Software Defined Networking (SDN)

Reply
Super Contributor II

HP Van Network Protector

Hi,

We are looking at the idea of enabling openflow to a HP Van controller on one of our vlans

We see alot of internet scanning activity on that vlan we want to block/quarantine once a theshold is hit or even throttle if possible ?

 

We use 2x HP 5900AF-48XG-4QSFP+ in an IRF stack, running Comware 7.1.045 2311P01 currently

 

Do you think HP Van and this network protector sdn app would be possible solution to our problem ?

 

Network protector details:

HP Van Network Protector SDN APP

 

You can see from the below, we are trying to stop the below which we can see via current sflow reporting

Each color in the bars is a single src IP address on our side, the hight of the bars in the uniq destination IP's on the specific tcp ports, so this shows scanning on VNC ports and https

 

original-1.jpeg

 

Sean Rynearson
Aruba Employee

Re: HP Van Network Protector

Hello,

Network Protector is not going to be the right solution for this problem.  Network Protector is designed to listen to client side DNS requests from a controlled network and filter those DNS requests against the TippingPoint RepDV security database.

 

Since the scanning behavior described is initiated from the Internet, Network Protector would not be able to see the initial DNS requests and thus not be able to provide any protection, visibility or mitigation.

Scott Koster | Technical Marketing Engineer, Campus Switching Solutions
Aruba, a Hewlett Packard Enterprise Company
Aruba Employee

Re: HP Van Network Protector

I think it may be possible to craft a solution to this problem using HPE networking products, but as Scott Koster pointed out above the current release of the Network Protector application wouldn't solve it.

 

The possible solutions I can think of are:

1. Replace the 5900 IRF stack with a 5400R VSF stack or 3810 N-member stack. The 5400R/3810 include a feature called "connection-rate-filtering" which will perform the exact function that you're wanting. It will perform this function within the switch (without a controller) but will need to be populated with all statically-assigned IPs, and only enabled on edge-facing ports. I don't know if this is a possibility, since I don't know if your mention of "currently" was in reference to the hardware (5900) or the firmware (Comware 7.1).

 

2. Write a custom application which runs on the HPE VAN SDN controller which controls flows and monitors traffic in the desired way.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: