Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.

Photonic TeraStream and ODIN By Jeremy Weinberger The iCAIR iGRID2002 Demonstration Shows How Global Applications Can Use Intelligent Signaling to Provision.

Securing, Connecting, and Scaling in Windows Azure Name Title Microsoft Corporation.

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.

Automated Network Management

Dynamic Topology Optimization for Supercomputer Interconnection Networks Layer-1 (L1) switch –Dumb switch, Electronic “patch panel” –Establishes hard links.

Guide to Network Defense and Countermeasures Second Edition

PortLand: A Scalable Fault-Tolerant Layer 2 Data Center Network Fabric. Presented by: Vinuthna Nalluri Shiva Srivastava.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.

Traffic Engineering With Traditional IP Routing Protocols

CS599 Software Engineering for Embedded Systems1 Software Engineering for Real-Time: A Roadmap Presentation by: Mandar Samant Raghbir Singh Banwait.

Information Security in Real Business Asian Connection and Craig.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Information Security in Real Business

1 University of WashingtonComputing & Communications The Indeterminate Internet Denial isn’t just a river… Terry Gray University of Washington Reconnections.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.

University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.

1 University of WashingtonComputing & Communications UW Network Status 2006 Terry Gray Computing Support Meeting 13 February 2006.

NEtwork MObility By: Kristin Belanger. Contents Introduction Introduction Mobile Devices Mobile Devices Objectives Objectives Security Security Solution.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

3/21/001 What did we learn at this workshop? Dan Nessett, moderator Usenix Special Workshop on Intelligence At the Network Edge San Francisco, CA March.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

CSC-682 Advanced Computer Security Analyzing Websites for User-Visible Security Design Flaws Pompi Rotaru Based on an article by : Laura Falk, Atul Prakash,

1 Evolving a Manageable Internet Tom Anderson University of Washington.

©2015 EarthLink. All rights reserved Cloud Express ™ Optimize Your Business & Cloud Networks.

Self-Managed Networks: Dream or Reality? Jawad Khaki Corporate Vice President Windows Networking & Device Technologies.

1 An Overview of Power Quality Problems In Transportation and Isolated Power Systems Paulo F. Ribeiro Calvin College / BWX Technologies, Inc Grand Rapids,

1 Root-Cause VoIP Troubleshooting Optimizing the Process Tim Titus CTO, PathSolutions.

Tussle in Cyberspace: Defining Tomorrow’s Internet Presented by: Khoa To.

Pervasive Collaborative Computing Jawad Khaki Corporate Vice President Microsoft Corporation Windows Networking & Communications © 2003 Microsoft Corporation.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.

End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.

Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.

1 Chapter 14-16a Internet Routing Review. Chapter 14-16: Internet Routing Review 2 Introduction Motivation: Router performance is critical to overall.

Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.

Tempest: An Architecture for Scalable Time-Critical Services Mahesh Balakrishnan Amar Phanishayee Tudor Marian Professor Ken Birman.

Can we save the OPEN Internet? with focus on The Two-Port Internet Problem and what to do about it Terry Gray Designated Prophet of Doom University of.

Why Window’s Firewall? Free and included with the OS Easy to use Management is thru Active Directory Windows Firewall.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,

Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.

Central Management of 300 Firewalls and Access-Lists Fabian Mauchle TNC 2012 Reykjavík, 21-May-2012.

Stop Those Prying Eyes Getting to Your Data

Confluent vs. Splittable Flows

Module Overview Installing and Configuring a Network Policy Server

Introducing Novell IPv6 Stack

A Novel Framework for Software Defined Wireless Body Area Network

“Detective”: Integrating NDT and E2E piPEs

An Engineering Approach to Computer Networking

Architecture and Principles

Network Security in Academia: an Oxymoron?

firewalls and fate zones: operational impact

Presentation transcript:

Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor, CS&E

Theme  "Every day's a winding road" -S. Crow  "Every day's a research experiment" -T. Gray

Questions  Seen any 404s go away by themselves lately?  Is the trend getting better or worse?  What is the max retry count in MS Windows?  TcpMaxDataRetransmissions = ?  Could there be a connection?

Thesis  The (open) Internet died in 2003 at the hands of slammer and blaster  It's no longer about pervasive connectivity… now it’s all about (selective) isolation  Tolerance for, and frequency of, glitches.. is increasing  Current Internet model is busted… e.g. silent failures, poor diagnostics

Buzz Words  trust-mediated  convergence/virtualization

Miscellany  Perimeter Protection Paradox  Good ol' days of the network utility model  Defense-in-Depth vs MTTD, etc Claim:  M-T-to-penetration, innovation, diagnosis ~ d**2  How many arbitrary PEPs before the overall system becomes non-deterministic?

Trends  Software-defined networks  Personal lambdas  Port 80/443 tunneling to get thru firewalls  Encryption  End-point firewalls (changes diagnostic picture)  More policy boundaries; less effective  Regulation/compliance

Imagine  Being in a NOC with an irate customer on the phone:  Customer: "Is the network broken?"  NOC: "I give up, is it?“

Hard problems  DDOS  Worsening MTTG  Diagnosis complexity (MTTD)  Provisioning complexity (vs. network utility)  Mismatch between best and common deployment e.g. tcp retry count, duplex mismatch, stack-tuning  S/N ratio of behavioral IDS monitors  Path policy discovery  Trust management  Policy enforcement is silent; looks like net failure

Hard problems (cont’d)  Managing heterogenity: bugs, conventions (jumbos)  Organizational vs. geographic topologies  Scaling personal lambdas  Managing/diagnosing with e2e encryption  Exception management  Seduction of more protocols (e.g. MTR)  Attribution vs. anonymity  Multicast fault containment  Optimal fault-zone sizing

Conclusions  Plenty of work to do  Help needed now!  Current problems must inform future/clean-slate proposals