Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation.

Slides:

Advertisements

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Advertisements

Network Resource Broker for IPTV in Cloud Computing Lei Liang, Dan He University of Surrey, UK OGF 27, G2C Workshop 15 Oct 2009 Banff,

All rights reserved © 2006, Alcatel Grid Standardization & ETSI (May 2006) B. Berde, Alcatel R & I.

Identifying MPLS Applications

1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Next Generation Network Architectures Summary John.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP-Prefix Segment in large-scale data centers draft-filsfils-spring-segment-routing-msdc-00.

Self-Managing Anycast Routing for DNS

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Deployment of MPLS VPN in Large ISP Networks

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.

IEEE HPSR IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,

Why SDN and MPLS? Saurav Das, Ali Reza Sharafat, Guru Parulkar, Nick McKeown Clean Slate CTO Summit 9 th November, 2011.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

© 2010 Cisco and/or its affiliates. All rights reserved. 1 Segment Routing Clarence Filsfils – Distinguished Engineer Christian Martin –

Bringing the Voice of the Consumer Into Your Supply Chain Jake Barr Director, Consumer Driven Supply Network Global Mfg, Planning & Logistics The Procter.

Brocade VDX 6746 switch module for Hitachi Cb500

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Citrix Partner Update The Citrix Delivery Centre.

MPLS and Traffic Engineering

1 Future Internet Architectures: Toward an Architecture-Agnostic Architecture Jennifer Rexford Princeton University

Kae Hsu Communication Network Dept. Redundant Internet service provision - customer viewpoint.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

Arbor Multi-Layer Cloud DDoS Protection

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

Óscar González de Dios PCE, the magic component of Segment Routing Telefónica I+D.

Experiences with Deploying a Global IP/MPLS Network

SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

Li Zhang, Zhenbin Li (Huawei Technologies) Dapeng Liu (China Mobile)

1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.

Routing. A world without networks and routing  No connection between offices, people and applications  Worldwide chaos because of the lack of centralized.

27 th of SeptemberAgnes PouelePage 1 MPLS Next Generation Networking September 2000 TF-TANT MPLS TESTING.

Peering, network sharing, interconnects Eckart Zollner September 2014.

COnvergence of fixed and Mobile BrOadband access/aggregation networks Work programme topic: ICT Future Networks Type of project: Large scale integrating.

CRIO: Scaling IP Routing with the Core Router-Integrated Overlay Xinyang (Joy) Zhang Paul Francis Jia Wang Kaoru Yoshida.

EVOLVING TRENDS IN HIGH PERFORMANCE INFRASTRUCTURE Andrew F. Bach Chief Architect FSI – Juniper Networks.

6: Routing Working at a Small to Medium Business.

IPv4 TO IPv6 TRANSITION AND INTEROPERABILITY FOR TELECOM SERVICE PROVIDER Business Problem In today’s environment of growing connectivity where almost.

1 Cabo: Concurrent Architectures are Better than One Jennifer Rexford Princeton University Joint work with Nick Feamster.

Protection and Restoration Definitions A major application for MPLS.

© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.

VIRTUAL SWITCH/ROUTER BENCHMARKING Muhammad Durrani Ramki Krishnan Brocade Communications Sarah Banks Akamai 1 © 2013 Brocade Communications Systems, Inc.

Network design Topic 4 LAN design. Agenda Modular design Hierarchal model Campus network design Design considerations Switch features.

MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.

SOFTWARE DEFINED NETWORKING/OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS April 23, 2012 © Brocade Communications Systems, Inc.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

7/11/0666th IETF1 QoS Enhancements to BGP in Support of Multiple Classes of Service Andreas Terzis Computer Science Department Johns Hopkins University.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

MULTI-PROTOCOL LABEL SWITCHING By: By: YASHWANT.V YASHWANT.V ROLL NO:20 ROLL NO:20.

Segment Routing: An Architecture build with SDN in mind and addressing the evolving network requirements Brian Meaney Cisco SP Consulting Team.

Segment Routing Traffic Engineering

Re-writing the Playbook for DDoS Mitigation Strategies

MPLS Virtual Private Networks (VPNs)

Comcast RIPE 72 "Route 6 runs uncertainly from nowhere to nowhere,

The NPD Group - Enterprise DC Agenda

Zhenbin Li, Shunwan Zhuang Huawei Technologies

Separating Routing Planes using Segment Routing draft-gulkohegde-spring-separating-routing-planes-using-sr-00 IETF 98 – Chicago, USA Shraddha Hegde

IS-IS VPLS for Data Center Network draft-xu-l2vpn-vpls-isis-02

Multicasting Unicast.

