SDN – Software Defined Networking Crash Course

I had to throw this together the whole day sitting here watching everything so morning this is very lightning yeah so I'm presenting soppy Defined Networking a crash course firstly Who am I I'm Keegan javis been running the speaker ups today hurting everyone making sure talks going rots hope everyone heard everything fun about me about to future employee gonna be software development developer thinks working on things canary currently finishing my master's in electrical engineering yeah previously was working as a full-time Python developer slash DevOps also involved in Cape Town so us meetup we do try to do a monthly in Passaic talk like this look us up on meetup we you know normally have talks the whole time see

up just gonna start off with what the hell's Software Defined Networking is we can have a very quick look at what the fundamentals is a software-defined network networking is so I'm gonna start from the bottom up software-defined networking is all about taking your switches and just completely dumbing them down in large carrier networks switches used to have a hell of a lot of control infrastructure put into them that's just became unscalable to mesh together so someone from Stanford or Berkeley 2010 decided to completely remove the control logic from switches and to do that they created the southbound API up into a network operating system so within a software-defined networking enabled network you have every switch have

nothing no logic other than a forwarding flow table so anytime any type of packet came into a switch the switch would check its own flow table see yes okay I know exactly which ports MAC address IP to send that off to if not i'll reach out to the network operating system and the network operating system will reach back to me and tell me what to do that southbound api that it reaches out to is called a the main enabler main enabler for this is called a open flow yeah next slide I'll give a better breakdown of open flow and whether open floats have a packet looks like and then in terms of extendibility you can always write network

applications that run on top of that network operating system it's very much abstracted just like any other operating system like Linux or anything you can write modules that implement directly into the network operating system or you can have a REST API that constantly pulls the network operating system so in terms of open flow or the southbound APR you can see this is a typical type of message that gets sent up to the to the network operating system from the switch it has a whole bunch of like where it's coming from Mac IP address VLAN ID all of these from these they should be logic up at the network operating system or the network applications that then knows how to

exactly what to do with the switch and replies back to the switch and installs the flow rule but then there's all the switches then know exactly how to follow that flow ok so if you were ever wanting to get started using a software fan networking the best place to start is mini nets it is a brilliant little emulator tool you can on your own laptops set up a whole software-defined network that's just God's however many hosts you wants all connected with switches virtual Ethernet links all connected up to a controller that you can or network operating system that you can control you can also set it to a remote controller that you could then work with on yourself container Nets is

a fork very nice entertaining folk that I've been playing with instead of many nets if you want to spin up specific containers as your hosts on the network rather than VMs in terms of the controllers Ryu it's a python-based one it is it's completely designed for just doing quick talks on anything you and everything you want to do on software-defined networks open daylight's a lot more production level and yeah it's used in a lot of carrier networks and all that stuff some of the actual switches that need to have open flow need to be up and flow enabled open V switch many of you used in setting up your own infrastructure they're all already got open flow enabled all you

need to do is just tell the open V switch where the network operating system is pointed up to it and yeah it's open flow in it Sdn enabled quick one in terms of what uses you can get out of a Sdn from as a blue team it really allows a holistic view of the entire network at the network operating system and then you can also also any flow you see foots so that allows for you to quarantine and completely section off completes section of nodes from the network completely or reroute them to whatever you want to it does come with a little bit extra you obviously need to make sure that's a TLS set up between your switches and your

your network operating system otherwise yeah you can sniff all that's open flow stuff obviously the controller the network operating system becomes a big juicy target for hackers so when it comes to red team's it's just that Nick with operating system anyone with a compromised it's you can have a heyday on that person network it's yeah you literally just it is as it says you will control the entire network you would just be able to reroute anything to wherever you want kill networks everything yeah in terms of this I'm just doing a quick Network and research I'm just doing a quick network intrusion prevention system using so for the phone networks I've had to apply to a telecom system which

ignore all the telecom type of names just imagine this is a normal network all the dotted lines or network paths that aren't critical to the functionality of the network at all all the dark ones or what is necessary to run you have your main database which is your high-value assets and you have an edge node lots of edge nodes that are used for admin and all that's if one of those would be compromised what I've done using so far networks is if anyone would ever go across one of the non-critical paths the system or network application can immediately be triggered saying that's not critical path why following that must be a malicious Network fluid so in terms of that then I

say cool yes obviously this is Network flow I'm going to quickly deploy a new decoy docker container version of the main database and redirect all flows to that so essentially you're allowing the whole network to carry on functioning as is while quarantine in the node that's been compromised yeah in terms of this had some inspiration from things Canaries shameless self plug and there's a great talk from Nathan Clyde shirt the 2017 enigma corn basically discussing how how cyber security can learn from the secret service and just the strict control rules that you put in place and how that leads to better alerting and better yeah work for blue team's on networks yeah and that's it any

questions

yes what would be the best use case for like Sdn would this be like for like datacenter designs can you use it like to replace like your top of rack I don't know like I just I have I don't really have that much idea so I know for example cloud cloud implementation software SDNS alike very popular thing there yeah so at the moment it's mostly been used in carrier networks and in large data centers it's just as I say when it came to scaling out networks when all those switches had too much control and then they need to completely separate that outside the hardware and put it into its own logical centralized units so it's mostly like data centers

and carrier networks at the moment that's using it