際際滷

際際滷Share a Scribd company logo

4th SDN Interest Group Seminar-Session 2-1(130313)

NAIM Networks, Inc.
NAIM Networks, Inc.

讌 2013 3 13 讌 4谿 SDN Interest Group Seminar 覦 襭 .

1 of 17
Downloaded 40 times
2013 OpenFlow Korea All Rights Reserved SDN 牛 螳ロ螻 壱 覲伎 襭 Mar, 2013 OpenFlow Korea (www.OPENFLOW.or.kr) 覦 : 譬 蠍一襷る James.ahn.99@gmail.com
2013 OpenFlow Korea All Rights Reserved Agenda ONUG 蟠 5螳讌 SDN 蟯 覲伎 碁 覲伎 Open Source / 譴 螻 OpenSAFE / FlowScale 螳/SDN 蟯 覲伎 () 覲伎 蟯 SDN 蠍一 覲伎 觜讀 覈() 覦覯 IDS/IPS TMS SP蟆曙 Last Mile 觜
2013 OpenFlow Korea All Rights Reserved ONUG 蟠 5螳讌 Open Networking User Group(ONUG) SDN 5螳 蟠 1. Open Network 誤 ろ語: OpenFlow煙 譴讌 SDN 貊碁,り骸 覃磯欧 れ豺 危朱伎 煙 覃, Software-Defined Network ろ語 覓朱Μ/螳 れ豺 り骸 襯 讌 る 蟾讌 2. Open Networking 覯るれ 譴襴: 轟 覯る 譟 讌 螻 覲旧 危朱伎, 貊碁,, 覓朱Μ/螳 れ豺, ろ語 觜, ろ語 るΜ貊 炎骸 蟆 郁屋 3. Open networking 語る企(Northbound) API襯 牛 襦蠏碁 螳ロ ろ語襯 覩: ろ語 CLI(Command Line Interface) 襦觜碁 煙 讌 蠍郁鍵 襴貅伎 ろ襴讌 れろ碁伎 煙 貊 伎觜襯 蟆 螳. 語る企 API 襦 襴貅伎企 ろ語 觜る り 蟆 覈旧朱 觜襯願 レ 螻牛. 4. ろ語 螳(Visibility) 覈磯(Monitoring) 讀螳: 碁觚, り, 碁 襴 豕 煙 螳 伎 . 螳讌 碁 覿企 Big Data讌れ ろ語 伎 煙 れ螳朱 襦 伎 . 5. Open Networking 觜讀 覈語 : 觜讀 覈 螳覦 /讌/觜 襷 蟆 螻, 殊企螻 襴豺襯 燕 覃 覯る 螳螳 伎旧 SDN 覦企ゼ 襷 . 2013 2 14 Korea襯 觜讀 覈
2013 OpenFlow Korea All Rights Reserved 覲伎 碁 一危磯 2013 03 06 () 企殊磯 讌 ろ語 覲伎 蠍一 譴伎 .覓朱Μ揃螳 ろ語 覲伎 誤襴れ 襴貅伎揃 語 蠍一 螻牛覃, 危朱伎 螻糾鴬螻 VM螳 螻糾鴬 覦危. 螳 貉碁,襯 伎 企 VM 碁曙 危覃, VM螳 碁曙 覦危螻, 螳 蟆 螳煙 螻牛も.. SDN central By: Nikos Theodosopoulos Posted: Feb. 08, 2013 What (if Any) Part of the Networking Value Chain Will Be Disrupted by SDN? .Now lets look at Layer 4-7 (e.g. security, load balancing, application delivery control, deep packet inspection etc.). What I find interesting here is several of the SDN private company fund raising in the past several months were for companies attacking this segment of the networking value chain. Several industry people I speak to suggest that Layer 4-7 will actually be the first area of SDN deployment in data centers given the need to provision and manage policies/applications/security at scale in the data center, which proves to be difficult when managing multiple single purpose appliances and that managing this in the application layer within the SDN model potentially provides a more flexible, elegant and scalable solution..
