Brocade Software Networking · 2018. 11. 19. · Brocade SDN Apps Brocade Flow Brocade Flow Brocade...

Brocade Software Networking

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

Agenda

• Industry Trends

• Quick SDN / NFV Overview

• Introduction of Brocade SDN / NFV Portfolio

• Brocade Flow Optimizer REN Use Cases

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION 2

Agenda

• Industry Trends





An Industry in Transition

© 2014 BROCADE COMMUNICATIONS SYSTEMS, INC.

4

1995

2015

7BMobile devices

2B Intern

et Users

1BWebsites

1975 Mainframes, PCs SNA Arch, Private Lines

1st Platform

Client-Server LAN/WAN ,Internet & IP Networks

2nd Platform

IT Relevance Gap

Exp

ecta

tions

Delivery

3rd PlatformCloudMobileSocialData Analytics

“Digital business”

What the 3rd Platform Looks Like

© 2014 BROCADE COMMUNICATIONS SYSTEMS, INC

5

7BMobile devices

2B Intern

et Users

1BWebsites

IT Relevance Gap

Exp

ecta

tions

Delivery

New IP

Storage

Overlay

UnderlayEdge

SDN

NFV

Orch

Fabrics

ComputeNetworkin

g

3rd PlatformCloudMobileSocialData Analytics

“Digital business”

From To

ClosedProprietary HWProprietary OSProprietary AppsReactiveIsolated elementsManualHigh costSlow innovation

OpenCommodity HWOpen Source OSInteroperable AppsProactiveIntegrated systemAutomatedLow costRapid innovation

New IP—Transformation of the NetworkA Customer Driven Disruption


The New Vision

Open with a purpose

Innovation at software speeds

Ecosystem-compatible

solutions

Your pace, your path

How You See It Today

Open source, interoperable protocols

Agility, Training, Partnering, Services

Legacy + NG Features, Open

Interfaces

Solutions with interoperable

components

Agenda

• Industry Trends





Software Defined Networking (SDN)A Programmable Network—Design, Build, Manage


Data Plane

Control Plane

Basic Network Services: Topology Mgr, Switch Mgr, Host Tracker, Stats Mgr

Advantages• Network automation can

integrate with other disciplines

• Less lock-in; Users can choose features to suit their needs

• Networking control can innovate at software speeds

REST APIs

Network protocols like OpenFlow

Applications and Orchestration FrameworksKey Features• Network algorithms

decoupled from Hardware

Network Functions Virtualization (NFV)


Hardware Software

Router

VPN

Firewall

Advantages• Remove hardware lock-in

• Simplify resource planning

• Enable fast service innovation

• Soft upgrades Meet SLAs

• Reduce CAPEX/OPEX

Main Features• Complex networking functions

in software on commodity servers

• Simpler networking functions in commodity networking devices

Agenda

• Industry Trends





Brocade Software NetworkingAgile, Open, Economics


Branch Cloud

IPsec

Brocade vRouter Brocade vRouterWeb Client

Brocade SDN Controller

Brocade vADC

Web Server 1

Web Server 2

Web Server 3

Data Center

Virtualized Core for Mobile

12

Brocade SDN Apps

Brocade Flow Brocade Flow Brocade Visibility

It delivers: Backbone Circuit Provisioning

Provides Network sensor services without disruption

Manages Brocade Packet

Use Cases: Software Defined Backbone

A) Threat MitigationB) Large Flow Monitoring

Optimization

A) Traffic aggregation, and load-balancing to

B) Advance/Expert Interface 3rd-party integration

Target Production Backbone- Enterprise- REN- Colo DC

Production Network:- Campus - DC Core/Border - ISP Peering Router - REN HPC

Visibility Network:- Large Enterprise- REN- DC


13

Brocade OpenFlow-capable Hardware FamiliesThe MLXe Router and ICX Campus product lines


ICX 7450 Switch ICX 7250 Switch ICX 6610 Switch

ICX 6450 Switch ICX 7750 Switch MLXe Series Routers

Agenda

• Industry Trends





15

L2 / L3 Firewall BypassScience-DMZ Use Case

• HPC: High Performance Computing

• DTN: Data Transfer Nodes


Open Daylight

Brocade Flow Optimizer

WAN/Internet

1

HPC/DTNNetwork

Incoming flow from upstream network

Firewall

2

Sent to Firewall for processing

3

4

Brocade Flow Optimizer recognizes this as a trusted flow and programs

Brocade MLXe using the controller to bypass the firewall for this flow

6 ”White-listed” flow now bypasses Firewall and data transfer is faster and more

efficient

Brocade MLXeRouter• L3 MLXe:

