Network security in the virtualization age

Yunshu

Challenges brought by Virtualization

• Large L2 Network

-Traditional access control based on service VLAN cannot be implemented

-Global broadcast storm

-Cross-service ARP spoofing attacks

Challenges brought by Virtualization

• The host machine functions part of the access layer switch

-Traditional policies based on IP addresses and vswitch ports are difficult to implement

-No unified network status monitoring platform

-DDOS attacks are more likely to succeed, with greater impact

-SA and Net OPS have unclear responsibilities.

How can we solve this problem?

• Sorry, delete

How can we solve this problem?

• Sorry, delete

 

How to solve problems in the industry

• VEB (Virtual Ethernet Bridge)

 



Implementation of VEB

• VDS (vNetwork Distributed Switch)

 

How to solve problems in the industry

• Hardware VEB

-SR-IOV (SingleRoot I/O Virtualization alization)

 

How to solve problems in the industry

• VN-Tag

How to solve problems in the industry

• 802.1Qbh (VN-Tag, NIV, and VN-Link)

 

How to solve problems in the industry

• VEPA (Virtual Ethernet Port Aggregator)

How to solve problems in the industry

• 802.1Qbg EVB (Edge Virtual Bridging)

-Multi-Channel VEPA ()

 

Future

• What If I directly use VM MAC for TAG?

• Is there a solution that does not simulate regression to traditional networks?