SlideShare ist ein Scribd-Unternehmen logo

Sobanski odl summit_2015

J
John Sobanski

Slides from a live demo at the Linux Foundation OpenDaylight summit.

Ingenieurwesen
1 von 66
Downloaden Sie, um offline zu lesen
“You can keep your firewall (if you want to)” Practical, simple and cost saving applications of OpenDaylight you can implement today John Sobanski, Engineer, Solers Inc. July 2015 @OpenDaylightSDN #OpenSDN
What You Will Learn today (By Demonstration) • 10,000 Foot Views of Software Defined Networking (SDN), OpenDaylight (ODL) and Service Function Chains (SFC) • Solve real world data center problems with ODL • RESTCONF API • ODL Service Function Chaining • Feel free to contact me for any details I don't cover here jsobanski@solers.com https://ask.opendaylight.org/users/420/runamuck/ 2
Top three emerging technologies of the decade? • My take… • Big Data • DevOps • Software Defined Networks 3 Any Others?
“Is SDN Hype?” • “Big Data and DevOps have clear applications and use cases but Software Defined Networks appears to be a solution in search of a problem.” • “Most SDN activity is focused in Academia or dedicated ‘Network Function Virtualization (NFV)’ shops... not relevant to us.” • "SDN/ NFV only applies to Greenfield Architectures." 4 These slides will prove these opinions wrong
“Who cares about networks?” • Answer: You Do! Network latency and/ or loss breaks services. 5
“Latency and Loss doesn’t apply to my Data Center” • “Latency and Loss? I've got dozens of 10GbE ports!!!” • Layer 2: Spanning tree protocol • Blocks all but one path to prevent loops • (Enable LACP/ LAG) • Layer 3: Shortest path first • Sends all traffic through a congested "one hop" path over a wide open "two hop" path • (Try Traffic Engineering) • Layer 4: Default TCP buffers • Small buffers mean more round trips. Latency throttles throughput. • (Tune the buffer) 6 You need to care about the network!
What are Network Services? • Familiar Network Services • Load Balancing • Firewall • Deep Packet Inspection (DPI) • Access Control Lists • Parental Control • Other Network Services • "Global State" (Routing) • Broadcast Domain Scoping (VLAN) • Resource Signaling • Prioritization and Preemption • Multicast • N-Cast 7
10,000 Foot Overview • 10,000 Foot view of SDN • At any give time, use a centralized controller to move data through your network equipment as you see fit • Doesn't seem like a big deal to non-network types but this is incredibly powerful! • 10,000 Foot view of OpenDaylight • Allows you to install network services as "Apps" • Provides a single REST API to configure heterogeneous hardware • This is a “no brainer” for developers but is HUGE for network engineers • 10,000 Foot view of Service Function Chains • “Service Overlay” • Divorce Network Services From Topology • For more detail see: • https://www.opennetworking.org/sdn-resources/sdn-definition • http://www.opendaylight.org/project/technical-overview • https://wiki.opendaylight.org/view/Service_Function_Chaining:Main 8
A Little More Detail: SDN Layers • Top Layer  Northbound • Network Apps & Orchestration • Business logic to monitor and control network behavior • Thread services together • Middle Layer  Controller Platform • Exposes "Northbound" APIs to the Application layer • Lower Layer  Southbound • Command and control of hardware • Network Devices (Physical or Virtual) • Switches, Routers, Firewalls etc. 9
A Little More Detail: OpenDaylight • OpenDaylight • Open source project • Modular/ Pluggable and flexible controller platform • Java Virtual Machine (JVM) • Dynamically Pluggable Modules for Network Tasks • OSGi framework (local applications)/ bidirectional REST (local or remote) for the northbound API • Network Apps • House business logic and algorithms • Gather network intelligence from the controler • Run algorithms to perform analytics • Orchestrate new rules (if any) via controller • Southbound • OpenFlow 1.3, OVSDB, SNMP, CLI • Service Abstraction Layer links Northbound to Southbound 10
A Little More Detail: ODL 11
A Little More Detail: SFC • SFC enables a “service topology” • Overlay built “on top” of existing network topology • Use any overlay or underlay technology to create service paths • VLAN, ECMP, GRE, VXLAN, etc. • SFC provides resources for consumption • Service Topology connects those resources • Quickly/ Easily add new service functions • Requires no underlying network changes 12
One Caveat Before we begin • WARNING: Software Defined Networking is incredibly powerful! • You must protect your Southbound interfaces with the same regard as a firewall or any root privileges • ODL accommodates TLS for Southbound interfaces • The security, identity and bureaucratic planes are orthogonal to the technology plane we discuss here • We do not discuss security, identity or policy but you must consider them when architecting your ODL solution 13
One more Caveat • WARNING: If you are not a hands-on network engineer, this presentation may "spoil" you. • To provide the following two OPSCON using legacy protocols may be impossible and at the very least requires intense, disciplined, meticulous network engineering. 14
