Radware SDN-Based Solutions

Lior Cohen

June 2013

Copyright © 2013 Radware

About Radware

Slide 2

Over 10,000 Customers Global Technology Partners

- and Application Security Solutions

Attack Mitigation System • DDoS attacks Protection

• Intrusion Prevention

• Web Application Protection

IPS WAF Anti-DoS

Global Leader of Application Delivery

ADC Solutions • L4-L7 Server Load Balancing

• Application Acceleration

• SSL Offloading

SLB Acceleration

Leverage SDN to create:

• More intelligent application delivery and security deployments

• Simpler implementations

• Lower solution costs

• Higher scalability

• Easier and abstracted operation

Enabling a smarter network.

Copyright © 2013 Radware

Current Network Challenges

Slide 3

• Current networks are static, complicated

• Manually managed, device at a time

• Missing application awareness

• Per device S/W packaging of features causes very

slow roll out of new capabilities

• Application velocity of changes far exceed

the pace of network changes

Application delivery and security are implemented

as devices at specific junctions of the network

and traffic flows → limited decision making

Copyright © 2013 Radware

Centralized Network Controller

Network Fabric

Data

forwarding

• SDN separates and centralizes the control plane of the network

• The network becomes dynamic and programmable

Slide 4

Data

forwarding Data

forwarding

Data

forwarding

control

control

control control

Dynamic Network

SDN – The Solution Enabling Architecture

Copyright © 2013 Radware

How is SDN most applicable to your challenges?

Slide 5

Deploy Islands of SDN

17%

Solve a Specific Problem

22%

Foklift Upgrade the network

7%

Not Sure 31%

Other 23%

How is it most likely you will implement SDN?

Automate Network

Operations 27%

Support Server Virtualization

11%

Improve Network Utilization

21%

Improve network Scalability

18%

Other 23%

What do you hope to improve by adopting SDN?

Radware’s SDN applications leverage SDN technologies to provide security and application delivery solutions as a native network services.

We use the programmability nature of SDN to transform the network infrastructure from its current state in which it just hosts (as a “dumb” pipe) application delivery and security services, into a smarter network that is part of the service itself

Copyright © 2013 Radware

Compute Resources

From Device to Network-Wide Services

Slide 7

Network Services

2-Tier Standard Networks

Network services are

at a static choke point

Copyright © 2013 Radware

From Device to Network-Wide Services

Slide 8

Network

Services

Software Defined Networks

SDN

Controller

Compute Resources Services Compute Resources

Network Services

2 Tier Standard Networks

Network services are

at a static choke point Radware SDN

Application

Pervasive network services

Offload basic L4 operations

to the network

L4-7 service resources can be

deployed anywhere on the network;

logically – one resource pool

Copyright © 2013 Radware

Radware’s SDN Application Architectural View

Radware SDN Applications

NB API

Network Controller

Slide 9

SDN Drivers L4-7 Drivers

NorthBound API User Interface

Data Collection +

Programming

Security Apps

ADC & Security Services

ADC Apps 3rd party Apps

Data Collection +

Programming

Ecosystems

Copyright © 2013 Radware

Proactive Application Intelligence and Control

Collect

Control

Resources

Scale-up/down

Scale-out/in

Network

Forward/Drop

Mirror/Copy

Services

Policy

Configuration

Policy and

Configuration

Run Time

Information

Historical

Data

Analyze &

Decide

Copyright © 2013 Radware

DefenseFlow Applications

NB API

Network Controller

Slide 11

SDN Drivers L4-7 Drivers

NorthBound API User Interface

Data Collection +

Programming

Anti-DoS

ADC & Security Services

Distributed ACLs Security Inspection

Data Collection +

Programming

Radware’s SDN Security Apps

A new security control point

Copyright © 2013 Radware

DefenseFlow Application

DefenseFlow - Scalable Attack Mitigation

Mobile Users

Collect

Analyze & Decide

Control

DefenseFlow Diversion

and DefensePro Mitigation

A completely new solution architecture:

• From point security solution to network-wide solution enabled by SDN

• Dynamic, programmable, scalable, easy-to-operate security network service

• Best possible design:

• Always out of path except for under attack

• Unprecedented attack detection span

12

Network Controller

Copyright © 2013 Radware

Nam

e

Address Sec.

