This document discusses the evolution of network virtualization. It begins with an overview of using VLANs for network virtualization, which provides L2 isolation but has limitations around scalability and management. OpenFlow is presented as an early approach that uses a centralized controller but has performance impacts. The document then introduces network overlays using software-defined networking as a more advanced approach, allowing network services to be decoupled from physical network hardware for improved scalability, agility and fault tolerance. It provides an overview of using the Midokura network virtualization platform with OpenStack Neutron for network automation and management.
Nuage Arista Hardware VTEP. Demoing the integration of Arista switch into Nuage VSP and automatic way of building Vxlan tunnels from virtual to bare metal infrastructure.
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
This document discusses troubleshooting VXLAN and network services in a virtualized environment using VMware NSX. It covers VXLAN packet flow, NSX enhancements to the data and control planes, configuration and consumption demos, packet walks in unicast mode, troubleshooting demos using NSX Manager tools, dynamic routing details and demos, and network virtualization operations. The key takeaways are that multicast is not required in the physical network for VXLAN, NSX provides tools to troubleshoot networks and services, and NSX integrates with operations tools for analysis and alerting.
The document provides an overview of network virtualization and the Network Virtualization Platform (NVP). It defines network virtualization as decoupling, automating, and making network behavior independent of physical network state. NVP allows for logical networks that are isolated, location-independent and independent of physical network changes. It introduces NVP components and architecture including the control plane, gateways, service nodes, and integration with hypervisors and OpenStack. The document also discusses treating physical networks like compute servers and fabric/pod network designs.
This document introduces programmable virtual networks and discusses their advantages over traditional network slicing. It describes FlowVisor, an early network slicing tool, and its limitations in providing full network virtualization. The document then introduces OpenVirteX, a new system that aims to provide complete programmable virtual networks through topology, address, and policy virtualization. OpenVirteX maps virtual and physical network elements and allows independent control of virtual networks. While still in development, OpenVirteX has the potential to enable more flexible and innovative virtualized networks than previous solutions.
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
MidoNet 101: Face to Face with the Distributed SDNMidoNet
Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
OpenContrail Silicon Valley Meetup Aug 25 2015Scott Sneddon
The document discusses SDN market trends based on an SDxCentral report. It summarizes that the SDN, NFV, and network virtualization market is expected to exceed $105 billion by 2020 according to the report. It also provides details on SDN controllers, including major open source and commercial controllers. The rest of the document discusses use cases, selection criteria for controllers, and SDN adoption trends seen by the speaker.
This document discusses deploying VMware NSX Network Virtualization. It covers:
1. The objectives are to learn about NSX deployments with multiple hypervisors, NSX components required, and packet flows in logical networks.
2. The NSX architecture includes features like logical switching, routing, firewall, load balancing and VPN. Key components are the NSX controller, vSwitch, logical switches and NSX gateway.
3. Deploying NSX involves building the physical infrastructure, preparing NSX including the controller and manager, and then consuming applications through the network API.
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
Learn the production pros and cons of operating Neutron legacy and HA routers on compute nodes in your production cloud. Not ready for DVR or third-party network overhauls? Virtual router network “hot spots” got you down? Large virtual router failure domains keeping you up late at night? Neutron reference architectures not providing a scalable routing solution? If you answered yes to any of these questions then this talk is for you.
The document discusses software-defined networking (SDN) and OpenFlow, including:
1) OpenFlow allows the control logic to be separated from the forwarding hardware by defining an open interface between the two. This enables more flexible and programmable networks.
2) OpenFlow works by defining flows that match packets and actions that are applied to the matched packets. The flows are populated and managed by an external controller through the OpenFlow protocol.
3) OpenFlow is being deployed in over 100 organizations and is enabling network innovation through its programmable and customizable nature.
Technical Deep Dive into MidoNet - Taku Fukushima, Developer at MidokuraMidoNet
Midolman processes network packets in 3 stages:
1. The input stage receives packets from the datapath.
2. The packet processing stage simulates packet forwarding on the virtual topology, determines the egress port, and installs flows.