DPI Bypass Approach #1: RESTCONF API 15
OPSCON #1: Deep Packet Inspection Bypass • This scenario investigates how to reduce latency • You have a data center that performs deep packet inspection (DPI) for inter-network flows • DPI injects latency into the end to end (E2E) flow and increases Round Trip Time (RTT) 16 Reminder: Network latency and loss breaks services!
Topology • Network gateways in Firewall/ DPI appliance • VLAN steer (bent pipe) traffic through DPI (via gateways) for inter-network flows • Can we create logic to DPI only once? 17
One Approach • Put logic (i.e. rules) in the DPI appliance to bypass certain flows • This, however consumes resources and can saturate the backplane 18 Put logic here?
Better Approach • Use the OpenDaylight controller and put logic in the switch! 19 Put logic here!
OPSCON #1 Detailed Topology 20
DPI Bypass Demo Approach #1: RESTCONF API Note: This section will be a live demonstration 21
Step 1: Start ODL Platform via Client • Platform includes controller • Install Network Apps via command line 22
Validate Topology • Connect to controller and “pingall” 23
ODL Shows the Layer 2 Interfaces 24
Baseline: Two DPI = Severe Latency • Ping from Client (h1) to Server (h3) shows 40+ ms latency mininet> h1 ping h3 PING 10.0.3.101 (10.0.3.101) 56(84) bytes of data. 64 bytes from 10.0.3.101: icmp_seq=1 ttl=62 time=42.1 ms 64 bytes from 10.0.3.101: icmp_seq=2 ttl=62 time=41.3 ms 64 bytes from 10.0.3.101: icmp_seq=3 ttl=62 time=41.1 ms ^C --- 10.0.3.101 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 41.119/41.546/42.143/0.465 ms 25
Baseline: End to End (E2E) Path • Traceroute shows a path through the two DPI gateways, as expected mininet> h1 traceroute -n h3 traceroute to 10.0.3.101 (10.0.3.101), 30 hops max, 60 byte packets 1 10.0.1.1 21.180 ms 21.028 ms 20.837 ms 2 10.0.2.1 42.565 ms 42.482 ms 42.418 ms 3 * * 10.0.3.101 43.144 ms mininet> 26
Configure Switch via ODL Platform REST API 27
Configure Switch via ODL Platform REST API • Use these headers: Accept: application/xml Authorization: Basic YWRtaW46YWRtaW4= • Then post the following flows (next slide) to Switch 2's table zero: PUT flow with ID 202 to http://<controller_ip>:8181/restconf/config/opendaylight- inventory:nodes/node/openflow:2/table/0/flow/202 PUT flow with ID 303 to http://<controller_ip>:8181/restconf/config/opendaylight- inventory:nodes/node/openflow:2/table/0/flow/303 28
RESTCONF Flows (XML) 29
The Switch Accepts the Flows $ sudo ovs-ofctl -O OpenFlow13 dump-flows s2 cookie=0x0, duration=350.260s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.0.3.101 actions=set_field:f6:2f:25:06:ab:27- >eth_dst,output:4 cookie=0x1, duration=33.552s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.0.1.101 actions=set_field:f2:3e:8d:a4:71:07- >eth_dst,output:5 30
Latency Reduced • Ping now shows that the second, slow DPI is no longer in the path: mininet> h1 ping h3 PING 10.0.3.101 (10.0.3.101) 56(84) bytes of data. 64 bytes from 10.0.3.101: icmp_seq=1 ttl=63 time=21.3 ms 64 bytes from 10.0.3.101: icmp_seq=2 ttl=63 time=20.9 ms 64 bytes from 10.0.3.101: icmp_seq=3 ttl=63 time=20.7 ms ^C --- 10.0.3.101 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 20.713/20.983/21.320/0.252 ms 31
Latency Reduced • Traceroute Confirms that the flow bypasses the second DPI mininet> h1 traceroute -n h3 traceroute to 10.0.3.101 (10.0.3.101), 30 hops max, 60 byte packets 1 10.0.1.1 21.117 ms 20.796 ms 20.423 ms 2 10.0.3.101 24.597 ms 24.477 ms * 32
DPI Bypass Demo Approach #2: ODL SFC 33
A Little More Detail: ODL ODL Provides a Northbound SFC “App” 34
SFC Approach: Create a “Service Overlay” • 1. Register Firewalls in service pool • “Service Functions” • 2. Configure switches to forward packets based on controller logic • “Service Function Forwarders” • 3. Configure SFC Logic • … Next Slide #ODSummit 1 2 3
SFC Workflow (Highly Abstracted!) • Register (Previous Slide) • Service Functions (Appliances) -- AKA Network Services • Service Function Forwarders (ODL SFC Controlled Switches) • Create Service Function “Chains” • “Chain” of Network Services • I.e. First Firewall, then Apply Parental Control, then Virus Scan etc. • Create Service Function Paths and Rendered Service Paths • Selects path through actual appliance (SF) instances e.g. • RSP-1 = Firewall-1, Parental-Control-1, Virus-Scan-1 • RSP-7 = Firewall-3, Patental-Control-1, Virus-Scan-2 • Create “Classifier” • Apply SFC to flows #ODSummit
DPI Bypass Demo Approach #2: ODL SFC Note: This will be a live demo 37 Based on: https://lists.opendaylight.org/pipermail/sfc-dev/2015-July/001408.html by Brady Johnson and Ricardo Noriega at Ericsson.com
Baseline • No Flows in Switch, No Objects in GUI #ODSummit
Configure via REST API • Add SF, SFF, SFC, SFP and RSP • GUI Populated • Controller then injects logic into SFF via flows $ sudo ovs-ofctl dump-flows sff1 -OOpenFlow13 #ODSummit
Test 1: Configure Classifier to Use RSP-1 tcpdump shows WGET goes through both service functions Total time: 0.341 seconds #ODSummit SFF-1 Traffic SFF-2 Traffic