2013 OpenFlow Korea All Rights Reserved 覲伎 Open Source / 譴 螻 FortNOX: 覦 蠍磯 SE-FloodLight (Security Extended version of BigSwitch)襦 狩 蠍磯レ 譴觜 譴 螻糾鴬 螳讌 (蠍一ヾ 殊 蠍一 螳) Authentication (蟯襴 語) れ豺 Flow 豌襴 焔 螻 レ Launching 譴螻 語 螻 FRESCO: ろ襦 貊碁, ろ襦 襴貅伎 螻豸 伎 觜襯 覲伎 伎 螳讌 覈, 蠏碁Μ螻 企れ 蟲燕 覲伎 觜るゼ 螻殊 OpenFlow 襴貅伎 . Resonance: NOX OpenFlow襯 NAC(Network Access Control) 襴貅伎 (Georgia Tech University) Security Requirements in the Software Defined Networking Model : IETF 譴 襦貊企, ろ襦一 螳 SDN 貊碁,煙企 襴貅伎 伎 豢螳 蠍磯レ 襦 Cloud Management Platform (CMP) 螻 OpenStack Quantum (殊壱企 覲伎 煙 蠍磯 螻) Stateful Firewall 蠍壱 覲伎 蠍磯 LBaaS (Load Balancing as a Service)
2013 OpenFlow Korea All Rights Reserved OpenSAFE / FlowScale
2013 OpenFlow Korea All Rights Reserved 螳/SDN 蟯 覲伎 () 覦覯 螳 危殊伎語 (Virtual Appliance) () 1 virtual CPU or 2 virtual CPUs at 1.5 GHz / RAM: 2 GB / Hard disk: 3 GB Network interfaces 3螳: Data interface (VSG-to-VEM) / 蟯襴 / High-availability interface 豕 焔 : 1.2 Gbps / 400 Mpps / 200,000 語 / 豐 10,000 語 / VPN 200 Mbps / 豕 VPN 磯 750 ろ語 蠍磯: IEEE 802.1Q VLAN encapsulation / Traffic types: Unicast, broadcast, multicast, TCP, and User Datagram Protocol (UDP) / Jumbo frame support (up to 9216 bytes) / VXLAN aware UTM 螳 危殊伎語 () VMware, Citrix, Microsoft Hyper-V, KVM 讌 Specifications: 1.5+ GHz processor / 1 GB RAM / 20 GB hard disk / Bootable CD-ROM / 2 or more network cards / 1 GB RAM / 40 GB IDE or SCSI hard disk drive / 3 PCI-NICs (Internet, Local Net, Demilitarized Zone) SSL VPN 蟆危語 螳 危殊伎語 () License Server Licensing (れ 讌) Subscription Licensing (讌覲伎/讌 ) 一 : 1,2, 3 : 2500, 5000, 7500, 10K, 15K, 20K, 25K 朱 SDN 貊碁, 覓朱Μ れ豺 企 螳 危殊伎語れ VM 朱 螳讌 企 豺 狩 ろ語 豈 讌 NAC VM MAC語朱 豈 覃 VM ろ襦(Sprawl) 螳
