radware sdn-based solutions - dns.cz · radware’s sdn applications leverage sdn technologies to...
TRANSCRIPT
Copyright © 2013 Radware
About Radware
Slide 2
Over 10,000 Customers Global Technology Partners
- and Application Security Solutions
Attack Mitigation System • DDoS attacks Protection
• Intrusion Prevention
• Web Application Protection
IPS WAF Anti-DoS
Global Leader of Application Delivery
ADC Solutions • L4-L7 Server Load Balancing
• Application Acceleration
• SSL Offloading
SLB Acceleration
Leverage SDN to create:
• More intelligent application delivery and security deployments
• Simpler implementations
• Lower solution costs
• Higher scalability
• Easier and abstracted operation
Enabling a smarter network.
Copyright © 2013 Radware
Current Network Challenges
Slide 3
• Current networks are static, complicated
• Manually managed, device at a time
• Missing application awareness
• Per device S/W packaging of features causes very
slow roll out of new capabilities
• Application velocity of changes far exceed
the pace of network changes
Application delivery and security are implemented
as devices at specific junctions of the network
and traffic flows → limited decision making
Copyright © 2013 Radware
Centralized Network Controller
Network Fabric
Data
forwarding
• SDN separates and centralizes the control plane of the network
• The network becomes dynamic and programmable
Slide 4
Data
forwarding Data
forwarding
Data
forwarding
control
control
control control
Dynamic Network
SDN – The Solution Enabling Architecture
Copyright © 2013 Radware
How is SDN most applicable to your challenges?
Slide 5
Deploy Islands of SDN
17%
Solve a Specific Problem
22%
Foklift Upgrade the network
7%
Not Sure 31%
Other 23%
How is it most likely you will implement SDN?
Automate Network
Operations 27%
Support Server Virtualization
11%
Improve Network Utilization
21%
Improve network Scalability
18%
Other 23%
What do you hope to improve by adopting SDN?
Radware’s SDN applications leverage SDN technologies to provide security and application delivery solutions as a native network services.
We use the programmability nature of SDN to transform the network infrastructure from its current state in which it just hosts (as a “dumb” pipe) application delivery and security services, into a smarter network that is part of the service itself
Copyright © 2013 Radware
Compute Resources
From Device to Network-Wide Services
Slide 7
Network Services
2-Tier Standard Networks
Network services are
at a static choke point
Copyright © 2013 Radware
From Device to Network-Wide Services
Slide 8
Network
Services
Software Defined Networks
SDN
Controller
Compute Resources Services Compute Resources
Network Services
2 Tier Standard Networks
Network services are
at a static choke point Radware SDN
Application
Pervasive network services
Offload basic L4 operations
to the network
L4-7 service resources can be
deployed anywhere on the network;
logically – one resource pool
Copyright © 2013 Radware
Radware’s SDN Application Architectural View
Radware SDN Applications
NB API
Network Controller
Slide 9
SDN Drivers L4-7 Drivers
NorthBound API User Interface
Data Collection +
Programming
Security Apps
ADC & Security Services
ADC Apps 3rd party Apps
Data Collection +
Programming
Ecosystems
Copyright © 2013 Radware
Proactive Application Intelligence and Control
Collect
Control
Resources
Scale-up/down
Scale-out/in
Network
Forward/Drop
Mirror/Copy
Services
Policy
Configuration
Policy and
Configuration
Run Time
Information
Historical
Data
Analyze &
Decide
Copyright © 2013 Radware
DefenseFlow Applications
NB API
Network Controller
Slide 11
SDN Drivers L4-7 Drivers
NorthBound API User Interface
Data Collection +
Programming
Anti-DoS
ADC & Security Services
Distributed ACLs Security Inspection
Data Collection +
Programming
Radware’s SDN Security Apps
A new security control point
Copyright © 2013 Radware
DefenseFlow Application
DefenseFlow - Scalable Attack Mitigation
Mobile Users
Collect
Analyze & Decide
Control
DefenseFlow Diversion
and DefensePro Mitigation
A completely new solution architecture:
• From point security solution to network-wide solution enabled by SDN
• Dynamic, programmable, scalable, easy-to-operate security network service
• Best possible design:
• Always out of path except for under attack
• Unprecedented attack detection span
12
Network Controller
Copyright © 2013 Radware
Nam
e
Address Sec.