Test 2: Configure Classifier to Use RSP-3 tcpdump shows WGET goes through only one service functions Total time: 0.178 seconds #ODSummit SFF-1: No Traffic SFF-2 Traffic
Backup Slides #ODSummit
#ODSummit OPSCON #2: Egress Bypass
OPSCON #2: Bypass DPI on Egress • Scenario: You have a product distribution system where Egress throughput >> Ingress throughput. • You perform Deep Packet Inspection on flows between External (EXT) hosts and your Demilitarized Zone (DMZ) Proxies. 44
Topology • You implement a DPI "router on a stick," to ensure Inter-network communications pass through the DPI. • A switch bent pipes the traffic at layer 2 45
Scenario • The Egress traffic will increase past the capacity of the DPI appliance • You realize that there are cheaper methods of securing your egress flows then upgrading to a bigger DPI appliance… 46
Egress Security • With egress flows you want to ensure that return/ ACK traffic does not include exploits and that egress flows do not facilitate zombies or phone home exploits. • Some ideas: • Ensure only approved ports • Access Control Lists • iptables • Host firewalls • Mitigate against malicious code over approved ports: • HIDS on Servers • Uni-directional bulk data push with Error Detection and Correction over one way fiber • TLS with x509 certs 47
Trade Solutions • END GOAL: You want to have DPI inspection on ingress flows, but not egress, since the other security measures will cover the egress flows. • One approach is to put logic on your DPI appliance to say "don't scan egress flows," but that wastes capacity/ resources and could saturate the backplane • An approach with legacy Network protocols is very difficult to implement and results in asymmetric routes (will break things) • Using OpenDaylight, we have a simple solution that only requires matches/ actions on six (6) flows 48
The Goal • When EXT initiates, pass through DPI • When DMZ initiates: • Bypass DPI on PUT (Egress) • Scan on GET (Ingress) 49
Detailed Diagram 1. ACL 2. Scan all EXT  DMZ 3. Bypass DMZ PUT 4. Scan DMZ GET 50
OpenFlow Logic 1. ACL only allows permitted flows 2. For Ingress ( EXT-> DMZ ) flows, allow normal path to virus scan via gateway 3. For Egress ( DMZ -> EXT ) PUT flows, intercept packet 1. Change destination MAC from Gateway to EXT 2. Change destination Port from Gateway to EXT 3. Decrement TTL by one 4. For Egress (DMZ -> EXT) GET flows (Treat as ingress) 1. DMZ uses dummy IP for EXT server 2. Switch intercepts packet 3. Switch changes source IP to dummy DMZ address 4. Switch changes dest IP to correct EXT IP 5. Packet continues on its way to gateway 6. Reverse logic for return traffic 51
OPSCON #2 Topology 52
OPSCON #2 Note: This will be a real time demo 53
Setup • As before, start ODL, connect switch to controller and “pingall” 54
ODL Shows Connected L2 Interfaces 55
Baseline: Push a file from DMZ to EXT mininet> dmz curl http://10.0.1.102 --upload-file test.txt • EXT Server Shows Successful PUT 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" • TCPDUMP on firewall shows egress scan traffic (as expected) 56
Install the Flows via RESTCONF API • Either via POSTMAN or CURL curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_404.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/404 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_505.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/505 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_606.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/606 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_707.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/707 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_808.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/808 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_909.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/909 2>&1 | grep HTTP/1.1 57
DMZ PUT a file to EXT mininet> dmz curl http://10.0.1.102 --upload-file test.txt • The EXT server shows this second, successful put 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" 200 - 10.0.2.101 - - [10/Jul/2015 14:53:05] "PUT /test.txt HTTP/1.1" 200 - • The firewall TCPDUMP, however does not show additional traffic! 58
Plumb Statistics via API • You can see a Match on the flow through the REST API: • http://<controller_IP>:8181/restconf/operational/opendaylight- inventory:nodes/node/openflow:3/table/0/flow/404/flow-statistics/ 59
Test DMZ to EXT GET (Ingress) • Use a Dummy IP to trigger a flow match. • The egress port of the switch will NAT it back to the real destination IP. • We see instant feedback on the Mininet Console 60
EXT Server Shows Successful Get 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" 200 - 10.0.2.101 - - [10/Jul/2015 14:53:05] "PUT /test.txt HTTP/1.1" 200 - 6.6.6.6 - - [10/Jul/2015 15:01:27] "GET / HTTP/1.1" 200 - • Note Dummy IP 61
FW TCPDUMP Shows DMZ to EXT GET Scan 62
Verify All EXT  DMZ Traffic Scan • Do PUT and GET 63
DMZ Server Log Shows Success for Both 64
TCPDUMP: All EXT to DMZ traffic scanned 65
Thank You #ODSummit