2013 OpenFlow Korea All Rights Reserved 覲伎 蟯 SDN 蠍一 1. Embrane : 螳 蟆曙 Site-to-Site VPN 蠍磯レ 螳讌 覿 覦覯, 覿 襦覦碁一 蠏碁Μ螻 企れ 蟯襴 SDN 貊碁, 螻牛覃, 伎 譴 譴 豌襴ルレ レ蟇磯 ろ語 曙 . API襯 襦蠏碁 螳ロ覃 伎 蠍磯レ 螻 . (SP襯 螳蟆 豈) 2. Qosmos : れ螳朱 ろ語 碁曙 覲螻 覿襯 覦 豢豢 DPI蠍一 Network Intelligence 蠍一 襷ろ覃, 企ゼ 伎 襦貊 覦 襦蠏碁 覲蠍磯 螻糾骸 覃一危 覦 貊豸 豢豢 一危 襦磯ゼ 讌 . 企ゼ 伎 豢螳 襦貊 蟯襴 レ 覦 蠍磯讌襯 襦貊 蠏語 SDK襯 伎 襷 蠏語 煙 螳ロ. Qosmos 蠍一 覯 螳豌, 企 覲伎, 碁 豕, QoS 蟯襴, 覈覦 覦 貊豸 觜襷, 豌 譟一煙 襭 レ. (覲伎 : Next Generation Firewalls, SIEM/NBAD Solutions, Content Extraction for DLP and Malware, and DDoS Mitigation.) 3. Insieme Networks : Stealth Mode 企 螻焔レ 觚(Fabric) 貊碁,襯 螳覦 譴朱 れ 朱 , 螻讌 leaf-spine 一危一狩 ろ語襯 豌 一危一狩 誤朱 覓朱 れろ碁伎 燕 蟆企手 . 觚襴 貊碁, application-defined networking 朱 ろ語 覲伎 蠍磯レ 蟲 螳ロ SDN 蠍磯 蠍一 蟆 蟆企 L4-L7 蠍磯レ ASIC 螳覦 譴朱 れ螻 .
2013 OpenFlow Korea All Rights Reserved Qosmos/Insieme Networks: L4-7 覲伎 Data Plane Traffic L4-7 襦貊 & 襴貅伎 蠍壱 P2P e覃 觜 觜 豕 覿 : NBAD, DLP, TMS, NG Firewall QoS/QoE VoLTE 貉豸 磯 : SDN 貊碁, 磯 IM
2013 OpenFlow Korea All Rights Reserved vArmour: SDSec (Software Defined Security) SDN Controller Stealthy SDN security play : (Total US$8M)襯 覦 螳覦 譴 SDSec 蠍一 螳: ASG(Application Security Gateway)螳 螳朱 覯 襦蠏(Rogue) 襴貅伎 螳讌覃 SDN 貊碁,襦 碁ゼ 覲企 貊碁,螳 ろ襦 れ豺 伎 (Forwarding Plane) 覲蟆渚 螳朱 覯襯 蟆襴 豺襭 れ れ 伎 覲糾 .
2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): 覦覯 螳 蟆曙 SDN 覦覯 觜讀 覈() 螳 : 襴る 危殊伎語れ 覦覯 貊襯 螳 覯 螳 SDN 貊碁, 誤: SDN 貊碁, れ 覦覯 襴貅伎 螻 OpenFlow 覯: ろ 襦磯ゼ 伎 觜るゼ ろ襦 襦貊 覯 蠏碁企 螻 螻 れ豺 磯: ろ襦 るジ 覯 ろ(Specification) れ豺 郁屋 螻 貊碁, 伎 App 誤: 貊碁, 螻旧ヾ OpenFlow App れ 焔 螻 覈 レ 襦襷: 1) 覦覯 焔レ 螳, 2) OpenFlow 磯, 3) SDN 貊碁, 磯, 4) 覲伎 CMP 讌 譴 豈 蟯襴 襦 蠍磯( , VPN, NAT, DHCP, 殊壱 焔) 豢螳 螻 螳 覯 危朱伎 襴 覦覯 vNIC vNIC vSwitch 襴 轟覯 vNIC 襴 煙覯 vNIC 襴 DB覯 vNIC vSwitch NIC SDN Controller Orchestration
2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): リ鍵 螻 覦覯 Orchestration Plane Control Plane SDN/MAC Learning Data Plane Underlying Network VM Tenant 1 vNIC VM Tenant 2 vNIC VM Tenant 1 vNIC 覓朱Μ れ豺螳 れ豺 危朱伎 螳 れ豺 危朱伎 NAT 覦覯 VPN IP ろ語 Encapsulation: VLAN/GRE/VXLAN/NVFRE/STT. VM Tenant 2 NIC Quantum Operation & Monitoring Plane sFlow Ganglia Puppet
