Clean Pipes with Open, Programmable 100G DDoS Mitigation
Time 10/17/17 09:30AM-09:50AM
Room Grand Ballroom A
Better Security What is the problem with middle boxes and traditional hardware appliances? To start, they are fixed function and age-out too quickly: They are sold to be one thing and it costs more money and degrades performance if you want to add capability. Traffic growth is adding to the strain on these boxes – raw throughput, # sessions, session rates, session capacitance limits. IoT is looming and will cause further issue.
A better security box is programmable throughout its lifecycle, following the trend of data centers and networking in general. It is an enforcement engine with flow forwarding to any number of VNFs with a networking approach to offloading functions such as: Logging, DDoS, IPS, blacklisting and whitelisting, advanced threat protection (Zero day protection), CDN filtering, IPSec clustering, NAT. These VNFs are turned up by a central controller where policy can be maintained, without degrading performance, and can be upgraded at no cost, at any time, without the need to license new software. Ultra-granular network statistics, visibility, and alerts are available when and where needed. As more capacity is needed, further capacity is brought on through meshing additional boxes all under central control. As more applications are defined, analytical, programmable DDoS deals with this. Using SDN controller like thinking, this is just the beginning. This session will explore this vision of open, programmable DDoS and how networks can evolve to this quickly and easily to start and with more capability brought on over time. Topics covered will include Exabgp, service chaining, dynamic white/blacklisting, active flow monitoring, dynamic flow-level rate limiting and others.
Speaker Yatish Kumar Corsa Technology
Primary track Advanced Networking
Secondary tracks Information Security