The Linux Plumbers 2014 Network Virtualization and Security track is focusing design and implementation of virtualization and security in the networking stack. Network virtualization is undoubtedly an exciting and disruptive technology that is becoming pervasive in the data center, however it could easily become a security and privacy nightmare. We need to address these issues as a community. This is important not just for the success of virtualization or cloud, but, I believe, is paramount to the future of the Internet itself!
Network virtualization performance– how do we get virtual performance == native performance (with security requirements addressed)?
Hardware switching offload
API
Packet level security for data centers– how can we get to encrypting all packets in flight?
Hardware offload and network virtualization– how to offload checksum, lso/gro, and encryption to the hardware?
Group Based Policy Abstraction– how to translate abstract security policies into specific ACLs with appropriate performance?
Packet inspection and network virtualization– how to provide a scalable first line of defense at a host with VMs?
Scalability, isolation, and protocol mechanisms– how do we scale and allow extensibility to address future threats?
DoS and network virtualization– how to we defend the network against internally generated DoS attacks?
Application level security– how do we establish trust with userspace apps to access sensitive data?
Configuration security– how can we prevent kernel or device configuration (willful or inadvertent) from circumventing security measures
Exfiltration control - how to prevent data loss after a breach
The structure will be short introductions to an issue or topic followed by a discussion with the audience.
A hard limit of 3 slides per presentation is enforced to ensure focus and allocate enough time for discussions.
Confirmed
Alexei Starovoitov
Thomas Graf
Tom Herbert
Vincent JARDIN (DPDK expert and stack)
Jesse Gross
Deep Debroy (Cisco Systems)
Rony Efraim (Mellanox)
Or Gerlitz (Mellanox)
Hannes Frederic Sowa (Red Hat)
Steffen Klassert (secunet)
… Add yourself …
Network virtualization performance / Vincent : - backgrounder, virtio, vSwitch for VM2VM
Packet level security for data centers / Vincent : - backgrounder, multitenant/netns, VxLAN + IPsec
Integrated Network Virtualization / Tom Herbert - integrating virtualization into the stack
Generic UDP Encapsulation / Tom Herbert - implementing a scalable and extensible encapsulation protocol
does packet format matter? (Alexei Starovoitov, Plumgrid)
vxlan + encryption (Alexei Starovoitov, Plumgrid)
tenant security in the cloud, policy enforcement (Alexei Starovoitov, Plumgrid)
Stateful services for OVS (Thomas Graf, Noiro / Jesse Gross? Justin?)
Demystifying group based policy and OpFlex (Thomas Graf, Noiro)
Geneve: Generic Network Virtualization Encapsulation (Jesse Gross)
OVS userspace tunneling (Pravin Shelar)
We are currently colleting talk proposals, schedule will be announced after final selection
This microconference needs to be scheduled at a different time than Network Switch Devices, as many people will want to attend both.