2013 OpenFlow Korea All Rights Reserved Quantum API Clients Cloud Management Platform (CMP) 螻れ 覲旧 Tenant 螳讌: 覦覯曙 Tenant 覲襦 蟲覿 碁曙 蟆襴 覦覯 豈 ろ OpenFlow vSwitch: 磯 覦覯 蠍磯 螻 Quantum Firewall: 螳 Tenant Firewall agent Linux Firewall Box Quantum 焔: OpenStack Quantum 譴 伎 企轟: Cloud 觜 伎 蟆渚 覿譟 覦 覲伎 企轟 覿覿 覲 譟一 觜讀 蟆: 蟲襷 企 螻 襷 企轟 蠍一 危 螳 CMP 蟆曙 螳 覃, 企ゼ 螻ろ 觜讀 覈 螳 Orchestration Plane Control Plane SDN/MAC Learning Data Plane Underlying Network VM Tenant 1 vNIC VM Tenant 2 vNIC VM Tenant 1 vNIC 覓朱Μ れ豺螳 れ豺 危朱伎 螳 れ豺 危朱伎 NAT 覦覯 VPN IP ろ語 Encapsulation: VLAN/GRE/VXLAN/NVFRE/STT. VM Tenant 2 NIC Quantum 覲伎 觜讀 覈(): リ鍵 螻 覦覯
2013 OpenFlow Korea All Rights Reserved OpenFlow Area Drop Actions OpenFlow pSwitch Data Center 3. Drop or QoS Action 2. Security Event 1. IDS/IPS Snort Suricata OpenFlow/SDN Controller 14 覲伎 觜讀 覈(): IDS/IPS 螻れ OpenFlow 磯 IDS 殊 : 谿/ 豺 OpenFlow vSwitch/pSwitch FortNOX SE-FloodLight 螳 レ: 覲旧 SDN 貊碁, 郁屋 螻 譴蟯襴 螳 覲旧 Tenant 螳讌 (IDSaaS) CMP(Quantum) 螻 Embedded SDN 蟆 螻 OpenFlow based vSwitch MAC Srce. MAC Dest. Srce. IP Dest. IP Source TCP Port Dest. TCP Port Action * * 192.168.10.20 * * * Drop
2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): TMS MAC Srce. MAC Dest. Srce. IP Dest. IP Source TCP Port Dest. TCP Port Action * * * 192.168.10.20 80 * Port 3 螻れ DDoS 螻糾鴬 谿 TMS (Treat Management System) 覿 DDoS 讌 殊れ 蟯襴 蟆危語 碁 觜 ろ SDN 貊碁, 磯 譴蟯襴 SDN 貊碁, (螳讌 Target IP 譯殊 碁 TMS 壱 覈 Flow) FortNOX SE- FloodLight 螳 螳 覲旧 Tenant 螳讌 CMP(Quantum) 螻 pSwitch/vSwitch pSwitch/vSwitch OpenFlow/SDN Controller TMS 3. DDoS 螻糾鴬 Target Host IP 譯殊 碁曙 TMS襦 襦 覲蟆 Target Host 1. DDoS 殊 蟆危語伎 螻糾鴬 螳讌 Target Host IP 譯殊襯 SDN 貊碁,襦 2. DDoS 螻糾鴬 磯 碁曙
2013 OpenFlow Korea All Rights Reserved 譴 螻 覲伎 觜讀 覈() : SP Core Metro MetroData Center Hybrid SDN Overlaid SDN Embedded SDN Access Slice Service 覲伎 觜 Multi-Tenant SDN Agent SDN Agent SDN Agent SDN Agent Slice/DevOps 蟯襴 ろ 螻れ 螳螳 蟆襴 碁 覈 レ 譴蟯襴 覲旧 Tenant 螳讌 覲伎 螳ロ SP Last Mile OpenFlow れ豺
2013 OpenFlow Korea All Rights Reserved OpenFlow Korea (www.OPENFLOW.or.kr)

More Related Content

4th SDN Interest Group Seminar-Session 2-1(130313)

  • 1. 2013 OpenFlow Korea All Rights Reserved SDN 牛 螳ロ螻 壱 覲伎 襭 Mar, 2013 OpenFlow Korea (www.OPENFLOW.or.kr) 覦 : 譬 蠍一襷る James.ahn.99@gmail.com