3. The output stage emits packets and installs flows based on the simulations.
The document discusses MidoNet, a network virtualization platform that provides a boost to OpenStack Neutron. MidoNet uses a distributed model to avoid single points of failure and bottlenecks seen in the OpenStack OVS plugin. It implements logical L2 and L3 switching, interconnectivity with physical networks, distributed firewalling, load balancing and tunneling using technologies like VxLAN and GRE. MidoNet aligns with Neutron APIs for integration into cloud management software.
Understanding network and service virtualizationSDN Hub
This document discusses network and service virtualization technologies. It begins with an overview of challenges with current network architectures and how virtualization addresses them. It then covers three key trends: 1) network virtualization using SDN to program networks dynamically, 2) service virtualization using NFV to virtualize network functions, and 3) new infrastructure tools like Open vSwitch, OpenDaylight, and Docker networking. Finally, it discusses approaches to deploying network and service virtualization and provides a vendor landscape.
Cloud Network Virtualization with Juniper Contrailbuildacloud
Description: Contrail Technology will be discussed covering architecture, capabilities and use cases. It will be followed by a demonstration on current Contrail implementation on CloudStack/Openstack.
Parantap works as a Sr. Director of Solutions Engineering for Contrail Product within Juniper. Before Juniper, Parantap led the network architecture team for Microsoft Online Services (Windows Azure, MS Bing). Prior to Microsoft, Parantap worked as a core engineering manager for UUNet Technologies building Internet backbones.
This presentation will walk through the values and benefits of using service chaining technologies in OPNFV for service composition. The presentation will talk through and demonstrate, in real time, platform service chaining features and capabilities
The document provides an overview of the Juniper SDN landscape and Contrail solution. It begins with introducing the speaker and their background. It then discusses the need for SDN due to challenges in traditional networking. The current SDN landscape includes major players like Cisco, Juniper, VMware, OpenStack and smaller startups. Contrail is positioned as Juniper's SDN overlay solution that integrates with OpenStack and uses standard protocols like BGP, MPLS and XMPP to provide multi-tenancy, overlays, routing and gateway connectivity.
This document provides instructions for setting up a high availability MySQL cluster using Pacemaker, Corosync, and DRBD for storage replication. It outlines the steps to create a DRBD resource, set up Corosync for cluster communication, configure Pacemaker to manage resources and failover, and add a MySQL resource protected by the cluster. The goal is to demonstrate how to build a basic two-node active-active MySQL cluster for high availability using open source clustering tools.
This document discusses the scale-out storage solution Ceph. Ceph provides a distributed object store and file system that allows for scalable storage. It uses RADOS, which is a redundant, autonomic, distributed object store. Ceph has two main components - OSDs, which store data on disks, and MONs which monitor the cluster and maintain metadata. Ceph uses a technique called CRUSH to intelligently place data and replicas across the distributed system. It supports various use cases like virtualization, cloud storage, and large scale storage needs.
This document discusses the scale-out storage capabilities of Ceph. It explains that Ceph uses an object store model called RADOS to allow for scaling storage horizontally across commodity hardware. Ceph uses a technique called CRUSH to automatically replicate and distribute data across its object storage daemons and monitor daemons for redundancy and high availability as more nodes are added. It also describes how Ceph provides block storage, file system, and cloud storage interfaces to stored data through its RADOS Block Device, CephFS, and RADOS Gateway components.
This document provides an overview and agenda for a presentation on OpenStack networking. It begins with an overview of OpenStack architecture and services like Compute, Networking, Identity and Image services. It then discusses basic network components like controllers, compute nodes and networking plugins. Next, it covers networking process flows and dives deeper into the Neutron networking plugin, including the Modular Layer 2 plugin framework and drivers like Open vSwitch. It concludes with a planned demonstration of networking functionality in an OpenStack lab environment.