Empfohlen

Data-Driven (Reinforcement Learning-Based) Control
Data-Driven (Reinforcement Learning-Based) ControlData-Driven (Reinforcement Learning-Based) Control
Data-Driven (Reinforcement Learning-Based) ControlDebmalya Biswas
 
Power system Analysis By Sharif Kakar
Power system Analysis By Sharif KakarPower system Analysis By Sharif Kakar
Power system Analysis By Sharif KakarSharif Ullah
 
Power system calculations
Power system calculationsPower system calculations
Power system calculationsEngr. M. Haroon BE(Elect) ME USA
 
FACTS DEVICES
FACTS DEVICESFACTS DEVICES
FACTS DEVICESamit8847
 
STate Space Analysis
STate Space AnalysisSTate Space Analysis
STate Space AnalysisHussain K
 
IOT in Electrical & Electronics Engineering
IOT in Electrical & Electronics EngineeringIOT in Electrical & Electronics Engineering
IOT in Electrical & Electronics EngineeringLokesh K N
 
Embedded Systems: Lecture 2: Introduction to Embedded Systems
Embedded Systems: Lecture 2: Introduction to Embedded SystemsEmbedded Systems: Lecture 2: Introduction to Embedded Systems
Embedded Systems: Lecture 2: Introduction to Embedded SystemsAhmed El-Arabawy
 
Economic load dispatch(with and without losses)
Economic load dispatch(with and without losses)Economic load dispatch(with and without losses)
Economic load dispatch(with and without losses)Asha Anu Kurian
 

Empfohlen

Data-Driven (Reinforcement Learning-Based) Control
Data-Driven (Reinforcement Learning-Based) ControlData-Driven (Reinforcement Learning-Based) Control
Data-Driven (Reinforcement Learning-Based) ControlDebmalya Biswas
 
Power system Analysis By Sharif Kakar
Power system Analysis By Sharif KakarPower system Analysis By Sharif Kakar
Power system Analysis By Sharif KakarSharif Ullah
 
Power system calculations
Power system calculationsPower system calculations
Power system calculationsEngr. M. Haroon BE(Elect) ME USA
 
FACTS DEVICES
FACTS DEVICESFACTS DEVICES
FACTS DEVICESamit8847
 
STate Space Analysis
STate Space AnalysisSTate Space Analysis
STate Space AnalysisHussain K
 
IOT in Electrical & Electronics Engineering
IOT in Electrical & Electronics EngineeringIOT in Electrical & Electronics Engineering
IOT in Electrical & Electronics EngineeringLokesh K N
 
Embedded Systems: Lecture 2: Introduction to Embedded Systems
Embedded Systems: Lecture 2: Introduction to Embedded SystemsEmbedded Systems: Lecture 2: Introduction to Embedded Systems
Embedded Systems: Lecture 2: Introduction to Embedded SystemsAhmed El-Arabawy
 
Economic load dispatch(with and without losses)
Economic load dispatch(with and without losses)Economic load dispatch(with and without losses)
Economic load dispatch(with and without losses)Asha Anu Kurian
 
Real Time System
Real Time SystemReal Time System
Real Time SystemSuman Astani
 
HVDC pros and Cons.ppt
HVDC pros and Cons.pptHVDC pros and Cons.ppt
HVDC pros and Cons.pptAnshul97842474929
 
FACT.pptx
FACT.pptxFACT.pptx
FACT.pptxKalpeshMahajan21
 
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWERLOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWERIAEME Publication
 
Designing an Uninterruptible Power Supply
Designing an Uninterruptible Power SupplyDesigning an Uninterruptible Power Supply
Designing an Uninterruptible Power SupplyLeonardo ENERGY
 
Power system security
Power system security Power system security
Power system security MANGESHKULKARNI72
 
Power System Structure
Power System StructurePower System Structure
Power System StructureMaximilian Schnitker
 
Automatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdfAutomatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdfPhenomAssassin
 
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...vtunotesbysree
 
Smart Grid Components.pptx
Smart Grid Components.pptxSmart Grid Components.pptx
Smart Grid Components.pptxGeeK21
 
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Luigi Vanfretti
 
Introduction to Control System Design
Introduction to Control System DesignIntroduction to Control System Design
Introduction to Control System DesignAndrew Wilhelm
 
Arduino Based Scientific Calculator
Arduino Based Scientific CalculatorArduino Based Scientific Calculator
Arduino Based Scientific Calculatorijtsrd
 
Load dispatch center
Load dispatch centerLoad dispatch center
Load dispatch centerddxdharmesh
 
Small signal stability analysis
Small signal stability analysisSmall signal stability analysis
Small signal stability analysisbhupendra kumar
 
Scada substation automation prnsnt
Scada substation automation prnsntScada substation automation prnsnt
Scada substation automation prnsntIIT INDORE
 
Fundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based RelaysFundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based Relaysmichaeljmack
 
Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes Uzair Salman
 
Power System Evolution From the Bottom Up
Power System Evolution From the Bottom UpPower System Evolution From the Bottom Up
Power System Evolution From the Bottom UpLorenzo Kristov
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic ConceptsPantech ProLabs India Pvt Ltd
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Cis sem sdn
Cis sem sdnCis sem sdn
Cis sem sdnLino Quivén
 

Weitere ähnliche Inhalte

Was ist angesagt?

LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWERLOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWERIAEME Publication
 
Designing an Uninterruptible Power Supply
Designing an Uninterruptible Power SupplyDesigning an Uninterruptible Power Supply
Designing an Uninterruptible Power SupplyLeonardo ENERGY
 
Automatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdfAutomatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdfPhenomAssassin
 
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...vtunotesbysree
 
Smart Grid Components.pptx
Smart Grid Components.pptxSmart Grid Components.pptx
Smart Grid Components.pptxGeeK21
 
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Luigi Vanfretti
 
Introduction to Control System Design
Introduction to Control System DesignIntroduction to Control System Design
Introduction to Control System DesignAndrew Wilhelm
 
Arduino Based Scientific Calculator
Arduino Based Scientific CalculatorArduino Based Scientific Calculator
Arduino Based Scientific Calculatorijtsrd
 
Load dispatch center
Load dispatch centerLoad dispatch center
Load dispatch centerddxdharmesh
 
Small signal stability analysis
Small signal stability analysisSmall signal stability analysis
Small signal stability analysisbhupendra kumar
 
Scada substation automation prnsnt
Scada substation automation prnsntScada substation automation prnsnt
Scada substation automation prnsntIIT INDORE
 
Fundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based RelaysFundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based Relaysmichaeljmack
 
Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes Uzair Salman
 
Power System Evolution From the Bottom Up
Power System Evolution From the Bottom UpPower System Evolution From the Bottom Up
Power System Evolution From the Bottom UpLorenzo Kristov
 

Was ist angesagt? (20)

Real Time System
Real Time SystemReal Time System
Real Time System
 
HVDC pros and Cons.ppt
HVDC pros and Cons.pptHVDC pros and Cons.ppt
HVDC pros and Cons.ppt
 
FACT.pptx
FACT.pptxFACT.pptx
FACT.pptx
 
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWERLOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
LOAD BALANCING AND POWER FACTOR CORRECTION FOR MULTIPHASE POWER
 
Designing an Uninterruptible Power Supply
Designing an Uninterruptible Power SupplyDesigning an Uninterruptible Power Supply
Designing an Uninterruptible Power Supply
 
Power system security
Power system security Power system security
Power system security
 
Power System Structure
Power System StructurePower System Structure
Power System Structure
 
Automatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdfAutomatic Load Frequency Control ppt.pdf
Automatic Load Frequency Control ppt.pdf
 
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
SOLUTION MANUAL OF OPERATING SYSTEM CONCEPTS BY ABRAHAM SILBERSCHATZ, PETER B...
 
Smart Grid Components.pptx
Smart Grid Components.pptxSmart Grid Components.pptx
Smart Grid Components.pptx
 
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...
 
Introduction to Control System Design
Introduction to Control System DesignIntroduction to Control System Design
Introduction to Control System Design
 
Arduino Based Scientific Calculator
Arduino Based Scientific CalculatorArduino Based Scientific Calculator
Arduino Based Scientific Calculator
 
Load dispatch center
Load dispatch centerLoad dispatch center
Load dispatch center
 
Small signal stability analysis
Small signal stability analysisSmall signal stability analysis
Small signal stability analysis
 
Scada substation automation prnsnt
Scada substation automation prnsntScada substation automation prnsnt
Scada substation automation prnsnt
 
Fundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based RelaysFundamentals of Microprocessor Based Relays
Fundamentals of Microprocessor Based Relays
 
Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes Object Oriented Programming using JAVA Notes
Object Oriented Programming using JAVA Notes
 
Power System Evolution From the Bottom Up
Power System Evolution From the Bottom UpPower System Evolution From the Bottom Up
Power System Evolution From the Bottom Up
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic Concepts
 

Ähnlich wie Sobanski odl summit_2015

FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Sdn not just a buzzword
Sdn not just a buzzwordSdn not just a buzzword
Sdn not just a buzzwordJorge Bonilla
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...Christian Esteve Rothenberg
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
 
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupOpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupCloud Native Day Tel Aviv
 
NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs Cisco Canada
 
SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]APNIC
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...Ambassador Labs
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysAdam Johnson
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Adam Dunkels
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?Sophos Benelux
 

Ähnlich wie Sobanski odl summit_2015 (20)

FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
Cis sem sdn
Cis sem sdnCis sem sdn
Cis sem sdn
 
OpenFlow Tutorial
OpenFlow TutorialOpenFlow Tutorial
OpenFlow Tutorial
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
Sdn not just a buzzword
Sdn not just a buzzwordSdn not just a buzzword
Sdn not just a buzzword
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
 
Introductionto SDN
Introductionto SDN Introductionto SDN
Introductionto SDN
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
 
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupOpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
 
NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs NCS: NEtwork Control System Hands-on Labs
NCS: NEtwork Control System Hands-on Labs
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]
 
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?
 