Profil
e
RT
traffic
Normal
Baseli
ne
Attack Attack
details
PO1 1.1.1.1/32 WEB 45 50 No -
PO2 2.2.0.0/24 WEB 100 95 No -
Nam
e
Address Sec.
Profil
e
RT
traffic
Normal
Baseli
ne
Attack Attack
details
PO1 1.1.1.1/32 WEB 45 50 No No
PO2 2.2.0.0/24 WEB 800 95 YES SYN
OpenFlow Controller
Slide 13
DefensePro
DefenseFlow
SDN App
“Flow diversion” and
Mitigation
Control
Detection
Analyze & Decide
Programmable Probes
Collect
Security service
provisioning -
Program
DefenseFlow in Action
…
OVS
Hardware NIC
Virtual Switch
Tune the security
policy and baselines
Scrubbing Center
Read byte and packet counter
Match: Dest IP=PO2 IP
Match: Dest IP=PO2 IP, Action: send to IF1
Adaptive Anomaly Decision Surface
Attack Area
Normal
Adapted Area
Traffic parameter
Suspicious
Area
Traffic parameter Traffic parameter
Attack
detected !!!
Copyright © 2013 Radware
Who’s Expressed Interest in DefenseFlow?
Financial Services (FSI)
Carrier and Telecom
MSSP
Cloud and Hosting
Slide 14
Copyright © 2013 Radware
Network Edge Use Case
DC
WAN Edge
Routers
DCI Inet
Network Controller
DefenseFlow POD
• Doesn’t Require Complete SDN
• Inserted into existing networks
without any change (xparent)
• Highly Scalable
• Highly Available
Compute Resources
DC LAN
Copyright © 2013 Radware
POP
Global Network
Network Controller
Compute Resources
DC
Global Network Use Case (Carrier, SP, Backbone)
Slide 16
Inet
Inet
Compute Resources
DC
Scrubbing Center
Instant Diversion
Tunnel Network
Copyright © 2013 Radware
Application Delivery Applications
NB API
Network Controller
Slide 17
SDN Drivers L4-7 Drivers
NorthBound API User Interface
Data Collection +
Programming
ElasticScale
ADC & Security Services
Steering …
Data Collection +
Programming
Radware’s SDN Application Delivery Apps*
* - future directions, no committed time for delivery
Copyright © 2013 Radware
Elastic Scale* – Scalable SDN Services
Slide 18
Network Services
Fabric
Leveraging Virtual Application Delivery
Infrastructure (VADI) :
• Scale out of vADCs
• vADCs can be placed on appliances or
on general purpose HW
• Resource pool management
• DCIM integration with vDirect
Elastic Scale
Application
A completely new solution architecture:
• From legacy ADC cluster to network-wide
service enabled by SDN
• Native SDN scalable service
• Optimal traffic distribution
• Natural use of VADI Infrastructure
• Full elasticity
Application Delivery Service –
Better with SDN
Network
Controller
* - future directions, no committed time for delivery
Copyright © 2013 Radware
SDN Traffic Steering* – Scalable Steering and Services
Slide 19
Steering
Application
Carrier Services
Fabric
Network
Controller
From point, ADC-based steering to network-
wide steering enabled by SDN:
• Distributed resources work logically as one
and can scale in / out
• Resources can be anywhere
• Allows the disaggregation of functions
Classification
Application Delivery Service –
Better with SDN
* - future direction, no committed time for delivery
Copyright © 2013 Radware
Unique ADC and Security Services Disaggregation
• Programmable data collection, monitoring, traffic distribution and steering
• Data collection capabilities:
– Dynamically collect information per need (collection criteria, where, when)
– Vendor agnostic
– Network virtualization agnostic
• Steering and distribution capabilities:
– Resources can be anywhere
– Logically as one pool
– Scale in/out
– Disaggregation of functions
• Radware’s SDN application is the control point that programs the
network to collect and enforce traffic distribution based on its decision
engine.
• …thus creating a smarter network and increasing its value.
Slide 20
Copyright © 2013 Radware
Summary
• Radware’s SDN strategy transforms the ADC and AMS from network service
devices to network-wide services
• Utilizes SDN as an enabling architecture to revolutionize the way ADC and
security services are implemented and managed
• The new solution architecture provides:
1. More intelligent application delivery
and security decisions
2. Simpler implementations
3. Lower solution costs
4. Higher scalability
5. Easier operation
6. Higher resiliency
Enabling a smarter network.
Slide 21