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingCynthia Thomas
This document provides an overview of the evolution of network virtualization and OpenStack networking. It describes how networking started with manually configured VLANs, moved to OpenFlow which required programming flows, and then to network overlays using software defined networking. It outlines the requirements for network virtualization. It also details the evolution of OpenStack networking from Nova network to Quantum/Neutron, including the transition to using overlays and supporting plugins. Key features of Neutron are summarized, as well as upcoming features planned for future OpenStack releases.
Contrail provides software defined networking and virtual network capabilities for OpenStack clouds. Key components of Contrail include the Contrail controller, vRouters running on hypervisors, and integration with OpenStack using Neutron and Nova. Virtual networks in Contrail can be created which provide isolation between groups of virtual machines and connectivity to physical networks.
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
This document introduces software defined networking (SDN) and network functions virtualization (NFV) concepts. It discusses challenges with traditional networking and how SDN and NFV address these by decoupling the control and data planes, centralizing network intelligence, and abstracting the underlying network infrastructure. It then provides examples of open source SDN technologies like OpenDaylight, Open vSwitch, and OpenStack that can be used to build programmable software-defined networks and virtualized network functions.
This document introduces software defined networking (SDN) and network functions virtualization (NFV) concepts. It discusses challenges with traditional networking and how SDN and NFV address these by decoupling the control and data planes, making the network programmable through APIs, and virtualizing network functions. It then provides examples of open source SDN platforms like OpenDaylight, Open vSwitch, and OpenStack that enable building virtual networks and service chains.
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Quantum is an OpenStack networking project that provides networking as a service between interfaces managed by other projects like Nova. It uses plugins to support different networking technologies and providers. Quantum provides advanced network topologies and tenant control over networking that was not possible with just Nova networking. The Grizzly release includes improvements to security groups, load balancing as a service, new plugins, and seamless upgrades from Folsom.
Quantum is an OpenStack networking project that provides networking as a service. It uses plugins to support various technologies like SDN, overlay tunneling, and fabric solutions. This allows tenants to create their own network topologies with control over addressing, segmentation, and services. Quantum provides APIs for networks, subnets, and ports that integrate with Nova to attach virtual network interfaces to instances.
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
OpenStack is HOT! No doubt about it. A recent survey by The New Stack and The Linux Foundation shows OpenStack as the most popular open source project ahead of other hot projects like Docker and KVM. OpenStack is now taking its rightful place as the open source cloud solution for enterprises and service providers.
To date OpenStack networking has not yet achieved the performance, scalability and reliability that many large enterprises demand. CPLANE NETWORKS solves that problem by delivering secure multi-tenant virtual networking that overcomes the limitations of the standard Neutron networking service. By making all networking services local to the compute node and achieving near line-rate throughput, CPLANE NETWORKS Dynamic Virtual Networks (DVN) delivers mega-scale networking for the most demanding application environments.
In this session John Casey will cover the basics of DVN and explain how CPLANE NETWORKS achieves "at scale" network performance within and across data centers.
About John Casey
John Casey has over 20 years of deep technology leadership. His proven success with a variety of technical leadership roles in Telecom, Enterprise and Government and in software design and development provide the foundation for the system architecture and engineering team.
Previously John led worldwide deployment teams for both IBM’s Software Group and Narus, Inc. His work in large scale, high performance system design at Transarc Labs and Walker Interactive Systems brings leadership to the CPLANE NETWORKS product suite.
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
- The keynote at the OpenStack 2012 Fall Summit highlighted Rackspace's decreasing contribution to OpenStack commits over time and Rackspace's private cloud which runs OpenStack and sees high usage.
- The Quantum project in OpenStack provides network connectivity as a service and allows different virtualization technologies to be plugged in as backends. It has evolved to add L3 and L4-L7 network services.
- Quantum uses a plugin architecture so that different virtual network backends like Open vSwitch, Linux bridge can be used. Extensions allow for additional network properties and new services like routing, load balancing to be added.