  • 2. 2013 OpenFlow Korea All Rights Reserved Agenda ONUG 蟠 5螳讌 SDN 蟯 覲伎 碁 覲伎 Open Source / 譴 螻 OpenSAFE / FlowScale 螳/SDN 蟯 覲伎 () 覲伎 蟯 SDN 蠍一 覲伎 觜讀 覈() 覦覯 IDS/IPS TMS SP蟆曙 Last Mile 觜
  • 3. 2013 OpenFlow Korea All Rights Reserved ONUG 蟠 5螳讌 Open Networking User Group(ONUG) SDN 5螳 蟠 1. Open Network 誤 ろ語: OpenFlow煙 譴讌 SDN 貊碁,り骸 覃磯欧 れ豺 危朱伎 煙 覃, Software-Defined Network ろ語 覓朱Μ/螳 れ豺 り骸 襯 讌 る 蟾讌 2. Open Networking 覯るれ 譴襴: 轟 覯る 譟 讌 螻 覲旧 危朱伎, 貊碁,, 覓朱Μ/螳 れ豺, ろ語 觜, ろ語 るΜ貊 炎骸 蟆 郁屋 3. Open networking 語る企(Northbound) API襯 牛 襦蠏碁 螳ロ ろ語襯 覩: ろ語 CLI(Command Line Interface) 襦觜碁 煙 讌 蠍郁鍵 襴貅伎 ろ襴讌 れろ碁伎 煙 貊 伎觜襯 蟆 螳. 語る企 API 襦 襴貅伎企 ろ語 觜る り 蟆 覈旧朱 觜襯願 レ 螻牛. 4. ろ語 螳(Visibility) 覈磯(Monitoring) 讀螳: 碁觚, り, 碁 襴 豕 煙 螳 伎 . 螳讌 碁 覿企 Big Data讌れ ろ語 伎 煙 れ螳朱 襦 伎 . 5. Open Networking 觜讀 覈語 : 觜讀 覈 螳覦 /讌/觜 襷 蟆 螻, 殊企螻 襴豺襯 燕 覃 覯る 螳螳 伎旧 SDN 覦企ゼ 襷 . 2013 2 14 Korea襯 觜讀 覈
  • 4. 2013 OpenFlow Korea All Rights Reserved 覲伎 碁 一危磯 2013 03 06 () 企殊磯 讌 ろ語 覲伎 蠍一 譴伎 .覓朱Μ揃螳 ろ語 覲伎 誤襴れ 襴貅伎揃 語 蠍一 螻牛覃, 危朱伎 螻糾鴬螻 VM螳 螻糾鴬 覦危. 螳 貉碁,襯 伎 企 VM 碁曙 危覃, VM螳 碁曙 覦危螻, 螳 蟆 螳煙 螻牛も.. SDN central By: Nikos Theodosopoulos Posted: Feb. 08, 2013 What (if Any) Part of the Networking Value Chain Will Be Disrupted by SDN? .Now lets look at Layer 4-7 (e.g. security, load balancing, application delivery control, deep packet inspection etc.). What I find interesting here is several of the SDN private company fund raising in the past several months were for companies attacking this segment of the networking value chain. Several industry people I speak to suggest that Layer 4-7 will actually be the first area of SDN deployment in data centers given the need to provision and manage policies/applications/security at scale in the data center, which proves to be difficult when managing multiple single purpose appliances and that managing this in the application layer within the SDN model potentially provides a more flexible, elegant and scalable solution..
