Edgecore Networks Big Monitoring Fabric Virtual Lab Phil Huang Open Networking Division 

Integrate with BMF and Firewall Integrate with BMF and SPAN Hands-On Lab Overview © 2016 Edgecore Networks. All rights reserved. Subject to errors and misprints. | www.edge-core.com Big Monitoring Fabric Overview 01 04 05 02 Setting BMF Environment 03 

Big Monitoring Fabric Overview 3 LEGACY Trusted Untrusted FIREWALL IPS INTERNET DMZ Complex & Expensive Limited Tool Optimization Operational Challenges ✗ ✗ ✗ INLINE TOOLS Simple & Economical Enhanced Tool Optimization Clear Role Separation between network and security admins ü ü ü BIG MON: INLINE BIG MON INLINE Switches (1/10/40/100G) FIREWALL IPS WEB PROXY Untrusted Trusted INLINE TOOLS TRAFFIC DISTRIBUTION / LOAD SHARING BIG MONITORING FABRIC CONTROLLERS (HA PAIR) ACL-based SPAN OUT-OF-BAND TOOL FARM WEB PROXY © 2016 Edgecore Networks. All rights reserved. Subject to errors and misprints. | www.edge-core.com 

Hands-On Lab Overview Provided by Big Switch & Edgecore Networks © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 4 

BMF Inline Mode Hands-On Lab 5 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Learn the fundamental concepts of Big Monitoring Fabric inline § How to work in BMF inline mode? § Create service chain § Create service § Insert Firewall service instance in chain § Insert SPAN service in chain 

Login BSN Labs & Edgecore Networks 6 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com http://labs.bigswitch.com/edgecore Type information that you are given 

Launch Big Monitoring Fabric Module 1 7 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com Press “LAUNCH” button Choose “Big Monitoring Fabric” 

Access Hands-On Lab 8 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com Lab Topology & options to access the BMF Controller 

Lab Topology Overview 9 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 10.0.0.1 

Introduction of Component 10 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 1 2 4 5 3 7 6 10.0.0.2 10.0.0.1 BMF Switch * switch name: sw11 BMF Controller * Control BMF Switch Firewall * Drop ICMP echo request Wireshark * Network traffic analyzer 

Access Big Monitoring Fabric Controller 11 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Right click Big Monitoring Fabric (BMF) Controller icon 2. Select the “Controller GUI” § Default controller username/password is “admin/bsn123” 

Deploy Switch in BMF Inline Mode Ready to ship from Edgecore Networks © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 12 

Deploy Switch for Big Chain mode 13 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Setting deployment to Big Chain mode § Default deployment is Big Tap mode § Action 1. Navigate to Fabric -> Switches 2. Click 3. Choose Deploy for Big Chain Default deployment, Need to change to Big Chain mode 1 2 3 

Test Traffic 14 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Traffic will be block if no chain is defined over the switch ports connecting the hosts § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 1 2 3 

Create a Chain Logical, Layer-1 and Bidirectional Wire © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 15 

What is Chain? 16 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Logical, Layer-1, bidirectional wire that connects WAN (untrusted) device and LAN switch (trusted) § Multiple services may be assign to a chain § Firewalls § IPS § Web Proxy § Without services, the chain letting all traffic through in both directions, without modifying packets Chain IPS: Intrusion Prevention System 

Devices Connection 17 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § View devices connected to ports of BMF inline switch § Firewall, IPS, Wireshark, Trusted and Untrusted networks § Action 1. Right click on the inline switch sw11 2. Use Device Information 1 2 Reminder: More clear topology at page 10 J Interface Devices Connect Ethernet1 Trusted Network Ethernet2 Untrusted Network Ethernet3 Wireshark Ethernet4 Firewall (In) Ethernet5 Firewall (Out) Ethernet6 IPS (In) Ethernet7 IPS (Out) 

Create Internal/External Chain (1/2) 18 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Navigate to Big Chain -> Chains 2. Click on + to add chain 1 2 