Dave Chandler Presents SDN at World Wide Technology's TECday - St. LouisWorld Wide Technology
This document provides an overview of enterprise networking solutions offered by ATC Solutions Engineering. It discusses their mission to deliver value through networking solution assessments and provide clarity for business technology decisions. It then lists and briefly describes various networking domains and solutions they consult on, such as data center networking, campus/branch networking, software-defined networking, and lab as a service.
Network virtualization allows sharing of physical network infrastructure between multiple virtual networks through abstraction and tunneling techniques. It provides benefits like increased infrastructure utilization, scalability, agility, and security. Common virtualization techniques include VLANs to divide switches into logical segments, DWDM to multiply fiber bandwidth, VRFs to partition routers, and tunneling protocols like GRE, VXLAN, and MPLS to encapsulate and transport traffic across physical networks. Overlay networks further abstract the physical underlay into virtual topologies to support multiple isolated tenant networks on shared infrastructure.
This document provides an overview and update on VMware's NSX network virtualization platform and previews future directions. It discusses expanding NSX capabilities like physical network integration, new encapsulation formats, and multi-site network virtualization. The presentation also explores advanced topics such as distributed logical routing, handling elephant flows, and enabling service chaining through network virtualization. Overall, the document outlines how NSX provides network virtualization and previews exciting new capabilities and use cases for virtualized networking.
Similar to CloudKC: Evolution of Network Virtualization (20)
CNSCon 2024 Lightning Talk: Don’t Make Me Impersonate My IdentityCynthia Thomas
Identities are a crucial part of running workloads on Kubernetes. How do you ensure Pods can securely access Cloud resources? In this lightning talk, you will learn how large Cloud providers work together to share Identity Provider responsibilities in order to federate identities in multi-cloud environments.
KubeCon NA'22 Lightning Talk: Where did all my IPs go?Cynthia Thomas
Kubernetes cluster planning requires quite a few things to get started. What about IPs? Common IP management hurdles with Kubernetes clusters include IP assignments when building a cluster and challenges faced when deploying in a multi-faceted environment. Kubernetes Admins often need to use IP addressing handed out by Network Admins juggling other non-k8s workload IP assignments and IP exhaustion. In this talk, Cynthia will discuss new and existing KEPs that SIG-network has implemented to help mitigate IP challenges. Such features include discontiguous cluster CIDRs and the journey to IPv6. Cynthia will also discuss how the best practices for Kubernetes IP management are changing with these new capabilities to help scale and grow instead of rebuild.
https://sched.co/184sj
Kernel advantages for Istio realized with CiliumCynthia Thomas
Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible.
Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.
Cilium:: Application-Aware Microservices via BPFCynthia Thomas
Intro to Cilium Microservices Security with Kubernetes Integration
Open Source Cilium website: cilium.io
GH: github.com/cilium/cilium
Join our Slack! cilium.herokuapp.com
Follow us on Twitter!
@ciliumproject
@_techcet_
Cilium: Seattle Kubernetes MeetUp Dec 2017Cynthia Thomas
BPF (Berkeley Packet Filter) is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security and tracing. At the same time, the rise of container-based orchestration platforms such as Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient.
This talk introduces the open source project Cilium - a modern networking and security platform for microservices. Cilium is built on top of BPF and provides Linux native networking and security services with application protocol awareness. Cilium works hand in hand with application proxies such as Envoy and the services management orchestration layer Istio to provide infrastructure services in a transparent manner and with minimal overhead. This talk will discuss the challenges of exposing services via APIs and the solution that Cilium provides to enforce least privilege security.
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCynthia Thomas
We have introduced Cilium at DockerCon US 2017 this year. Cilium provides application-aware network connectivity, security, and load-balancing for containers. This talk will follow up on the introduction and deep dive into recent kernel developments that address two fundamental questions: How can I provide application-aware security and routing efficiently without overhead embedded into every service? How can container hosts protect themselves from internal and external DDoS attacks? The solutions include:
kproxy: a kernel-based socket proxy which allows for application-aware routing and security enforcement with minimal overhead.