  • 5. 2013 OpenFlow Korea All Rights Reserved 覲伎 Open Source / 譴 螻 FortNOX: 覦 蠍磯 SE-FloodLight (Security Extended version of BigSwitch)襦 狩 蠍磯レ 譴觜 譴 螻糾鴬 螳讌 (蠍一ヾ 殊 蠍一 螳) Authentication (蟯襴 語) れ豺 Flow 豌襴 焔 螻 レ Launching 譴螻 語 螻 FRESCO: ろ襦 貊碁, ろ襦 襴貅伎 螻豸 伎 觜襯 覲伎 伎 螳讌 覈, 蠏碁Μ螻 企れ 蟲燕 覲伎 觜るゼ 螻殊 OpenFlow 襴貅伎 . Resonance: NOX OpenFlow襯 NAC(Network Access Control) 襴貅伎 (Georgia Tech University) Security Requirements in the Software Defined Networking Model : IETF 譴 襦貊企, ろ襦一 螳 SDN 貊碁,煙企 襴貅伎 伎 豢螳 蠍磯レ 襦 Cloud Management Platform (CMP) 螻 OpenStack Quantum (殊壱企 覲伎 煙 蠍磯 螻) Stateful Firewall 蠍壱 覲伎 蠍磯 LBaaS (Load Balancing as a Service)
  • 6. 2013 OpenFlow Korea All Rights Reserved OpenSAFE / FlowScale
  • 7. 2013 OpenFlow Korea All Rights Reserved 螳/SDN 蟯 覲伎 () 覦覯 螳 危殊伎語 (Virtual Appliance) () 1 virtual CPU or 2 virtual CPUs at 1.5 GHz / RAM: 2 GB / Hard disk: 3 GB Network interfaces 3螳: Data interface (VSG-to-VEM) / 蟯襴 / High-availability interface 豕 焔 : 1.2 Gbps / 400 Mpps / 200,000 語 / 豐 10,000 語 / VPN 200 Mbps / 豕 VPN 磯 750 ろ語 蠍磯: IEEE 802.1Q VLAN encapsulation / Traffic types: Unicast, broadcast, multicast, TCP, and User Datagram Protocol (UDP) / Jumbo frame support (up to 9216 bytes) / VXLAN aware UTM 螳 危殊伎語 () VMware, Citrix, Microsoft Hyper-V, KVM 讌 Specifications: 1.5+ GHz processor / 1 GB RAM / 20 GB hard disk / Bootable CD-ROM / 2 or more network cards / 1 GB RAM / 40 GB IDE or SCSI hard disk drive / 3 PCI-NICs (Internet, Local Net, Demilitarized Zone) SSL VPN 蟆危語 螳 危殊伎語 () License Server Licensing (れ 讌) Subscription Licensing (讌覲伎/讌 ) 一 : 1,2, 3 : 2500, 5000, 7500, 10K, 15K, 20K, 25K 朱 SDN 貊碁, 覓朱Μ れ豺 企 螳 危殊伎語れ VM 朱 螳讌 企 豺 狩 ろ語 豈 讌 NAC VM MAC語朱 豈 覃 VM ろ襦(Sprawl) 螳
  • 8. 2013 OpenFlow Korea All Rights Reserved 覲伎 蟯 SDN 蠍一 1. Embrane : 螳 蟆曙 Site-to-Site VPN 蠍磯レ 螳讌 覿 覦覯, 覿 襦覦碁一 蠏碁Μ螻 企れ 蟯襴 SDN 貊碁, 螻牛覃, 伎 譴 譴 豌襴ルレ レ蟇磯 ろ語 曙 . API襯 襦蠏碁 螳ロ覃 伎 蠍磯レ 螻 . (SP襯 螳蟆 豈) 2. Qosmos : れ螳朱 ろ語 碁曙 覲螻 覿襯 覦 豢豢 DPI蠍一 Network Intelligence 蠍一 襷ろ覃, 企ゼ 伎 襦貊 覦 襦蠏碁 覲蠍磯 螻糾骸 覃一危 覦 貊豸 豢豢 一危 襦磯ゼ 讌 . 企ゼ 伎 豢螳 襦貊 蟯襴 レ 覦 蠍磯讌襯 襦貊 蠏語 SDK襯 伎 襷 蠏語 煙 螳ロ. Qosmos 蠍一 覯 螳豌, 企 覲伎, 碁 豕, QoS 蟯襴, 覈覦 覦 貊豸 觜襷, 豌 譟一煙 襭 レ. (覲伎 : Next Generation Firewalls, SIEM/NBAD Solutions, Content Extraction for DLP and Malware, and DDoS Mitigation.) 3. Insieme Networks : Stealth Mode 企 螻焔レ 觚(Fabric) 貊碁,襯 螳覦 譴朱 れ 朱 , 螻讌 leaf-spine 一危一狩 ろ語襯 豌 一危一狩 誤朱 覓朱 れろ碁伎 燕 蟆企手 . 觚襴 貊碁, application-defined networking 朱 ろ語 覲伎 蠍磯レ 蟲 螳ロ SDN 蠍磯 蠍一 蟆 蟆企 L4-L7 蠍磯レ ASIC 螳覦 譴朱 れ螻 .
