When purchasing electronic equipment such as TVs, computers or stereos, you typically expect to open up the box and be able to use the device without any unexpected faults. It should “just work”. However, with networking equipment such as switches and routers, chassis components need to be assembled and devices configured before installation. The Purpose of Equipment Staging Staging is the process of building and preparing equipment ready for delivery and installation. This is a key building block for successful hardware delivery and infrastructure roll-out. Nearly all network equipment is delivered from the manufacturer in modular form, with no configuration …
Weiterlesen

10G and 100G links are becoming common in the NREN community.  This is not just in the regional and backbone provider environments, but also within campus networks hosting DTNs and HPC clusters. The need for Nx100G networking is present and growing.   At the same time we are looking at sharing and slicing these enormous networks.  Traffic engineering, performance, and multi-tenant isolation must be addressed at the HW architectural level in order to build networks that work well. To make this happen and to adapt to the changing network needs, open programmable (SDN) networking must lie at the heart of new …
Weiterlesen

Skalierbare Techniken für das moderne Datacenter Seit Jahren werden redundante Pfade in Rechenzentren mit dem Protokoll Spanning Tree abgesichert. Jedoch ergeben sich hier diverse Probleme in Bezug auf Konvergenzzeiten, Skalierung und Lastverteilung auf den verschiedenen Wegen. Zudem stellt(e) die auf dieser Technik basierende redundante Verbindung zwischen zwei Datacentern Netzwerkadministratoren vor große Herausforderungen: Während im Computing-Layer durch virtuelle Maschinen und Container eine große Flexibilisierung erreicht wird, basieren viele Netzwerke noch auf älteren Technologien mit den entsprechenden Einschränkungen. Abhilfe versprechen diverse Hersteller mit spezifischen proprietären Fabrics, welche die Problematiken zwar teilweise lösen, doch in einem Hersteller Lock-in enden. Ist bei einem Anwenderunternehmen …
Weiterlesen

Disitributed Denial of Service (DDoS) attacks are a common threat on the internet. The main threat for an entity is an attack from the outside. In most cases the attackers flood the victim’s network with packets or request that either consume all the available bandwidth or exhaust resources like state tables or memory and CPU. However there is a second side to this story Cloud providers’ infrastructure is often leveraged to stage the attack. (Virtual) machines in cloud data centres do have a high speed connection to the internet and thus are a perfect attack tool to flood the victim’s …
Weiterlesen

Until now, we have taken it for granted that the OpenFlow switches have preprogramed flows and that the routing daemon on the injector knows what to announce. We will now cover how this happened. There are two input values we need. First, the IP under attack (red traffic) and second the temporary IP we want to use (blue traffic). The attacked IP will be provided by the DDoS Mitigation Analysis platform, the temporary IP can be freely chosen from available address in your network. It can be either a public IP address, private (RFC1918) address or even one from the …
Weiterlesen

    Both OpenFlow Switches are programmed with a specific set of Flows. Switch1 has three Ports, one upstream to the network, one downstream to the scrubber, and a third one for the return traffic. There are two flows programmed per attacked IP address. Flow1: Take everything incoming on Port1, which has a specific destination IP (attacked IP), and send it to Port2 Flow2: Take everything incoming on Port1, which has a specific destination IP (attacked IP), and send it to Port1, but first make some modifications. We will rewrite the destination MAC address and the destination IP address. Changing …
Weiterlesen

    A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Across the globe DDoS attack size, frequency and complexity is on the rise. At the same time, businesses have never been more connected and dependent on the availability of websites and online services. Many customer types are at risk, Broadcasters, Service Providers & Enterprises. DDoS is a problem that’s getting worse. IMPLEMENTATION OF A DDOS SOLUTION IS NOT AN EASY TASK When customers need to implement DDoS Mitigation Solutions into their network, they often …
Weiterlesen

  Part 3: Running OVSDB between Juniper QFX5100 and VMware NSX for vCenter The following components were used for this example: VMware NSX for vSphere 6.2.0 Build 2986609 Juniper QFX5100, Junos 14.1X53-D27.3, SDN Package Version 14.1X53-D26.2 The very first step on the QFX5100 is to configure it to run OVSDB and establish a communication channel to the NSX controller. In the example, the NSX controller is having the IP address 172.24.2.215.   The Loopback interface is configured as vtep-source interface. This means that any packet that gets encapsulated by VXLAN is using 10.0.0.3 as source IP address. The destination address …
Weiterlesen

  Part 2: Using hardware VTEPS to integrate physical devices These principals work great if every workload is virtualized and running on a hypervisor, however often there are still resources that cannot be virtualized because of various reasons. In this case it is extremely helpful if the ToR switches have the ability to provide the encapsulation and decapsulation of VXLAN packets, as this can provide high-speed connectivity between the physical and the virtual worlds. Essentially the life of a packet is exactly the same as in a pure virtual environment, however this time there is a hypervisor and a virtual machine on the …
Weiterlesen

  Part 1: Overlay Networks in Data Centres Overlay technologies for providing network virtualization have a long history in the industry. A current incarnation can be seen in more or less every Service Provider network these days that run MPLS-based services like L2VPNs, L3VPNs or EVPNs. Network operators were keen to adopt these technologies in their networks as they provide a flexible way of introducing new features and customers to an existing network. At the same time these networks scale in a very reliable way, by differentiating the role of the equipment according to its function. An example of this …
Weiterlesen

  BGP-LS is a promising approach for SDN in Wide Area Networks (WAN). This video gives an overview on how it works and what advantages service providers may benefit from.  

  Scalability, the physical network integration and functionalities of ToR switches are the challenges of today’s data centres. In addition, the flexibility introduced by computing virtualization is somehow thwarted by “classical network”. This video explains and demonstrates how these challenges can be mastered using Juniper Networks Contrail solution.  

  There are many facets of SDN implementation. What exactly it means depends on the type of problem you try to solve. Sebastian Graf, Solutions Architect at Xantaro, explains the advantages of Software Defined Networking from a technical perspective and gives an idea of the layered approach within the SDN architecture.