In his presentation at Merit Member Conference 2016, Bill Balmer demonstrated that a layered encryption strategy is the ultimate way to combat the latest cyberthreat: polymorphous attacks.
The following OTU/ODU overhead bytes are used for the dynamic key exchange in our ADVA AES256 encryption solution:
10TCE-PCN-16GU+AES100G: GCC2
5TCE-PC(T)N-10G+AES10G: GCC1/2
Security-Hardened Software:
RADIUS support for secure and centralized user access management
Secure Shell protocol (SSH) for encrypted network management communication
SNMPv3 as latest available SNMP version providing inherent security mechanisms for network management communication
Cable Diagnostics or Cable Integrity Check on RJ-45 Copper Ports of the FSP 150 product family
MACsec+ extends MACsec to support end-to-end secure connectivity in a MACsec unaware network.
Secure the EVC payload while leaving the transport VLANs in the clear
OVOpen vSwitch (OVS)
Addresses one of the big questions of decentralized platforms:
IS-IOR – Is similar to the OVS, but operates in hardware, requiring no hypervisor involvement since the intel technology takes advantage of the PCI-e data plane and can recognize the Data Packet and place it directly into the appropriate VM’s memory. DMA – Direct Memory Access.
ProVM will allow the Service Provider to not only test the network but also test between the VNFs. This will great aid in trouble shooting problems with service chaining. Over the next several years NFV deployments are going to be new to the Service Providers. Detailed analysis well help not only save cost but build better operation procedures for deployment and troubleshooting. A single truck roll for an unidentified fault will cost more than the difference between a ProVM and a COTS platform.