Create Internal/External Chain (2/2) 19 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com Chain name: Edgecore_Chain Select sw11 (00::00:0a) Ethernet1 connected to trusted network Ethernet2 connected to untrusted network Save configuration 

Test Internal/External Chain 20 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Verify Edgecore_Chain is forwarding traffic § Action 1. Right click External host 2. Access the CLI Access 3. Ping the trusted host in internal network 1 2 3 

Create a Firewall Service Services instances and Services © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 21 

Big Chain Service Instances and Services 22 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Service instance § A pair of switch ports that are connected to an inline tool (FW, IPS…etc) § Services § Include one or more service instances § Apply to specific subsets of chains, for enhanced tool performance § Configure with Health Check to alert for tool failure 

Create a Firewall Service (1/2) 23 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Navigate to Fabric -> Switches 2. Click Switch DPID 3. Click to add a services 1 2 3 

Create a Firewall Service (2/2) 24 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 4. Naming Firewall_Service 5. For action choose Use Service, and For traffic type All 6. Click submit to finish 4 5 

Create a Firewall Service Instance (1/2) 25 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Select Firewall_Service in Service list 2. Click New service instance 1 2 

Create a Firewall Service Instance (2/2) 26 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com Ethernet4 connected to Firewall input interface Ethernet5 connected to Firewall output interface 

Verify Firewall Service 27 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Show connected graph by BMF WEB GUI 

Insert Firewall Service Instance Drop ICMP by firewall within BMF chain © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 28 

Insert Firewall Service Instance (1/2) 29 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Select Edgecore_Chain under Chains 2. Click Insert service to begin 1 2 

Insert Firewall Service Instance (2/2) 30 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Select Firewall_Service and Instance 1 for Service instance 2. Click Submit 1 2 

What does it look like? 31 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 1 2 4 5 2 1 4 5 Hands-on Lab Topology View BMF Controller View 

Verify Traffic Drop on Chain Edgecore_Chain 32 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § By default, the Firewall will drop all ICMP echo requests (type 8) § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network § PING should fail in either direction § Firewall drops ICMP echo requests 1 3 

Drop Firewall Service Instance Remove instance easily if you want © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 33 

Drop Firewall Service Instance 34 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Click and drag to remove 2. Click Summit 2 1 

Verify Traffic Drop on Chain Edgecore_Chain 35 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Real time response § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 1 2 3 

Create a SPAN Service © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 36 

Create a SPAN Service (1/2) 37 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Navigate to Fabric -> Switches 2. Click Switch DPID 3. Click to add a SPAN services 1 2 3 

Create a SPAN Service (2/2) 38 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 4. Naming Wireshark, and click Next 5. Click to add rules 6. Select all traffic with Match All Traffic, click Append then Submit to finish 5 4 6 

Create a SPAN Service Instance (1/2) 39 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Select Wireshark in Span Services 2. Click New span service instance 1 2 

Create a SPAN Service Instance (2/2) 40 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 3. Choose ethernet3, and click Submit 4. Show WEB GUI on BMF 3 4 

Insert SPAN Service Instance Simple and easy to monitor your network © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 41 

Insert SPAN Service Instance (1/2) 42 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Click Edgecore_Chain in Chains list 2. Insert SPAN service instance at Endpoint 2 1 2 

Insert SPAN Service Instance (2/2) 43 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 3. Select Wireshark, Instance 1 4. Click Submit 3 4 

Trace SPAN Traffic 44 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § All ingress traffic at ethernet2 is copied to Wireshark § External-to-Internal direction 1 2 3 

Verify SPAN Traffic 45 © 2016 Edgecore Networks. All rights reserved | www.edge-core.com § Action 1. Right click External host 2. Access the Web CLI 3. Ping the trusted host in internal network 4. Right click the Wireshark icon and choose Real-time Capture 4 3 Wireshark Output Result 

46 Open Networking from Freedom Control Innovation © 2016 Edgecore Networks. All rights reserved | www.edge-core.com 

© 2015 Edgecore Networks. All rights reserved. Subject to errors and misprints. | www.edge-core.com