I2NSF Use Cases in Access Networks & Seeking an Open OAM Interface
This presentation covers the use cases for I2NSF in access networks, with a focus on residential and SME landline and mobile network access. It also discusses the need for an open OAM interface for virtualized network security services, including the actors involved such as network operators and customers. The SECURED project is also briefly introduced.
- Uploaded on | 0 Views
-
dawsonzack
About I2NSF Use Cases in Access Networks & Seeking an Open OAM Interface
PowerPoint presentation about 'I2NSF Use Cases in Access Networks & Seeking an Open OAM Interface'. This presentation describes the topic on This presentation covers the use cases for I2NSF in access networks, with a focus on residential and SME landline and mobile network access. It also discusses the need for an open OAM interface for virtualized network security services, including the actors involved such as network operators and customers. The SECURED project is also briefly introduced.. The key topics included in this slideshow are I2NSF, access networks, virtualized network security services, OAM interface, network operator, customer, residential, SME, landline, mobile network access, SECURED project,. Download this presentation absolutely free.
Presentation Transcript
1. I2NSF Use Cases in Access Networks Diego Lopez (diego.r.lopez@telefonica.com) Telefnica I+D IETF91, Honolulu, 9-14 Nov.
2. Seeking an Open OAM Interface n What?: Open OAM interface for virtualized network security services (vNSF) n Who?: Actors: n Network operator n Customer(s) n Where?: Access network n Residential (and SME) landline network access: xDSL, FTTH n Mobile network Access: 2G, 3G, 4G, 5G 2 Project SECURED (www.secured-fp7.eu)
3. A Few Examples of vNSFs n Traffic inspection n All services that copy/analize traffic n E.g.: IDS,DPI,DLP n Traffic Manipulation n Alteration of the original traffic n E.g.: IPS,ACL,FW,VPN n Traffic Impersonation n Impersonate a customer device or service n E.g.: Honeypot 3 Project SECURED (www.secured-fp7.eu) vNSF Online traffic User access Online traffic Internet side Offline: Alerts vNSF Online traffic User access vNSF Offline: Alerts Online traffic Internet side
4. 4 Project SECURED (www.secured-fp7.eu) OAM Environments vNSF OSS/BSS OSS/BSS vNSF OSS/BSS OSS/BSS Closed Open Over a secure channel Over open channel Customer
5. Operator-Managed n Network Operator interactions n vNSF deployment n instantiating a vNSF on a NFVI n vNSF Customer provisioning n List vNSF functionalities n enroll/cancel subscriptions n vNSF configuration By policy language. By configuration templates/files 5 Project SECURED (www.secured-fp7.eu)
6. Customer-Managed n Customer direct interactions n vNSF self-provisioning n enroll/cancel subscriptions n Probably also need a vNSF configuration n vNSF validation n Customer could require a proof of correct vNSF execution: Integrity Isolation & privacy Confidentiality? 6 Project SECURED (www.secured-fp7.eu)
7. Example: The NFV #7 Use Case for vCPE 7 Project SECURED (www.secured-fp7.eu) Network Operator Mgmt Sys OAM Interface VNSF
8. Bringing This into Reality: The SECURED Architecture 8 Project SECURED (www.secured-fp7.eu) PSAM PSAM PSAR PSAR PSA Manifest PSA Manifest PSA Storage PSA Storage M2L Plugin M2L Plugin User Portal User Portal Onboarding Process Onboarding Process Back End API Back End API Manager (index, DB) Manager (index, DB) Web Portal Web Portal End User PSA Portal Service PSA Portal Service Developer API Developer API PSA Provision Service PSA Provision Service User Profile Repository User Profile Repository SPM SPM NED NED Developer OSS/BSS/ Orchestrator OSS/BSS/ Orchestrator Authentication Authentication
9. n Programmatic interfaces n PSAM API n User provisioning n Load PSA in the system n PSAR API n Service support (information manager) n Deployment of PSA n User Portal n Public eye area Specifying PSAM and PSAR in SECURED 9 Project SECURED (www.secured-fp7.eu)
10. Expressing Policies n vNSF configuration language n Set by Operator or by Customer itself < sbj > < act > < obj > [<( field_type,value ) >...<( field_type,value ) >] n < sbj > the subject of the policy n (e.g., employee, family member) n subject may be implicit (e.g., all devices of a customer) n < act > the action of the policy n (e.g., block, allow, protect ) n < obj > the object of the policy that undergoes the action n (e.g., email, web traffic, DNS request) n [<( field_type,value ) > condition that characterize actions n (e.g., time, type of traffic...) n Examples: enable basic parental control enable school protection control allow Internet traffic from 8:30 to 20:00 [time = 8:30-20:00] scan email for malware detection [check type = malware] protect traffic to corporate network with integrity and confidentiality [protection type = integrity AND confidentiality] remove tracking data from Facebook [website = *.facebook.com] my son is allowed to access facebook from 18:30 to 20:00 10 Project SECURED (www.secured-fp7.eu)
11. THANK YOU ! Project SECURED (www.secured-fp7.eu)
12. EU disclaimer SECURED (project no. 611458) is co-funded by the European Union (EU) via the European Commission (EC), under the Information and Communication Technologies (ICT) theme of the 7th Framework Programme for R&D (FP7). This document does not represent the opinion of the EC and the EC is not responsible for any use that might be made of its content. SECURED disclaimer The information in this document is provided "as is", and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability . Disclaimer 12 Project SECURED (www.secured-fp7.eu)