  • 9. 2013 OpenFlow Korea All Rights Reserved Qosmos/Insieme Networks: L4-7 覲伎 Data Plane Traffic L4-7 襦貊 & 襴貅伎 蠍壱 P2P e覃 觜 觜 豕 覿 : NBAD, DLP, TMS, NG Firewall QoS/QoE VoLTE 貉豸 磯 : SDN 貊碁, 磯 IM
  • 10. 2013 OpenFlow Korea All Rights Reserved vArmour: SDSec (Software Defined Security) SDN Controller Stealthy SDN security play : (Total US$8M)襯 覦 螳覦 譴 SDSec 蠍一 螳: ASG(Application Security Gateway)螳 螳朱 覯 襦蠏(Rogue) 襴貅伎 螳讌覃 SDN 貊碁,襦 碁ゼ 覲企 貊碁,螳 ろ襦 れ豺 伎 (Forwarding Plane) 覲蟆渚 螳朱 覯襯 蟆襴 豺襭 れ れ 伎 覲糾 .
  • 11. 2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): 覦覯 螳 蟆曙 SDN 覦覯 觜讀 覈() 螳 : 襴る 危殊伎語れ 覦覯 貊襯 螳 覯 螳 SDN 貊碁, 誤: SDN 貊碁, れ 覦覯 襴貅伎 螻 OpenFlow 覯: ろ 襦磯ゼ 伎 觜るゼ ろ襦 襦貊 覯 蠏碁企 螻 螻 れ豺 磯: ろ襦 るジ 覯 ろ(Specification) れ豺 郁屋 螻 貊碁, 伎 App 誤: 貊碁, 螻旧ヾ OpenFlow App れ 焔 螻 覈 レ 襦襷: 1) 覦覯 焔レ 螳, 2) OpenFlow 磯, 3) SDN 貊碁, 磯, 4) 覲伎 CMP 讌 譴 豈 蟯襴 襦 蠍磯( , VPN, NAT, DHCP, 殊壱 焔) 豢螳 螻 螳 覯 危朱伎 襴 覦覯 vNIC vNIC vSwitch 襴 轟覯 vNIC 襴 煙覯 vNIC 襴 DB覯 vNIC vSwitch NIC SDN Controller Orchestration
  • 12. 2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): リ鍵 螻 覦覯 Orchestration Plane Control Plane SDN/MAC Learning Data Plane Underlying Network VM Tenant 1 vNIC VM Tenant 2 vNIC VM Tenant 1 vNIC 覓朱Μ れ豺螳 れ豺 危朱伎 螳 れ豺 危朱伎 NAT 覦覯 VPN IP ろ語 Encapsulation: VLAN/GRE/VXLAN/NVFRE/STT. VM Tenant 2 NIC Quantum Operation & Monitoring Plane sFlow Ganglia Puppet
  • 13. 2013 OpenFlow Korea All Rights Reserved Quantum API Clients Cloud Management Platform (CMP) 螻れ 覲旧 Tenant 螳讌: 覦覯曙 Tenant 覲襦 蟲覿 碁曙 蟆襴 覦覯 豈 ろ OpenFlow vSwitch: 磯 覦覯 蠍磯 螻 Quantum Firewall: 螳 Tenant Firewall agent Linux Firewall Box Quantum 焔: OpenStack Quantum 譴 伎 企轟: Cloud 觜 伎 蟆渚 覿譟 覦 覲伎 企轟 覿覿 覲 譟一 觜讀 蟆: 蟲襷 企 螻 襷 企轟 蠍一 危 螳 CMP 蟆曙 螳 覃, 企ゼ 螻ろ 觜讀 覈 螳 Orchestration Plane Control Plane SDN/MAC Learning Data Plane Underlying Network VM Tenant 1 vNIC VM Tenant 2 vNIC VM Tenant 1 vNIC 覓朱Μ れ豺螳 れ豺 危朱伎 螳 れ豺 危朱伎 NAT 覦覯 VPN IP ろ語 Encapsulation: VLAN/GRE/VXLAN/NVFRE/STT. VM Tenant 2 NIC Quantum 覲伎 觜讀 覈(): リ鍵 螻 覦覯
  • 14. 2013 OpenFlow Korea All Rights Reserved OpenFlow Area Drop Actions OpenFlow pSwitch Data Center 3. Drop or QoS Action 2. Security Event 1. IDS/IPS Snort Suricata OpenFlow/SDN Controller 14 覲伎 觜讀 覈(): IDS/IPS 螻れ OpenFlow 磯 IDS 殊 : 谿/ 豺 OpenFlow vSwitch/pSwitch FortNOX SE-FloodLight 螳 レ: 覲旧 SDN 貊碁, 郁屋 螻 譴蟯襴 螳 覲旧 Tenant 螳讌 (IDSaaS) CMP(Quantum) 螻 Embedded SDN 蟆 螻 OpenFlow based vSwitch MAC Srce. MAC Dest. Srce. IP Dest. IP Source TCP Port Dest. TCP Port Action * * 192.168.10.20 * * * Drop
  • 15. 2013 OpenFlow Korea All Rights Reserved 覲伎 觜讀 覈(): TMS MAC Srce. MAC Dest. Srce. IP Dest. IP Source TCP Port Dest. TCP Port Action * * * 192.168.10.20 80 * Port 3 螻れ DDoS 螻糾鴬 谿 TMS (Treat Management System) 覿 DDoS 讌 殊れ 蟯襴 蟆危語 碁 觜 ろ SDN 貊碁, 磯 譴蟯襴 SDN 貊碁, (螳讌 Target IP 譯殊 碁 TMS 壱 覈 Flow) FortNOX SE- FloodLight 螳 螳 覲旧 Tenant 螳讌 CMP(Quantum) 螻 pSwitch/vSwitch pSwitch/vSwitch OpenFlow/SDN Controller TMS 3. DDoS 螻糾鴬 Target Host IP 譯殊 碁曙 TMS襦 襦 覲蟆 Target Host 1. DDoS 殊 蟆危語伎 螻糾鴬 螳讌 Target Host IP 譯殊襯 SDN 貊碁,襦 2. DDoS 螻糾鴬 磯 碁曙
  • 16. 2013 OpenFlow Korea All Rights Reserved 譴 螻 覲伎 觜讀 覈() : SP Core Metro MetroData Center Hybrid SDN Overlaid SDN Embedded SDN Access Slice Service 覲伎 觜 Multi-Tenant SDN Agent SDN Agent SDN Agent SDN Agent Slice/DevOps 蟯襴 ろ 螻れ 螳螳 蟆襴 碁 覈 レ 譴蟯襴 覲旧 Tenant 螳讌 覲伎 螳ロ SP Last Mile OpenFlow れ豺
  • 17. 2013 OpenFlow Korea All Rights Reserved OpenFlow Korea (www.OPENFLOW.or.kr)