5G, IoT時代のネットワークアーキテクチャ変遷 PDF Free Download

1y ago

25 Views

1 Downloads

2.30 MB

39 Pages

Report/dmca

Download PDF

Transcription

��省限り5G, �変遷19 June 2019Miya Kohno, Distinguished Systems Engineer, Cisco Systems

Cross /AccessL2VPNEthernetAggregationMetro/AccessCore NetworkL3VPNMPLS (LDP, RSVP-TE)Core NetworkData CenterVXLANIPData CenterBGP VPN L2/L3Segment RoutingAggregation 2019 Cisco and/or its affiliates. All rights reserved.Cisco Confidential?! 3

IPv6 centric networkへIPv6 centric network �一 Native(No more Tunnel/Overlay), Stateless, Simple IPv4 as a Service, no more VLAN as an ID 2019 Cisco and/or its affiliates. All rights reserved.Cisco Confidential44

Network ネス用途向けに提供する IsolationMMEMMESGWSGWVirtualization 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPCRFPCRFOSSOSSPDN-GWPDN-GW 異なるSLA URLLC Massive IoT Enhanced Mobile BroadbandGi-LANGi-LANCPU7

仮想化・Edge Computing �ウドに統合Cell SiteeNB et andIndustry VerticalsInternetIMSAPI/VPNEmergence of edgecloud integrating CUPSUP, MEC, Cloud-RAN4G MobileNetworkEdge CloudAPI/VPNControl PlaneRRH5G MobileNetwork 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialMidhaul/FronthaulWANUPNW SlicesInternetIMS8

Cloud Nativeへ- Container化による軽量化- CI/CDVirtual Machine(VM) based NFVAdding Containerin VM SupportAdding Container onBare Metal (Interim)Container on BareMetal (End- Goal)Cisco VIM Tooling &AutomationConsistent Tooling &AutomationConsistent Tooling &AutomationConsistent Tooling &AutomationVNFsVNFs(VM)(VM)CNFs(C ontainer inVM)CiscoContainerPlatform- SPCisco VIMCisco VIMValidated Hardware(Servers, Switches)Validated Hardware(Servers, Switches)VNFs(VM)CiscoVIMCNFsVNFs(C ontainer onBare Metal)CiscoContainerPlatform- SPCisco VIMCNFs(VM)(C ontainer onBare Metal)CiscoVIMCiscoContainerPlatform- SPCommon Bare MetalManager(Ironic BM)Validated Hardware(Servers, Switches)Validated Hardware(Servers, Switches)Cisco is Focused Intensely on Cloud Native EvolutionSR-IOV 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialLigatoContiv9

BuildAutomated BuildAutomated InstallAutomatedGateShipContinuous RunValidateAutomated TestContinuousIntegrationShipCodeValidate AutomatedGateAuto ScalingMONITORCloud Native DevOps lifecycleContinuousMonitoringMonitor Continuous Updatesライフサイクルの自動化Cloud Native動的、高頻度のdeployment、updateBare Metal 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPrivate CloudPublic Cloud10

Fixed / Mobile Terminology Core Core Edge Headend Aggregation Pre-Agg Hub Access NodeUnified 5G Network ArchitectureServiceOperation PolicyIdentity &AuthenticationCharging &BillingAccess andSessionManagementNetwork ServiceSecurityServiceOptimizationNetwork Slice 5G NetworkServiceAutomation ctionData gePlatformWi-FiFixedData nthaul 2019 Cisco and/or its affiliates. All rights reserved.AccessDistributedData CenterPre-AggTransport Data CenterController ControllerAggregationEdgeCisco ConfidentialInternetInternetPrivateData CenterPublicData CenterCoreInternet14

アーキテクチャ進化における課題IoT & �混在 2019 Cisco and/or its affiliates. All rights �件(GDPR*, DLP**など)の遵守Cisco Confidential*GDPR:General Data Protection Regulation, **DLP: Data Loss Prevention 16

Product Hardening – �ポリシーSecure ProcessTrustworthy Systems TechnologySecure StandardsLifecycle / Security BaselineCommon Modules & HardwareInformation Assurance (IA) Trust AnchorValidateRequirements& ResiliencyDetectSecurityDefectsPerformGAPAnalysis Secure BootRegister &Update 3rdParty SoftwarePreventSecurityAttacks Entropy Immutable IdentityIdentify &AddressSecurityThreats Image Signing Common Crypto Secure Storage Run Time IntegrityCSDL 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialCommon CriteriaISO 27034FIPS / USGv6TCG18

Mobile Network Threats in 5G & Evolved Networks5G Packet Core & OAM ThreatsDevice ThreatsAir Interface Threats RAN ThreatsMalwareMitM attackSensor Susceptibility JammingTFTP MitM attacksBots DDoSFirmwareHacks 2019 Cisco and/or its affiliates. All rights reserved.MEC ServerVulnerabilityRogue NodesCisco ConfidentialBackhaul ThreatsDDoS attacksCP / UP SniffingMEC Backhaul sniffVirtualizationvulnerabilities NetworkSlice securityAPI vulnerabilitiesIoT Core integrationRoaming Partner vulnerabilitiesDDoS & DoS attacksImproper Access ControlSGi / N6 & External Roaming ThreatsIoT Core integrationVAS integrationApp server vulnerabilitiesApplication vulnerabilitiesAPI vulnerabilities19

