100%(1)1 out of 1 people found this document helpful
This preview shows page 1 - 9 out of 316 pages.
Contrail Service Orchestration (CSO) Designs, secures, automates, and runs the entire service life cycle across NFX Series Network Services Platforms, MX Series Routers, and SRX Series Services Gateways. along with the vSRX Virtual Firewall available in public cloud marketplaces. Scanned with CamScanner
Network Functions Overview • Services plane is a fundamental networking software plane • Examples of network functions or services: o Stateful firewall o Network Address Translation (NATI c Intrusion detection and prevention (IDP) o Load balancing -, Caching .o WAN acceleration • Historically, network services have been deployed using c Physical appliances or servers c Service cards installed in routers or switches Scanned with CamScanner
Orchestration Platforms: OpenStack Applications 0~ ~6QI -----, Monitoring ofi. 1°69 and Tools Dashboard iQ ,~ APls API API Scanned with Camscanner
Report Generation • Project/Tenant Reporting o Resource usage o Historical instance creation and termination o Billing and costs ,-Downloadable HTML, comma-separated values (CSV), PDF formats Scanned with CamScanner
Scanned with CamScanner
Ju nos Control Adv Services Plane (JCP/vRE) + Flow Processing IMGD I RPD I + Packet FWD (JEXEC) 119t•M .,.~--1~,l,ZP Single Sourced Codebase > CLI/Netconf/RESTCONF nsd IPS flowd PacketlO Mgmt Appld Scanned with CamScanner System daemons /
Network Security Evolution • Key developments o Artificial intelligence and machine learning enable security analysis • To shift away from traditional static signatures • To move toward behavior analysis of applications and network functions o Security threat designers hide security threats within codes o Bigdata • Leverages and analyzes pools of security threat information to determine behaviors of the security threats and then real-time network patterns o Security threats are self-propagating, so the traditional model of identification is no more sufficient Automation • Enables security threat remediation to take place at the speed of the systems that are infected Scanned with CamScanner
OpenFlow 1.5 Previously, Open Flow flow processing was always done in the context of the packet ingress port. In Open Flow version 1.5, the addition of egress tables enables the processing of flows in the context of the output port When a packet is output to a port. the packet will be processed by the egress tables, which take some action or redirect the packet to another egress table. Open Flow had been an Ethernet-only protocol until version 1.5, when packet type identification was added to the specification. New type, length, and values (TLVs) were added that identify the packet type and can be used in matches and now acts as a prerequisite for header fields. The packet type field can be used in various other types of Open Flow protocol messages to identify their payload.