Matt Davy
Chief Network Architect & Executive Director
InCNTRE
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
4. “It’s great you’re deploying cutting-edge technologies like
SDN, but of course you’re a university. We could never do
that.”
April 19, 2012
Assumptions:
1. You’re only investing in SDN to further your research
mission.
2. You must not have the same security/compliance/
reliability requirements that commercial enterprise
networks have
5. April 18, 2012Indiana University
• 120,000 users
(>95% BYOD)
• 1,000’s of
switches/APs
• Massive diversity
• Compliance
Requirements
• Mission to support
research
• Federated
operations
• Moving to shared
infrastructure
6. April 19, 2012Network Access Control Use Case
IDS Servers
Aggregation
IDS Cluster
OF Controller
Core
Border
Internet
NAC System
OF Controller
DB DHCP
• Existing “Home-Grown”
NAC Solution
• IDS via Snort/NetFlow
• Web Services API
• Response via DHCP/
BGP
• Add: OpenFlow Load-
Balancer for TOR
• Add: Enhanced
Response capabilities
via OpenFlow
• Dynamic flow mirroring,
fine-grained filtering, &
more
7. April 18, 2012Managing Security Policies on Large Enterprise Networks
Core
Border
Internet
OpenFlow
Controller
DB
Data
Center
Policy
Engine
Internet
Medical Student PCI-DSS
Faculty/
Staff
Infrastructure
Policy Enforcment
Security Policy Distribution Network Virtualization
8. • Virtualization at the Access Layer
• Dynamic control through SDN
• Overlays w/simple layer-3 “fabric”
• Network as a Platform
• Unified Wired/Wireless/vSwitch Access Layer
• Flexible L4-7 Service Scaling/Insertion
April 19, 2012Next-Gen Enterprise Networks
Fundamentals of Next-Generation
Enterprise Networks
10. February 2, 2012More Information about SDN at IU
For More Information
• InCNTRE: incntre.iu.edu/
• Twitter: @incntre
• FlowScale
www.openflowhub.org/display/FlowScale