Zero Trust, Software Defined Perimeter and P4
Suppose you want to implement Zero Trust network, where no-one can be trusted to do more than they must, and SDP, where trusted actors should be allowed access from anywhere. This way you can prevent …
Talk Title | Zero Trust, Software Defined Perimeter and P4 |
Speakers | Omer Anson (Software Physicist, Huawei Technologies) |
Conference | Open Networking Summit Europe |
Conf Tag | |
Location | Antwerp, Belgium |
Date | Sep 23-25, 2019 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Suppose you want to implement Zero Trust network, where no-one can be trusted to do more than they must, and SDP, where trusted actors should be allowed access from anywhere. This way you can prevent breaches, which is good, and allow maximum flexibility for your network users, which is even better.You could do this with smart switches and feature-rich gateways. But they are not cheap. On the other hand, commodity hardware allows you to use eBPF. This allows control all the way to the network header protocol layer, if you need it. You could bring cloud networking to your physical network.We tried writing directly in eBPF. It’s a long, arduous task. Wouldn’t you prefer a higher-level language?We implemented a compiler for P4 to eBPF. The result implements our SDP network dataplane.