Service Provider Technologies
  • Segment Routing
    www.bloggang.com/viewblog.php?id=likecisco&date=19-11-2016&group=12&gblog=1
    www.facebook.com/groups/CCNAHunterGroup/permalink/1707585259544859

    MPLS L3VPN Inter-AS Option A, B, and C
    www.bloggang.com/viewblog.php?id=likecisco&date=29-12-2016&group=12&gblog=2

    MPLS-TE: เปรียบเทียบ SPF (OSPF/ISIS) กับ CSPF (OSPF-TE/ISIS-TE)
    www.bloggang.com/viewblog.php?id=likecisco&date=28-06-2017&group=12&gblog=3

    IP Networks for the cloud, 5G and IoT era:

    IP Network Requirements:
    • Multiples - Capacity and fan-in
    • Superior - Capability and agility
    • Fraction - OpEx and complexity

    Networks of the future must be:

    • Bigger, faster & more efficient
    • Safer
    • More adaptable
    image
    Connecting the Internet of Things - New opportunities, and threats:
    • No perimeter:
      • Large attack surface
      • Countless sources
    • Malicious user traffic:
      • Hackers and cyber criminals
      • Terrorists and anarchists
    • Many vulnerabilities:
      • Hijacked cloud servers, IoT devices
      • Essential services (DNS, AAA, NFV)
    • Distributed DoS attacks:
      • Causing widespread outages
      • Increasing frequency and volume

      Denial of service = no service! Service availability is gated by network security

    image
    Unmitigated DDoS attacks can cause massive outages within hours - Time is of the essence to detect and stop them

    Major DDOS attack on Dyn disrupts AWS, Twitter, Spotify and more - 21 Oct. 2016 by Sebastian
    image
    Cloud and IoT are fueling major DDoS attacks - Security is an ongoing and evolving threat:
    • Increasing scale and complexity:
      • Higher internet upload speeds
      • More connected IoT devices
      • Many vulnerabilities. DDoS as a service
    • Increasing attack frequency:
      • 100G+ attacks are a daily occurrence
      • Bi-weekly attacks in 300 - 600G range
      • Multiple attackers (Mirai, Kaiten, XOR, Spike, ...)

    Mirai: The first open-source IoT botnet:

    • Sep 2016:
      • 600G attack on security expert Brian Kreb's website
      • 1.1T attack on OVH, a French web hosting company
    • Oct:
      • Mirai source code is released in public domain
      • 1T+ flooding attack on DynDNS
    • Nov:
      • Attack on DT, disabling 900,000 home routers

    Terabit DDoS attacks will soon be the norm. Is your network prepared for this?

    DDoS mitigation Present Mode - The network is part of the problem:

    • IP routers backhaul DDoS traffic to scrubbing center
    • Network appliances detect and filter DDoS traffic
    • High cost, partial protection and poor scalability
    image

    Escalating cost of backhaul capacity and scrubbing appliances to mitigate DDoS attacks

    DDoS mitigation Future Mode - The network is part of the solution:

    • Cloud-based DDoS detection and analysis
    • Filtering volumetric DDoS traffic at the IP edge
    • Network-wide protection with superior scalability
    image

    Scalable, distributed solution to mitigate volumetric Distributed Denial-of-Service attacks

    Detecting and mitigating DDoS attacks - Packet inspection and signature detection:

    DDos flows can be detected by inspecting the IP packet payload for tell-tale signature patterns:

    • Conventional IP routers are incapable to look beyond the "5 tuple" IP packet header field
    • DPI appliances can look deeper into the packet, but their forwarding capacity is very limited
    image

    How to mitigate DDoS flooding attacks containing 100,000 of flows?

    Denial of Service attacks: Top 10 threats:

    • UDP amplification-based attacks using "reflection"
    • DNS/NTP reflector attacks:
      • Abuse DNS/NTP protocol aspects to generate a large payload from small requests
      • Use IoT bot-nets to amplify the attack (nature of DDoS)
      • Hard to detect and mitigate. Must be surgically blocked
    image
    Insight driven automation - Growing list of use cases:
    • Automated IP Network Security:
      • Multiple tier 1 SPs - DDoS Attack Mitigation
    • Service automation with dynamic assurance:
      • Multiple tier 1 SPs - Dynamic IP/MPLS services
      • Multiple tier 1 SPs - On-demand IP/MPLS services
    • Multi-dimensional flow steering:
      • Global webscale company - Peering/CDN optimization
      • EMEA content provider - High quality experience
      • APAC tier 1 ISP - High quality OTT experience

    5G Addressing Diversified Network Requirements:

    • Extreme Mobile Broadband:
      • Devices 1.5GB/day
      • Mobility on Demand
      • >10 Gbps peak data rates
      • 10,000 x more traffic
      • 100 Mbps whenever needed
      • Capacity on Demand
    • Critical machine communication:
      • Smart factories 1 PB/day
      • Autonomous driving 1ms latency
      • <1 ms radio latency
      • Coverage on Demand
      • Ultra reliability
    • Massive machine communication:
      • Billions of sensors connected
      • Connectivity on Demand
      • Security on Demand
      • 1 Million Connection/SqKm

    Key trends on the path to 5G - and their implications on transport networks:

    • New spectrum options, multi-connectivity and carrier aggregation - More transport capacity to support 10x rise in demand
    • Densification - Higher port density to accommodate macro/small cells
    • Evolution to Cloud RAN - New RAN architectures, use of ethernet for fronthaul
    • Proximity of content to users - Diverse topologies, Multi-connectivity to different networks
    • 5G/IoT coming but 2G/3G/4G not leaving - Support old and new, w/ scale & security for 1,000x devices
    • Customer experience is king - Adequate transport must be in place ahead of RAN

    The evolution of mobile transport to 5G:

    image
    1. 5G anyhaul
    2. Converged any-G transport 2G/3G/LTE with 5G
    3. Fixed-mobile convergence
    4. Multi-access edge computing (MEC) and radio cloud centers interconnectivity
    5. SDN control

    Universal need for mission-critical communication networks - Different Business Objectives and Challenges:

    • Energy and resources:
      • Power utilities
      • Oil, gas & mining
      • Smart grid
      • Monitoring & automation
    • Transportation:
      • Railways
      • Highways
      • Aviation
      • Passenger experience
      • Efficient operation
    • Public sector:
      • Government
      • Defense
      • Public safety
      • Multi-agency networks
      • Safety and Security
    • Large enterprises
      • Automotive
      • Finance & insurance
      • Healthcare
      • Digital banking
      • Telemedicine, telehealth
    image
    B-)