XDP: A lightning-fast packet processing datapath using BPF. The technology is intended for DDoS mitigation, load-balancing, and forwarding.
This talk will deep dive into these exciting technologies and show how Cilium makes BPF and these kernel features available on Linux for your Docker containers.
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Retrieval Augmented Generation Evaluation with RagasZilliz
Retrieval Augmented Generation (RAG) enhances chatbots by incorporating custom data in the prompt. Using large language models (LLMs) as judge has gained prominence in modern RAG systems. This talk will demo Ragas, an open-source automation tool for RAG evaluations. Christy will talk about and demo evaluating a RAG pipeline using Milvus and RAG metrics like context F1-score and answer correctness.
The History of Embeddings & Multimodal EmbeddingsZilliz
Frank Liu will walk through the history of embeddings and how we got to the cool embedding models used today. He'll end with a demo on how multimodal RAG is used.
"Making .NET Application Even Faster", Sergey Teplyakov.pptxFwdays
In this talk we're going to explore performance improvement lifecycle, starting with setting the performance goals, using profilers to figure out the bottle necks, making a fix and validating that the fix works by benchmarking it. The talk will be useful for novice and seasoned .NET developers and architects interested in making their application fast and understanding how things work under the hood.
How UiPath Discovery Suite supports identification of Agentic Process Automat...DianaGray10
📚 Understand the basics of the newly persona-based LLM-powered Agentic Process Automation and discover how existing UiPath Discovery Suite products like Communication Mining, Process Mining, and Task Mining can be leveraged to identify APA candidates.
Topics Covered:
💡 Idea Behind APA: Explore the innovative concept of Agentic Process Automation and its significance in modern workflows.
🔄 How APA is Different from RPA: Learn the key differences between Agentic Process Automation and Robotic Process Automation.
🚀 Discover the Advantages of APA: Uncover the unique benefits of implementing APA in your organization.
🔍 Identifying APA Candidates with UiPath Discovery Products: See how UiPath's Communication Mining, Process Mining, and Task Mining tools can help pinpoint potential APA candidates.
🔮 Discussion on Expected Future Impacts: Engage in a discussion on the potential future impacts of APA on various industries and business processes.
Enhance your knowledge on the forefront of automation technology and stay ahead with Agentic Process Automation. 🧠💼✨
Speakers:
Arun Kumar Asokan, Delivery Director (US) @ qBotica and UiPath MVP
Naveen Chatlapalli, Solution Architect @ Ashling Partners and UiPath MVP
Demystifying Neural Networks And Building Cybersecurity ApplicationsPriyanka Aash
In today's rapidly evolving technological landscape, Artificial Neural Networks (ANNs) have emerged as a cornerstone of artificial intelligence, revolutionizing various fields including cybersecurity. Inspired by the intricacies of the human brain, ANNs have a rich history and a complex structure that enables them to learn and make decisions. This blog aims to unravel the mysteries of neural networks, explore their mathematical foundations, and demonstrate their practical applications, particularly in building robust malware detection systems using Convolutional Neural Networks (CNNs).
Top 12 AI Technology Trends For 2024.pdfMarrie Morris
Technology has become an irreplaceable component of our daily lives. The role of AI in technology revolutionizes our lives for the betterment of the future. In this article, we will learn about the top 12 AI technology trends for 2024.
Self-Healing Test Automation Framework - HealeniumKnoldus Inc.
Revolutionize your test automation with Healenium's self-healing framework. Automate test maintenance, reduce flakes, and increase efficiency. Learn how to build a robust test automation foundation. Discover the power of self-healing tests. Transform your testing experience.