Kürzlich hochgeladen

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSrknatarajan
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringmulugeta48
 

Kürzlich hochgeladen (20)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 

Sobanski odl summit_2015

  • 1. “You can keep your firewall (if you want to)” Practical, simple and cost saving applications of OpenDaylight you can implement today John Sobanski, Engineer, Solers Inc. July 2015 @OpenDaylightSDN #OpenSDN
  • 2. What You Will Learn today (By Demonstration) • 10,000 Foot Views of Software Defined Networking (SDN), OpenDaylight (ODL) and Service Function Chains (SFC) • Solve real world data center problems with ODL • RESTCONF API • ODL Service Function Chaining • Feel free to contact me for any details I don't cover here jsobanski@solers.com https://ask.opendaylight.org/users/420/runamuck/ 2
  • 3. Top three emerging technologies of the decade? • My take… • Big Data • DevOps • Software Defined Networks 3 Any Others?
  • 4. “Is SDN Hype?” • “Big Data and DevOps have clear applications and use cases but Software Defined Networks appears to be a solution in search of a problem.” • “Most SDN activity is focused in Academia or dedicated ‘Network Function Virtualization (NFV)’ shops... not relevant to us.” • "SDN/ NFV only applies to Greenfield Architectures." 4 These slides will prove these opinions wrong
  • 5. “Who cares about networks?” • Answer: You Do! Network latency and/ or loss breaks services. 5
  • 6. “Latency and Loss doesn’t apply to my Data Center” • “Latency and Loss? I've got dozens of 10GbE ports!!!” • Layer 2: Spanning tree protocol • Blocks all but one path to prevent loops • (Enable LACP/ LAG) • Layer 3: Shortest path first • Sends all traffic through a congested "one hop" path over a wide open "two hop" path • (Try Traffic Engineering) • Layer 4: Default TCP buffers • Small buffers mean more round trips. Latency throttles throughput. • (Tune the buffer) 6 You need to care about the network!
  • 7. What are Network Services? • Familiar Network Services • Load Balancing • Firewall • Deep Packet Inspection (DPI) • Access Control Lists • Parental Control • Other Network Services • "Global State" (Routing) • Broadcast Domain Scoping (VLAN) • Resource Signaling • Prioritization and Preemption • Multicast • N-Cast 7
  • 8. 10,000 Foot Overview • 10,000 Foot view of SDN • At any give time, use a centralized controller to move data through your network equipment as you see fit • Doesn't seem like a big deal to non-network types but this is incredibly powerful! • 10,000 Foot view of OpenDaylight • Allows you to install network services as "Apps" • Provides a single REST API to configure heterogeneous hardware • This is a “no brainer” for developers but is HUGE for network engineers • 10,000 Foot view of Service Function Chains • “Service Overlay” • Divorce Network Services From Topology • For more detail see: • https://www.opennetworking.org/sdn-resources/sdn-definition • http://www.opendaylight.org/project/technical-overview • https://wiki.opendaylight.org/view/Service_Function_Chaining:Main 8
  • 9. A Little More Detail: SDN Layers • Top Layer  Northbound • Network Apps & Orchestration • Business logic to monitor and control network behavior • Thread services together • Middle Layer  Controller Platform • Exposes "Northbound" APIs to the Application layer • Lower Layer  Southbound • Command and control of hardware • Network Devices (Physical or Virtual) • Switches, Routers, Firewalls etc. 9
  • 10. A Little More Detail: OpenDaylight • OpenDaylight • Open source project • Modular/ Pluggable and flexible controller platform • Java Virtual Machine (JVM) • Dynamically Pluggable Modules for Network Tasks • OSGi framework (local applications)/ bidirectional REST (local or remote) for the northbound API • Network Apps • House business logic and algorithms • Gather network intelligence from the controler • Run algorithms to perform analytics • Orchestrate new rules (if any) via controller • Southbound • OpenFlow 1.3, OVSDB, SNMP, CLI • Service Abstraction Layer links Northbound to Southbound 10
  • 11. A Little More Detail: ODL 11
  • 12. A Little More Detail: SFC • SFC enables a “service topology” • Overlay built “on top” of existing network topology • Use any overlay or underlay technology to create service paths • VLAN, ECMP, GRE, VXLAN, etc. • SFC provides resources for consumption • Service Topology connects those resources • Quickly/ Easily add new service functions • Requires no underlying network changes 12
  • 13. One Caveat Before we begin • WARNING: Software Defined Networking is incredibly powerful! • You must protect your Southbound interfaces with the same regard as a firewall or any root privileges • ODL accommodates TLS for Southbound interfaces • The security, identity and bureaucratic planes are orthogonal to the technology plane we discuss here • We do not discuss security, identity or policy but you must consider them when architecting your ODL solution 13
  • 14. One more Caveat • WARNING: If you are not a hands-on network engineer, this presentation may "spoil" you. • To provide the following two OPSCON using legacy protocols may be impossible and at the very least requires intense, disciplined, meticulous network engineering. 14