Profil

e

RT

traffic

Normal

Baseli

ne

Attack Attack

details

PO1 1.1.1.1/32 WEB 45 50 No -

PO2 2.2.0.0/24 WEB 100 95 No -

Nam

e

Address Sec.

Profil

e

RT

traffic

Normal

Baseli

ne

Attack Attack

details

PO1 1.1.1.1/32 WEB 45 50 No No

PO2 2.2.0.0/24 WEB 800 95 YES SYN

OpenFlow Controller

Slide 13

DefensePro

DefenseFlow

SDN App

“Flow diversion” and

Mitigation

Control

Detection

Analyze & Decide

Programmable Probes

Collect

Security service

provisioning -

Program

DefenseFlow in Action

…

OVS

Hardware NIC

Virtual Switch

Tune the security

policy and baselines

Scrubbing Center

Read byte and packet counter

Match: Dest IP=PO2 IP

Match: Dest IP=PO2 IP, Action: send to IF1

Adaptive Anomaly Decision Surface

Attack Area

Normal

Adapted Area

Traffic parameter

Suspicious

Area

Traffic parameter Traffic parameter

Attack

detected !!!

Copyright © 2013 Radware

Who’s Expressed Interest in DefenseFlow?

Financial Services (FSI)

Carrier and Telecom

MSSP

Cloud and Hosting

Slide 14

Copyright © 2013 Radware

Network Edge Use Case

DC

WAN Edge

Routers

DCI Inet

Network Controller

DefenseFlow POD

• Doesn’t Require Complete SDN

• Inserted into existing networks

without any change (xparent)

• Highly Scalable

• Highly Available

Compute Resources

DC LAN

Copyright © 2013 Radware

POP

Global Network

Network Controller

Compute Resources

DC

Global Network Use Case (Carrier, SP, Backbone)

Slide 16

Inet

Inet

Compute Resources

DC

Scrubbing Center

Instant Diversion

Tunnel Network

Copyright © 2013 Radware

Application Delivery Applications

NB API

Network Controller

Slide 17

SDN Drivers L4-7 Drivers

NorthBound API User Interface

Data Collection +

Programming

ElasticScale

ADC & Security Services

Steering …

Data Collection +

Programming

Radware’s SDN Application Delivery Apps*

* - future directions, no committed time for delivery

Copyright © 2013 Radware

Elastic Scale* – Scalable SDN Services

Slide 18

Network Services

Fabric

Leveraging Virtual Application Delivery

Infrastructure (VADI) :

• Scale out of vADCs

• vADCs can be placed on appliances or

on general purpose HW

• Resource pool management

• DCIM integration with vDirect

Elastic Scale

Application

A completely new solution architecture:

• From legacy ADC cluster to network-wide

service enabled by SDN

• Native SDN scalable service

• Optimal traffic distribution

• Natural use of VADI Infrastructure

• Full elasticity

Application Delivery Service –

Better with SDN

Network

Controller

* - future directions, no committed time for delivery

Copyright © 2013 Radware

SDN Traffic Steering* – Scalable Steering and Services

Slide 19

Steering

Application

Carrier Services

Fabric

Network

Controller

From point, ADC-based steering to network-

wide steering enabled by SDN:

• Distributed resources work logically as one

and can scale in / out

• Resources can be anywhere

• Allows the disaggregation of functions

Classification

Application Delivery Service –

Better with SDN

* - future direction, no committed time for delivery

Copyright © 2013 Radware

Unique ADC and Security Services Disaggregation

• Programmable data collection, monitoring, traffic distribution and steering

• Data collection capabilities:

– Dynamically collect information per need (collection criteria, where, when)

– Vendor agnostic

– Network virtualization agnostic

• Steering and distribution capabilities:

– Resources can be anywhere

– Logically as one pool

– Scale in/out

– Disaggregation of functions

• Radware’s SDN application is the control point that programs the

network to collect and enforce traffic distribution based on its decision

engine.

• …thus creating a smarter network and increasing its value.

Slide 20

Copyright © 2013 Radware

Summary

• Radware’s SDN strategy transforms the ADC and AMS from network service

devices to network-wide services

• Utilizes SDN as an enabling architecture to revolutionize the way ADC and

security services are implemented and managed

• The new solution architecture provides:

1. More intelligent application delivery

and security decisions

2. Simpler implementations

3. Lower solution costs

4. Higher scalability

5. Easier operation

6. Higher resiliency

Enabling a smarter network.

Slide 21

Thank You www.radware.com