, Hardware Issues, SQL Server and Terminal Services Session VII.

Identity Management and DNS Services Tianyi XING.

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

Data Center Network Redesign using SDN

Enabling Innovation Inside the Network Jennifer Rexford Princeton University

Aug 20 th, 2002 Sigcomm Education Workshop 1 Teaching tools for a network infrastructure teaching lab The Virtual Router and NetFPGA Sigcomm Education.

Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.

Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing.

Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.

Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.

OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.

Software-Defined Networks Jennifer Rexford Princeton University.

Common Devices Used In Computer Networks

CPMT 1451 IT Essentials: PC Hardware and Software ITCC 1301 Cisco Exploration 1: Network Fundamentals ITCC 1304 Cisco Exploration 2: Routing Protocols.

OpenFlow: Enabling Innovation in Campus Networks

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Computer Software Chapter 4 McGraw-Hill/IrwinCopyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

To be smart or not to be? Siva Subramanian Polaris R&D Lab, RTP Tal Lavian OPENET Lab, Santa Clara.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

ECE 526 – Network Processing Systems Design Networking: protocols and packet format Chapter 3: D. E. Comer Fall 2008.

© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

OpenFlow：Enabling Innovation in Campus Network

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.

Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.

Lecture 12: Reconfigurable Systems II October 20, 2004 ECE 697F Reconfigurable Computing Lecture 12 Reconfigurable Systems II: Exploring Programmable Systems.

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

Network Components By Cameron Baker.

NETWORKING COMPONENTS BY: TRAVIS MARSHALL. HUBS A hub is a device within a network that has multiple Ethernet ports that devices can plug into. The hub.

Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.

Project Description. NetFGPA-based Virtual Router Implement a Virtual Router with using NetFPGA Box. an open source hardware and software platform for.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.

OpenFlow MPLS and the Open Source Label Switched Router Department of Computer Science and Information Engineering, National Cheng Kung University, Tainan,

Abdullah Alshalan Garrett Drown Group #4 CSE591 - Virtualization and Cloud Computing.

Internetworking Lecture 10 October 23, Introduction to Internetworking So far, we’ve discussed about how a single network functions. Internetworking.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.

I2RS Overlay usecase 1 Fangwei hu Bhumip Khasnabish.

Assignment 3 Jacob Seiz. Hub A hub provides a central access point for a network. Through multiple I/O ports a hub can connect multiple Ethernet devices.

SDN challenges Deployment challenges

SECURITY ZONES.

Chapter 4: Routing Concepts

Week 6 Software Defined Networking (SDN): Concepts

Unit 27: Network Operating Systems

Informational Tutorial

Indigo Doyoung Lee Dept. of CSE, POSTECH

The Stanford Clean Slate Program

CS 31006: Computer Networks – The Routers

Software Defined Networking (SDN)

Firewalls Routers, Switches, Hubs VPNs

® IRL Solutions File Number Here.

NetFPGA - an open network development platform

In-network computation

Presentation transcript:

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security

What are Virtual Trusted Domains? A virtual trusted domain (VTD) is a collection of virtual machines, regardless of physical boundaries, that trust one another and share the same security policy.

 Create and manage virtual trusted domains for virtual machines through the use of a NetFPGA.  Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.

 Low-cost platform, primarily designed as a tool for teaching networking hardware and router design

 PCI card containing a large Xilinx FPGA  4 Gigabit Ethernet ports  Double-date Rate(DDR2) Dynamic RAM(DRAM)  Reprogrammable CPCI bus  NetFPGA packages(NFPs) containing source code(both for hard/software)

 Line-Rate Processes back-to-back packets ○ Without dropping packets ○ At full rate of Gigabit Ethernet Links Operating on packet headers ○ For switching, routing, and firewall rules And packet payloads ○ For content processing and intrusion prevention

 Open-source hardware Similar to open-source software ○ Full source code available ○ BSD-style License But harder, because: ○ Hardware modules must meet timing ○ Verilog& VHDL components have more complex interfaces ○ Hardware designers need high confidence in specification of modules

PC PING OpenFlow protocol NetFPGA Controller controller ofprotocol openflow_switch.bit ofdatapath.ko ofdatapath_netfpga.ko UserspaceKernel / Hardware

Tasks:  Research how to program NetFPGAs.  Research and design an implementation for Virtual Trusted Domains on a NetFPGA.  Research Path Splicing, which implements similar features that we would like to use in our project.  Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA.  Deploy the program and setup a test-bed on a NetFPGA.  Test, debug, and troubleshoot.

Tasks (distribution among team members):  Research how to program NetFPGAs.  Garrett, 50%  Tianyi, 50%  Research and design an implementation for Virtual Trusted Domains on a NetFPGA.  Garrett, 50%  Tianyi, 50%  Research Path Splicing, which implements similar features that we would like to use in our project.  Garrett, 50%  Tianyi, 50%

Tasks (distribution among team members):  Create/find/edit a program to manage Virtual Trusted Domains by way of a NetFPGA.  Garrett, 50%  Tianyi, 50%  Deploy the program and setup a test-bed on a NetFPGA.  Test, debug, and troubleshoot.  Garrett, 50%  Tianyi, 50%

Software & Hardware Used:

Network Topology & Requirements NetFPGA Computer Windows (OS) App... Application... Controller OpenFlow Switches App

 Network security  Mobility management  Network-wide energy management  New naming/addressing schemes  Network access control

 Commercial vendor won’t open software and hardware development environment Complexity of support Market protection and barrier to entry  Hard to build your own Prototypes are flakey Software only: too slow Hardware/software: Fan-out too small

Controller

Roadmap of project:  By midterm:  Research how to program NetFPGAs.  Research and design an implementation for Virtual Trusted Domains on a NetFPGA.  Research Path Splicing, which implements similar features that we would like to use in our project.  Begin coding our program to create and manage Virtual Trusted Domains on a NetFPGA  Set up a similar solution(if there is…) for VTDs as a basis for our future work.  By final:  Modify the existing solution which can or potentially can implement the VTD.  Deploy the program and setup a test-bed on a NetFPGA.  Tested and debugged.  Final documents completed.

 Novel Aspects of this Project  Establish virtual trusted domain for virtual machines in a cloud system.  Provide fast access to other virtual machines in a secure manner.  Divide bandwidth into multiple pieces based on the different requirements (like security level).  Risks and Challenges  May not be possible to find an existing similar solution that we can work from.  Potential Applications and Benefits  Virtual trusted –based network/VM management system.