Presentation transcript:

Presented by © 2010 Tata Communications Ltd., All Rights Reserved Lessons Learned and best practices – Engineering a global dual stack and DDoS Mitigation infrastructure Raju Raghavan. S TATA COMMUNICATIONS MENOG – Sep 2013

Agenda The ContextKey Global Trends The network journey / key learnings Summary

Tata Communications - Context Key benefit Over 219 PoPs in 31 countries 6 th largest global IP Service Provider 13 Terabits of round the globe owned cable system. Global IP Service Provider - 6,100G of backbone capacity

Challenging Global Trends drive innovation in network planning 250K hits per second Zero Tolerance Exponential traffic growth leads to shorter planning cycles

Impact of the global trends on SP infrastructure Planning for Traffic Growth Planning for Traffic Growth Planning for Zero Tolerance Planning for Zero Tolerance Capacity – 100G, 40G, 10G, 1G, STM16, STM4., Load Balancing – LAG, ECMP, entropy label. Data Plane’s effect on Control plane Control Plane’s effect on Data plane Data Plane Control Plane CPU QoS TCAM FIB MFIB LFIB Adjacency L2FIB Backbone / Peer / customer link Utilization Netflow / sFlow / jFlow / IPFIX encrypted flow, L2 PW Flow, giant flow BFD NP Scale Fast SPF calculations BGP ADD Path BFD FRR EOAM G.8032 xSTP LFA BGP Best External Vicious Cycle

Network Analytics and focused instrumentation unravel interesting perspectives Control PlaneData Plane 100G / 40G / LAGs Hot potato Routing, Peering management, Multi Gigabit DDoS Attacks, IPv6 Public Cloud / Domain Private Cloud / Domain VPNs, Fast Convergence, BFD/LFA Multiple QoS requirements Application Optimization and SLAs, zero tolerance

Food for thought Tata Communications deploys both converged and de-converged architecture in different parts of the network High Traffic vs. high Control plane intensive geographies Does economics play a role? How does it affect planning cycles? Converged Network Model De-Converged Network Model

Globally ~2500 large DDoS attacks happen every day (about 2.5 Mn attacks every year) BOSS BOT Chief Infected Computer

Zombies Target / Victim Zombies Clean Traffic DDoS attacks can be mitigated using behavioral analysis, black list filtering,protocol validation techniques etc., in a DDoS Scrubbing Farm DDOS Scrubbing farm How can we defend DDoS attacks?

Zombies Target Zombies Clean Traffic Zombies Regional Scrubbing Farm + In premise DDoS mitigation infrastructure are not an alternative for obvious reasons. + Firewall, IDS, IPS, Antivirus are a different ballgame Cloud based distributed mitigation vs. in premise mitigation So Tata Communications has deployed a global distributed scrubbing farm that scrubs attack traffic regionally

Anycast on-ramping Target Zombies Advertise /32 of the target GRE Tunnel Anycast GRE How can you seamlessly add / remove scrubbing farms as the attack evolves quickly?

Case Study | Large Service provider Large Service Provider in Asia.Typical traffic towards one particular destination – Mbps20Gbps Attack from Europe and American zombies

Case Study | Large Service provider Bandwidth Attack – Avg Packet size = 1KB

14CORPORATE 14 Tata Communications IPv6 Context

Learnings from the IPv6 deployment journey Global backbone Have you tried deploying 6 PE with a hierarchical design? Swapping 6PE service labels have no standard mechanisms across leading vendors. Every vendor has a different way of generating the 6PE service labels Tata Communications deploys a global native dual stack backbone with native IPv6 IGP and BGP

Global Dual Stack IGP deployment V4 and v6 Topology V4 Topology V6 Topology Tata Communication's deploys Multi-topology ISIS This gives us the flexibility of steering IPv6 and IPv4 traffic on different topologies as vendors evolved their IPv6 support / maturity Integrated Topology view Multi Topology view

Summary Innovation in network engineering is being driven by challenging global network trends of exponential traffic growth vis a vis zero tolerance expectations Network analytics of control and data plane uncovers interesting perspectives related to technical behavior of various market segments. These insights can be innovatively applied in network engineering/design. Tackling todays multi gigabit DDoS attacks is best done using a global distributed / intelligent DDoS scrubbing infrastructure. In premise DDoS mitigation infrastructure are not an alternative.

Summary Since we started our IPv6 Network journey 10 years back, we had several learnings that prompted us to deploy a unique global dual stack and multi- topology infrastructure Build your network infrastructure not based on “generic best practices” but based on in-depth contextual analytics / focused instrumentation and technical / business merit !

Thank you and Happy Innovating for your network!