Содержание
- 28. Ethane: Addressing the Protection Problem in Enterprise Networks Martin Casado Michael Freedman Glen Gibb Lew Glendenning
- 29. Goal Design network where connectivity is governed by high-level, global policy “Nick can talk to Martin
- 30. Problem with Bindings Today Host Name IP MAC Physical Interface Goal: map “hostname” to physical “host”
- 31. Examples of Problems Today are LEGION ARP is unauthenticated (attacker can map IP to wrong MAC)
- 32. Two Main Challenges Provide a namespace for the policy Design Mechanism to Enforce Policy
- 33. Our Solution: Ethane Flow-based network Central Domain Controller (DC) Implements secure bindings Authenticates users, hosts, services,
- 34. Host authenticate hi, I’m host B, my password is … Can I have an IP? Send
- 35. Component Overview Domain Controller Switches End-Hosts Authenticates users/switches/end-hosts Manages secure bindings Contains network topology Does permissions
- 36. Finding the DC Authentication Generating topology at DC Bootstrapping
- 37. DC knows all switches and their public keys All switches know DC’s public key Assumptions
- 38. Finding the DC Switches construct spanning tree Rooted at DC Switches don’t advertise path to DC
- 39. Initial Traffic to DC 2
- 40. Initial Traffic to DC All packets to the DC (except first hop switch) are tunneled Tunneling
- 41. Decouple control and data path in switches Software control path (connection setup) (slightly higher latency) DC
- 87. https://marketplace.saas.hpe.com/sdn
- 154. Скачать презентацию