secure sdn demonstration results
TRANSCRIPT
![Page 1: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/1.jpg)
Copyright © Ciena Corporation 2014. All rights reserved. Confidential and Proprietary
Secure SDN Demo Internet 2
Robert Kimball Oct 2014
![Page 2: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/2.jpg)
This demo will show the power of SDN plus enhanced security to meet requirements for any mission
SDN is the hot new topic in optical networking Greater network situational awareness and configuration control Reduced time to implement new services Virtualize network functions to reduce network costs
However, network security in a SDN enabled world is a concern
Initial standard developed in academia with little concern for security ONF is working toward a security standard
Unknown if this will meet Government Requirements
![Page 3: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/3.jpg)
Open Flow enabled routers and data center switches
Open Flow enabled layer 2 WAN switches and Layer 1 OTN switches
Authentication via first packet inspection
Layer 2 Encryption Devices
System Integration and Logistics
![Page 4: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/4.jpg)
Demonstrate Multi-Vendor; Packet-to-Optical SDN Integration Open Flow interoperability across the LAN/WAN boundary Multiple equipment vendors Bandwidth on demand at layer 1 in addition to the Open Flow enabled layer 2 services
Meet network security requirements System Admin authentication and logging Controller authentication Encryption of SDN control information
Identify real world network situations which benefit from the power of SDN solutions
![Page 5: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/5.jpg)
The Security Stack: Operator Authentication
• Radius server is attached to the NMS of each element
Controller Authentication • Blackridge appliance inserts an encrypted token into
the first packet of a TCP/IP session. Any NE which does not have proper authorization will not be able to initiate the TCP/IP session
• Only authorized controllers can direct changes to the network via SDN
• Hostile NE cannot map network topology via acknowledgements of ping requests
Protected Controller communications • SafeNet 550 layer 2 encryption device protects
confidentiality of SDN controller instructions
![Page 6: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/6.jpg)
SDN is an evolving tool that can be used to solve real world network problems
All components of the proposed demo are available now Brocade Open Flow capability is GA Ciena V-WAN hypervisor is GA Ciena Open Flow capability is beta level code SafeNet 550 is GA Blackridge is GA
SDN security is achievable using well known commonly used security tools
Operator authentication Machine to machine authentication Encryption of critical traffic and command and control functions Event logging and audits
![Page 7: Secure SDN Demonstration Results](https://reader035.vdocument.in/reader035/viewer/2022071814/55a652b31a28aba6568b4815/html5/thumbnails/7.jpg)
Thank you