I2RS Interim Meeting Nicolai Leymann Deutsche Telekom AG nleymanntelekomde 19042013 2 Content 1 SDN Concepts and Architecture 2 Use Cases I2RS Use Cases Vision for I2RS as one Building Block in the E2E picture ID: 440640
Download Presentation The PPT/PDF document "Use Cases for I2RS" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Use Cases for I2RS
I2RS Interim Meeting
Nicolai Leymann, Deutsche Telekom AG
n.leymann@telekom.de 19.04.2013Slide2
2
Content1. SDN Concepts and Architecture2. Use CasesSlide3
I2RS Use Cases.
Vision for I2RS as one Building Block in the E2E picture.
Access
Core Network
BNG
Data Center
End-2-End Orchestration
Services
Access
I2RS
Transit
Trigger
Probes
e) Customer profile is configured/provisioned
End-2-End orchestration provides network connectivity, allocates ressources (e.g. data center) and establishes services based on end user requirements.Slide4
I2RS Use Cases.Warding against DDoS Attacks (1 of 2).
DDoS protection architecture ensures:
Identify
DDoS attacks from the Internet (traffic, attack pattern, …)
Warding of attacks
against infrastructure or business services
The architecture should be
selectiveindependent of DDoS sourceMechanisms activated
„on Demand“ (e.g. customers requests) orbased on results from network probes
DDoS Protection for Business Customers
DC
Transit
BBRAR
Peering
LER
LER
LER
IP Backbone
BNG
Business
Customer
DDoS
DDoS
Business
CustomerSlide5
I2RS Use Cases.Warding against DDoS Attacks (2 of 2).
If malicious traffic is detected, traffic is redirected towards a data center.Data Center cleans up traffic before sending it towards end customers.Simple interaction with existing routing (might also be applied to specific traffic)
Threat Management System
TMS
/32 most specific route
Target address
of attack
contains malicious
traffic
Redirection of traffic into filter (DC based)Slide6
I2RS Use Cases.Generalization: Flow Aware Traffic Steering.
Several problems are solved with different approaches. Goal is to use one common approach (and API) to solve those problems in a similar manner.Previously shown use case basically boils down to injecting/removing routes in near real timeSame mechanisms can be easily applied to other higher layer use casesFirewalling in DC, parental control for residential customers, ….Benefit of using a common Interface:
Reduces complexity (not different solutions for different problems).Higher flexibility (easy to add additional functionality without updating network node).Decoupling of life cycles (network / data center / service implementation)