End-to-End Threats in Converged NetworksDevice ThreatsAccess NodesDistributed DC ThreatsBackhaul ThreatsCentral DC ThreatsSGi / N6 &Internet Peering ThreatsDevice CloneDevice TamperingSensor SusceptibilityTFTP MitM attacksBots DDoSFirmware HacksDeviceTamperingMITM attackJammingRogue NodesMEC ServerVulnerabilityAPI vulnerabilitiesCDN vulnerabilitiesDDoS attacksCP / UP SniffingMEC Backhaul sniffProtocolModificationInjection attacksMigration of threats betweentechnologiesNetwork Slice securityAPI vulnerabilitiesIoT Core integrationRoaming Partner vulnerabilitiesDDoS & DoS attacksImproper Access ControlIoT Core integration VASintegrationApp Server VulnerabilitiesApplication vulnerabilitiesAPI vulnerabilities 2019 Cisco and/or its affiliates. All rights reserved.Cisco Confidential20

End-to-End Threat Mitigation in Evolving MobileNetworks & 5GDevice Threats 2019Air InterfaceThreatsRAN ThreatsBackhaul / Remote DCThreatsEnhanced Visibility & Threat detection LayerDNS Protection LayerApplication Protection & Policy enforcementNGFW & DDoS protection LayerSegmentation & Isolation LayerCisco and/or its affiliates. All rights reserved. Cisco ConfidentialAdvanced Malware Protection Layer5G Packet Core & OAM ThreatsSGi / N6 & External RoamingThreats21

5G時代のMobile/Wireless課題:要件: Indoor/Outdoor ��保証包括的なセキュリティ ��共通の MAC/PHY layerNewwirelesstechnology5G ��ジ最適化 2019 Cisco and/or its affiliates. All rights reserved.Carrier managedCisco Confidential �最適化Wi-Fi 6(802.11ax)IndoorOutdoor Indoor容量と密度に最適化Enterprise owned24

通信事業者サービスのAPI提供 �イス）を、企業に対し、API提供する信事業者サービス企業システムCustomer Admin PortalCustomer Admin PortalOperator Admin InterfaceQOE & OptimizationCustomer Admin PortalAPISession ManagementSession ManagementData ManagementDNA-CPolicySession ManagementAssuranceData Interfaces & Event ProcessingWiFi AccessSD-WANSP Domain 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialOtherSONPCRFULTRAWiFiMobile Core ainIP QoSSD-WAN QoS 企業Intent Based Networkingの拡張29

マネージド �クチャSecureAuth企業やPublic Sectorのためのローカル5GConsumption PortalPrivateNetworkOperationPrivate rise ssSessionMgmntIP N/WENTEnt LAN 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPlatforms:x86, UCS, ISR4k, ENCS, CSP, Public CloudSPManagementProtocol30

Mobile SD-WAN の主な機能 (1/3)1. �2. ��ービスチェインInline SD- A servicesFirewall, IDS, IPSネットワーク制御SD-Access, ACLs,Local PoPsルーティングポリシー21 モバイルエージェントがViptela SD-WANに接続Mobileworkforce 2019 Cisco and/or its affiliates. All rights reserved.外部クラウドサービス(Secure InternetGateway,Zscaler)Anyconnect, MDM,他のエージェント,UmbrellaCisco Confidential32

Mobile SD-WAN の主な機能 (2/3)3. �化4. ��, Micro 御ExternalCloud securitysecuritycloudBox Appaccess viaV’la direct 2019 Cisco and/or its affiliates. All rights reserved.SalesforceAPP accessvia mSDWANsecurityCisco ConfidentialNetflix Appaccessing WWWand directed bypolicyRemote EmployeePartnerCustomer33

Mobile SD-WAN の主な機能 (3/3)5. ��アクセス（LTE, WiFi, WiFi6, 5G）を使い分ける5G 2019 Cisco and/or its affiliates. All rights �ルなアプリケーションCiscoConfidential 5G個人的使用 WiFi/ ーション 4G34

モバイルセントリックなシステムへ � � パス制御モバイルデバイスからのSD-WAN, SDA接続ゼロトラストモデルセルラー、WiFIの共用Mobile SDA SD-WANen.com IntranetWeWorkANYNETWORK Indoor Cellular Private LTE/Local 5G Managed Mobile GatewayIaaS/PaaSen.comBranch/CampusSecurity CloudINTERNET 2019 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialSaaS35

Cisco Confidential 21 End-to-End Threat Mitigation in Evolving Mobile Networks & 5G. Air Interface Threats. RAN Threats. Backhaul / Remote DC Threats. 5G Packet Core & OAM Threats. SGi / N6 & External Roaming Device Threats. Segmentation & Isolation Layer. NGFW & DDoS protection Layer. Enhanced Visibility & Threat detection Layer. DNS .