Choosing the Best Outlook OST to PST Converter: Key Features and Considerationswebbyacad software
When looking for a good software utility to convert Outlook OST files to PST format, it is important to find one that is easy to use and has useful features. WebbyAcad OST to PST Converter Tool is a great choice because it is simple to use for anyone, whether you are tech-savvy or not. It can smoothly change your files to PST while keeping all your data safe and secure. Plus, it can handle large amounts of data and convert multiple files at once, which can save you a lot of time. It even comes with 24*7 technical support assistance and a free trial, so you can try it out before making a decision. Whether you need to recover, move, or back up your data, Webbyacad OST to PST Converter is a reliable option that gives you all the support you need to manage your Outlook data effectively.
Keynote : AI & Future Of Offensive SecurityPriyanka Aash
In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such as continuous threat simulation, autonomous attack path generation, and the creation of sophisticated attack payloads. The discussions underscore how AI-powered tools like AI-based penetration testing can outpace traditional methods, enhancing security posture by efficiently identifying and mitigating vulnerabilities across complex attack surfaces. The use of AI in red teaming further amplifies these capabilities, allowing organizations to validate security controls effectively against diverse adversarial scenarios. These advancements not only streamline testing processes but also bolster defense strategies, ensuring readiness against evolving cyber threats.
Increase Quality with User Access Policies - July 2024Peter Caitens
⭐️ Increase Quality with User Access Policies ⭐️, presented by Peter Caitens and Adam Best of Salesforce. View the slides from this session to hear all about “User Access Policies” and how they can help you onboard users faster with greater quality.
This PDF delves into the aspects of information security from a forensic perspective, focusing on privacy leaks. It provides insights into the methods and tools used in forensic investigations to uncover and mitigate privacy breaches in mobile and cloud environments.
The Challenge of Interpretability in Generative AI Models.pdfSara Kroft
Navigating the intricacies of generative AI models reveals a pressing challenge: interpretability. Our blog delves into the complexities of understanding how these advanced models make decisions, shedding light on the mechanisms behind their outputs. Explore the latest research, practical implications, and ethical considerations, as we unravel the opaque processes that drive generative AI. Join us in this insightful journey to demystify the black box of artificial intelligence.
Dive into the complexities of generative AI with our blog on interpretability. Find out why making AI models understandable is key to trust and ethical use and discover current efforts to tackle this big challenge.
4. What is Network Virtualization (NV)?
3
Taking logical (virtual) networks
and services, and decoupling
them from the underlying network
hardware.
Well suited for highly virtualized
environments.
Any Application
Virtual Networks
Any Cloud Management Platform
MidoNet
Virtualiza&on
PlaOorm
Distributed
Firewall
Logical
L2
Existing Network Hardware
service
Distributed
Load
Balancer
ser
Distributed
VPN
Service
Logical
L3
KVM, ESXi, Xen LXC
5. Requirements for NV
4
Requirements
4
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
6. Requirements for NV
5
Requirements
5
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Isolated tenant
networks
(virtual data center)
7. Requirements for NV
6
Requirements
6
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
L3 Isolation
(similar to VPC and VRF)
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
8. Requirements for NV
Redundant, optimized, and
fault tolerant paths to to/
from external networks
(e.g. via eBGP)
7
Requirements
7
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Fault-tolerant devices and links
9. Requirements for NV
8
8
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Fault-tolerant devices and links
Fault tolerant
devices and links
10. Requirements for NV
9
Device-agnostic networking services:
• Load Balancing
• Firewalls
• Stateful NAT
• VPN
Networks and services must be fault
tolerant and scalable
12. Bonus Requirements for NV
11
Integration with cloud or
virtualization management
systems.
Optimize network by exploiting
management configuration.