  • 15. DPI Bypass Approach #1: RESTCONF API 15
  • 16. OPSCON #1: Deep Packet Inspection Bypass • This scenario investigates how to reduce latency • You have a data center that performs deep packet inspection (DPI) for inter-network flows • DPI injects latency into the end to end (E2E) flow and increases Round Trip Time (RTT) 16 Reminder: Network latency and loss breaks services!
  • 17. Topology • Network gateways in Firewall/ DPI appliance • VLAN steer (bent pipe) traffic through DPI (via gateways) for inter-network flows • Can we create logic to DPI only once? 17
  • 18. One Approach • Put logic (i.e. rules) in the DPI appliance to bypass certain flows • This, however consumes resources and can saturate the backplane 18 Put logic here?
  • 19. Better Approach • Use the OpenDaylight controller and put logic in the switch! 19 Put logic here!
  • 20. OPSCON #1 Detailed Topology 20
  • 21. DPI Bypass Demo Approach #1: RESTCONF API Note: This section will be a live demonstration 21
  • 22. Step 1: Start ODL Platform via Client • Platform includes controller • Install Network Apps via command line 22
  • 23. Validate Topology • Connect to controller and “pingall” 23
  • 24. ODL Shows the Layer 2 Interfaces 24
  • 25. Baseline: Two DPI = Severe Latency • Ping from Client (h1) to Server (h3) shows 40+ ms latency mininet> h1 ping h3 PING 10.0.3.101 (10.0.3.101) 56(84) bytes of data. 64 bytes from 10.0.3.101: icmp_seq=1 ttl=62 time=42.1 ms 64 bytes from 10.0.3.101: icmp_seq=2 ttl=62 time=41.3 ms 64 bytes from 10.0.3.101: icmp_seq=3 ttl=62 time=41.1 ms ^C --- 10.0.3.101 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 41.119/41.546/42.143/0.465 ms 25
  • 26. Baseline: End to End (E2E) Path • Traceroute shows a path through the two DPI gateways, as expected mininet> h1 traceroute -n h3 traceroute to 10.0.3.101 (10.0.3.101), 30 hops max, 60 byte packets 1 10.0.1.1 21.180 ms 21.028 ms 20.837 ms 2 10.0.2.1 42.565 ms 42.482 ms 42.418 ms 3 * * 10.0.3.101 43.144 ms mininet> 26
  • 27. Configure Switch via ODL Platform REST API 27
  • 28. Configure Switch via ODL Platform REST API • Use these headers: Accept: application/xml Authorization: Basic YWRtaW46YWRtaW4= • Then post the following flows (next slide) to Switch 2's table zero: PUT flow with ID 202 to http://<controller_ip>:8181/restconf/config/opendaylight- inventory:nodes/node/openflow:2/table/0/flow/202 PUT flow with ID 303 to http://<controller_ip>:8181/restconf/config/opendaylight- inventory:nodes/node/openflow:2/table/0/flow/303 28
  • 30. The Switch Accepts the Flows $ sudo ovs-ofctl -O OpenFlow13 dump-flows s2 cookie=0x0, duration=350.260s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.0.3.101 actions=set_field:f6:2f:25:06:ab:27- >eth_dst,output:4 cookie=0x1, duration=33.552s, table=0, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.0.1.101 actions=set_field:f2:3e:8d:a4:71:07- >eth_dst,output:5 30
  • 31. Latency Reduced • Ping now shows that the second, slow DPI is no longer in the path: mininet> h1 ping h3 PING 10.0.3.101 (10.0.3.101) 56(84) bytes of data. 64 bytes from 10.0.3.101: icmp_seq=1 ttl=63 time=21.3 ms 64 bytes from 10.0.3.101: icmp_seq=2 ttl=63 time=20.9 ms 64 bytes from 10.0.3.101: icmp_seq=3 ttl=63 time=20.7 ms ^C --- 10.0.3.101 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 20.713/20.983/21.320/0.252 ms 31
  • 32. Latency Reduced • Traceroute Confirms that the flow bypasses the second DPI mininet> h1 traceroute -n h3 traceroute to 10.0.3.101 (10.0.3.101), 30 hops max, 60 byte packets 1 10.0.1.1 21.117 ms 20.796 ms 20.423 ms 2 10.0.3.101 24.597 ms 24.477 ms * 32
  • 33. DPI Bypass Demo Approach #2: ODL SFC 33
  • 34. A Little More Detail: ODL ODL Provides a Northbound SFC “App” 34
  • 35. SFC Approach: Create a “Service Overlay” • 1. Register Firewalls in service pool • “Service Functions” • 2. Configure switches to forward packets based on controller logic • “Service Function Forwarders” • 3. Configure SFC Logic • … Next Slide #ODSummit 1 2 3
  • 36. SFC Workflow (Highly Abstracted!) • Register (Previous Slide) • Service Functions (Appliances) -- AKA Network Services • Service Function Forwarders (ODL SFC Controlled Switches) • Create Service Function “Chains” • “Chain” of Network Services • I.e. First Firewall, then Apply Parental Control, then Virus Scan etc. • Create Service Function Paths and Rendered Service Paths • Selects path through actual appliance (SF) instances e.g. • RSP-1 = Firewall-1, Parental-Control-1, Virus-Scan-1 • RSP-7 = Firewall-3, Patental-Control-1, Virus-Scan-2 • Create “Classifier” • Apply SFC to flows #ODSummit
  • 37. DPI Bypass Demo Approach #2: ODL SFC Note: This will be a live demo 37 Based on: https://lists.opendaylight.org/pipermail/sfc-dev/2015-July/001408.html by Brady Johnson and Ricardo Noriega at Ericsson.com
  • 38. Baseline • No Flows in Switch, No Objects in GUI #ODSummit
  • 39. Configure via REST API • Add SF, SFF, SFC, SFP and RSP • GUI Populated • Controller then injects logic into SFF via flows $ sudo ovs-ofctl dump-flows sff1 -OOpenFlow13 #ODSummit
  • 40. Test 1: Configure Classifier to Use RSP-1 tcpdump shows WGET goes through both service functions Total time: 0.341 seconds #ODSummit SFF-1 Traffic SFF-2 Traffic