• VRF (1 & 6) and OF, or

• PBR (2) for one arm FW traffic and OF (1 & 6)

• BFO 1.2 can ensure flow in both directions is redirected via two action policies (stateful FW)

5


16

Priority Data SuperhighwayCampus Slowpath-Bypass Use Case


Open Daylight

Brocade Flow Optimizer1Incoming flow from

High Performance Workstation/server

2

Routed using normal routed/switched path

3

4

Brocade Flow Optimizer recognizes this as a trusted flow and that it is either a “large flow” or “priority

application”. Programs Brocade ICX/MLXe using the controller to

re-direct the traffic to priority path for this flow

6”White-listed” flow now placed

on priority path and data transfer is faster and more

efficient

Brocade ICX or MLXe

• L2 or L3 redirect action

• Need to ensure flow in both directions is redirected via policy

5



Open Daylight


17

Summary of Additional REN Use Cases

Internet

Brocade

MLXe

REST API


• L7 / Botnet Attack Mitigation

• L2-L4 Volumetric Attack Mitigation

• BGP Remote Triggered Black Hole (RTBH) Mitigation

• DC Flow Management for Policy-based Security

Thank you


Backup



Open Daylight


20

L7 and Botnet Attack Mitigation

Incoming Attack Flow

Internet

Brocade

MLXe

Brocade

MLXe

Brocade

MLXe

1

Brocade Flow Optimizer initiates mirror action.

2

3 4

IDS detects L7 attack (Example; SYN Flood). API to

BFO to discard flow.

MLXe mirrors flows to IDS.

OF “mirror+normal” action.

OF discard action.

5

6

• Adds ability for advanced DDoS detection, up to L7

• Based upon the IDS (Palo Alto, Arbor etc.) detection capability

• API from IDS to BFO initiates additional discard actions

REST API



Open Daylight


21

L2-L4 Volumetric Attack Mitigation


Local Mitigation: Discard Flow (Redirect Optional)

Internet

Brocade

MLXe

Brocade

MLXe

Brocade

MLXe

1

2

Brocade Flow Optimizer recognizes this as a L2-L4 Volumetric Attack.

3

4 5

• Recommended when incoming aggregate attack traffic is 50% or less

• L2 – L4 local mitigation, based on sFlow sampling and DDoS policy

• OF discard action (Automated, Manual)

• 1/10GbE, 40GbE and 100GbE support



Open Daylight


22

BGP Remote Triggered Black-Hole (RTBH) Mitigation


Mitigation: Discard Flow

Internet

Brocade

MLXe

(Triggering

Device)

Brocade

MLXe

Brocade

MLXe

1

2

Brocade Flow Optimizer recognizes this as a L2-L4 Volumetric Attack.

3

4 5

6

Flow Optimizer initiates CLI static route to MLXe.

MLXe advertises BGP Route (ex: /32, /28, /24, /23)

7

8

Upstream BGP router:A) Discards flow to null0, or

B) Re-directs traffic to cleaning site

• L2 – L4 local mitigation does not protect upstream link

• If upstream link is congested above 50% by DDoS, add ability for RTBH to uncongest

• RTBH is a well known Internet operation

• Automated RTBH reduces mitigation time from 15 minutes or hours ->


23

L2 Firewall BypassScience-DMZ Use Case




Open Daylight


WAN/Internet

1

HPC/DTNNetwork


Firewall

2


3

4




efficient

Brocade MLXeRouter

• L2 MLXe

• BFO 1.2 can ignore, push, pop or modify VLAN ID


5


24

L3 Firewall BypassScience-DMZ Use Case




Open Daylight


WAN/Internet

1

HPC/DTNNetwork


Firewall

2


3

4




efficient

Brocade MLXeRouter• L3 MLXe:

• VRF (1 & 6) and OF, or

• PBR (2) for one arm FW traffic and OF (1 & 6)


5



Enterprise DC Flow Management for Policy-Based SecurityOperator driven or sFlow threshold driven policy enforcement for large trusted flows

Enterprise Datacenter 1One-armed Firewall

Trusted Traffic Flow

WAN

Inline Firewall

Enterprise Datacenter 2

Default Traffic FlowBrocade

SDN Controll

er

Brocade Flow

Optimizer

Internet

Brocade Software Networking · 2018. 11. 19. · Brocade SDN Apps Brocade Flow Brocade Flow Brocade...

Documents

Transcript of Brocade Software Networking · 2018. 11. 19. · Brocade SDN Apps Brocade Flow Brocade Flow Brocade...