Single virtual hop for networking
services
Fully distributed control plane
(ARP, DHCP, ICMP)
13. Checklist for Network Virtualization
12
q Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
q L2 isolation
q L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic Ips
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
q Single Pane of Glass (API, CLI, GUI)
q Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
14. Evolution of Network Virtualization
13
INNOVATION
IN
NETWORKING
AGILITY
VLAN
APPROACH
Manual End-to-End
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
13
15. Using VLANs for NV
14
q Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
ü L2 isolation
q L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic IPs
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
q Single Pane of Glass (API, CLI, GUI)
q Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
16. Evolution of Network Virtualization
15
INNOVATION
IN
NETWORKING
AGILITY
OPENFLOW
REACTIVE
APPOACH
Reactive End-to-End
Requires programming
of flows
• Limited scalability
• Hard to manage
• Impact to
performance
• Still requires tenant
state in physical
network
VLAN
APPROACH
Manual End-to-End
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
15
17. What is OpenFlow?
16
A communication protocol that gives access to the forwarding
plane of a network switch over the network.
18. What is OpenFlow?
17
A centralized remote controller
decides the path of packets
through the switches
19. Using OpenFlow for NV
18
ü Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
ü L2 isolation
△ L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic IPs
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
△ Single Pane of Glass (API, CLI, GUI)
△ Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
20. Evolution of Network Virtualization
19
PROACTIVE
INNOVATION
IN
NETWORKING
AGILITY
SOFTWARE OVERLAY
Virtual Network
Overlays
Decoupling hardware
and software
• Cloud-ready agility
• Unlimited scalability
• Open, standards-based
• No impact to physical
network
OPENFLOW
REACTIVE
APPOACH
Reactive End-to-End
Requires programming
of flows
• Limited scalability
• Hard to manage
• Impact to
performance
• Still requires tenant
state in physical
network
VLAN
APPROACH
Manual End-to-End
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
19
21. 20
How do overlays achieve
real network
virtualization?
34. 33
Before
Neutron:
Nova
Networking
#
Nova-Networking was the only option in OpenStack prior to Quantum/Neutron.
Still available today as an alternative to Neutron, but will likely be phased out.
#
Options Available within nova-networking initially:
• Only Flat
• Flat DHCP
#
Limitations
• No flexibility with topologies (no 3-tier)
• Tenants can’t create/manage L3 Routers
• Scaling limitations (L2 domain)#
• No 3rd party vendors supported
• Complex HA model#
35. 34
Nova-‐network
slightly
evolves
Introduced VLAN DHCP mode
Improvements:
• L2 Isolation – each project gets a
VLAN assigned to it
#
Limitations
• Need to pre-configure VLANs on
physical network.
• Scaling Limitations - VLANs
• No L3
• No 3-tier topologies
• No 3rd party vendors
36. Introducing
Neutron
35
OpenStack Networking as a first
class Service
#
• Pluggable Architecture
• Standard API
• Many choices#
#
Plugins Available!
• MidoNet!
• OVS Plugin
• Linux Bridges
• Flat DHCP
• VLAN DHCP#
• ML2
#
#
• Supports Overlay Technology
• More Services (LBaaS, VPNaaS)
• Flexible network topologies#
#
#
#
• NSX
• Plumgrid#
• Nuage#
• Contrail
• Ryu#
38. OVS Agent - receives tunnel/flow setup info from OVS Plugin, and programs Open
vSwitch to setup tunnels and send traffic through the tunnel#
#
DHCP Agent - Sets up dnsmasq in a namespace per network/subnet and enters mac/
ip into dhcp lease file
#
L3 Agent – OVS Plugin orchestrates to set up IPTables, Routing, NAT tables#
37
OVS
Open
Source
Plugin
39. 38
Challenges
with
OVS
Plugin
Neutron Network Node is a SPOF#
Need to use corosync, etc for active/standby failover.
#
Challenging at Scale
Since there’s a single network node, this becomes a bottleneck fairly quickly.
!
Inefficient Networking
IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic
and added latency on your physical network
!