  • 41. Test 2: Configure Classifier to Use RSP-3 tcpdump shows WGET goes through only one service functions Total time: 0.178 seconds #ODSummit SFF-1: No Traffic SFF-2 Traffic
  • 44. OPSCON #2: Bypass DPI on Egress • Scenario: You have a product distribution system where Egress throughput >> Ingress throughput. • You perform Deep Packet Inspection on flows between External (EXT) hosts and your Demilitarized Zone (DMZ) Proxies. 44
  • 45. Topology • You implement a DPI "router on a stick," to ensure Inter-network communications pass through the DPI. • A switch bent pipes the traffic at layer 2 45
  • 46. Scenario • The Egress traffic will increase past the capacity of the DPI appliance • You realize that there are cheaper methods of securing your egress flows then upgrading to a bigger DPI appliance… 46
  • 47. Egress Security • With egress flows you want to ensure that return/ ACK traffic does not include exploits and that egress flows do not facilitate zombies or phone home exploits. • Some ideas: • Ensure only approved ports • Access Control Lists • iptables • Host firewalls • Mitigate against malicious code over approved ports: • HIDS on Servers • Uni-directional bulk data push with Error Detection and Correction over one way fiber • TLS with x509 certs 47
  • 48. Trade Solutions • END GOAL: You want to have DPI inspection on ingress flows, but not egress, since the other security measures will cover the egress flows. • One approach is to put logic on your DPI appliance to say "don't scan egress flows," but that wastes capacity/ resources and could saturate the backplane • An approach with legacy Network protocols is very difficult to implement and results in asymmetric routes (will break things) • Using OpenDaylight, we have a simple solution that only requires matches/ actions on six (6) flows 48
  • 49. The Goal • When EXT initiates, pass through DPI • When DMZ initiates: • Bypass DPI on PUT (Egress) • Scan on GET (Ingress) 49
  • 50. Detailed Diagram 1. ACL 2. Scan all EXT  DMZ 3. Bypass DMZ PUT 4. Scan DMZ GET 50
  • 51. OpenFlow Logic 1. ACL only allows permitted flows 2. For Ingress ( EXT-> DMZ ) flows, allow normal path to virus scan via gateway 3. For Egress ( DMZ -> EXT ) PUT flows, intercept packet 1. Change destination MAC from Gateway to EXT 2. Change destination Port from Gateway to EXT 3. Decrement TTL by one 4. For Egress (DMZ -> EXT) GET flows (Treat as ingress) 1. DMZ uses dummy IP for EXT server 2. Switch intercepts packet 3. Switch changes source IP to dummy DMZ address 4. Switch changes dest IP to correct EXT IP 5. Packet continues on its way to gateway 6. Reverse logic for return traffic 51
  • 53. OPSCON #2 Note: This will be a real time demo 53
  • 54. Setup • As before, start ODL, connect switch to controller and “pingall” 54
  • 55. ODL Shows Connected L2 Interfaces 55
  • 56. Baseline: Push a file from DMZ to EXT mininet> dmz curl http://10.0.1.102 --upload-file test.txt • EXT Server Shows Successful PUT 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" • TCPDUMP on firewall shows egress scan traffic (as expected) 56
  • 57. Install the Flows via RESTCONF API • Either via POSTMAN or CURL curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_404.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/404 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_505.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/505 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_606.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/606 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_707.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/707 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_808.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/808 2>&1 | grep HTTP/1.1 curl -v -H "Content-Type: application/xml" -X PUT --data "@fw_demo_909.xml" -u admin:admin http://localhost:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:3/table/0/flow/909 2>&1 | grep HTTP/1.1 57
  • 58. DMZ PUT a file to EXT mininet> dmz curl http://10.0.1.102 --upload-file test.txt • The EXT server shows this second, successful put 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" 200 - 10.0.2.101 - - [10/Jul/2015 14:53:05] "PUT /test.txt HTTP/1.1" 200 - • The firewall TCPDUMP, however does not show additional traffic! 58
  • 59. Plumb Statistics via API • You can see a Match on the flow through the REST API: • http://<controller_IP>:8181/restconf/operational/opendaylight- inventory:nodes/node/openflow:3/table/0/flow/404/flow-statistics/ 59
  • 60. Test DMZ to EXT GET (Ingress) • Use a Dummy IP to trigger a flow match. • The egress port of the switch will NAT it back to the real destination IP. • We see instant feedback on the Mininet Console 60
  • 61. EXT Server Shows Successful Get 10.0.2.101 - - [10/Jul/2015 14:50:22] "PUT /test.txt HTTP/1.1" 200 - 10.0.2.101 - - [10/Jul/2015 14:53:05] "PUT /test.txt HTTP/1.1" 200 - 6.6.6.6 - - [10/Jul/2015 15:01:27] "GET / HTTP/1.1" 200 - • Note Dummy IP 61
  • 62. FW TCPDUMP Shows DMZ to EXT GET Scan 62
  • 63. Verify All EXT  DMZ Traffic Scan • Do PUT and GET 63
  • 64. DMZ Server Log Shows Success for Both 64
  • 65. TCPDUMP: All EXT to DMZ traffic scanned 65