41. 40
MidoNet
Network
Virtualiza&on
PlaOorm
Logical
L2
Switching
-‐
L2
isola&on
and
path
op&miza&on
with
distributed
virtual
switching
Interconnect
with
VLAN
enabled
network
via
L2
Gateway
Logical
L3
Rou&ng
–
L3
isola&on
and
rou&ng
between
virtual
networks
No
need
to
exit
the
so]ware
container
-‐
no
hardware
required
Distributed
Firewall
–
Provides
ACLs,
high
performance
kernel
integrated
firewall
via
a
flexible
rule
chain
system
Logical
Layer
4
Load
Balancer
–
Provides
applica&on
load
balancing
in
so]ware
form
-‐
no
need
for
hardware
based
firewalls
VxLAN/GRE
–
Provides
VxLAN
and
GRE
tunneling
Provides
L2
connec&vity
across
L3
transport.
This
is
useful
when
L2
fabric
doesn’t
reach
all
the
way
from
the
racks
hos&ng
the
VMs
to
the
physical
L2
segment
of
interest.
MidoNet/Neutron
API–
Alignment
with
OpenStack
Neutron’s
API
for
integra&on
into
compa&ble
cloud
management
so]ware
Any Application
OpenStack/Cloud Management System
MidoNet
Network
Virtualiza&on
PlaOorm
v
Distributed
Firewall
Layer
4
Load
Balancer
Logical
L2
Logical
L3
Any Network Hardware
VxLAN/GRE
Any Hypervisor
NAT
MidoNet
/
Neutron
API
NAT
–
Provides
Dynamic
NAT,
Port
masquerading
42. OpenStack
Integra&on
5
Easy
integra&on
with
OpenStack:
MidoNet
provides
a
plugin
for
Neutron.
MidoNet Plugin
44. Use
Cases
Automated
Provisioning
Isolated
Sandboxes
Enhanced
Security
Enable
Compliance
Scale
out
L3
Gateway
Bridge
legacy
VLANs
Do it Faster Do it Bigger
Val u e
Agility
Provide rapid
provisioning of isolated
network infrastructure for
labs and devops.
Logical
Network
Provisioning
Control
Network admins can
better secure, control &
view network traffic.
Single
Pane
of
Glass
OpsTools
Do it Better
IaaS
Cloud
Build multi-tenant
clouds with visibility
into usage.
Tenant
Control
Automated
Self Service
Metering
Performance
Improve network
performance using edge
overlay & complementary
technologies.
Single
Hop
Virtual
Networking
VXLAN
Hardware
Gateway
Massive
performance
with
40Gb
Support
Scale
Add virtual network infra
& services simply &
resiliently without
hardware & bottlenecks.
Distributed
Logical
Networking
FW,
LB,
L2/3,
NAT
Limitless
“VLANs”
IPv6
Solution for
OpenStack
Networking
Use MN to overcome
limitations of Neutron for
OpenStack users.
Replaces OVS
Plugin
48. NVOs can’t ignore the physical network
47
Dynamic changes to logical
network are not dependent on the
physical network configuration.
Sharing state to and from the
physical network can be
supplementary.
- Monitoring
- Traffic Engineering
50. NVOs provide a wealth of information
49
NVOs centralize information on
your network
We can start taking advantage of
this information
- Security
- Compliance
- Optimizing Networks
52. Midokura VTEP Solution
51
IP Fabric
MidoNet MidoNet
Virtual
Any
Cloud
Management
PlaHorm
MidoNet
Network
State
Database
VM VM VM VM VM VM
OVSDBc
Server
Storage
Services
Physical
VM VM
VTEP
TCP/IP
OVSDB
VxLAN Tunnel
Physical Connection
Key
OVSDBs
54. Performance
40Gb
VxLAN
Offloading:
virtualized
environments
require
high
throughput
infrastructure
• Integra&on
with
Mellanox
provides
40
Gbps
satura&on
• VxLAN
offloading
improves
CPU
u&liza&on
levels
• Scale
with
performance
through
HW
interconnect
• Increase
throughput
with
offloading
where
no
offloading
would
otherwise
have
flat
results
• High
bandwidth
can
now
be
achieved
in
so]ware