Professional Documents
Culture Documents
Big Switch Installation
Big Switch Installation
Table of Contents
Executive Summary......................................................................................................................... 2
Big Monitoring Fabric (BMF) Overview .......................................................................................... 3
Basic BMF Installation Steps ........................................................................................................... 3
1. Install BMF Controller .......................................................................................................... 3
2. Configure IPAM on BMF Controller ..................................................................................... 5
3. Configure BMF Switch Details on the BMF Controller ......................................................... 5
4. Install BMF Switch ................................................................................................................ 5
5. Verify BMF Switch Config ..................................................................................................... 7
DefensePro Overview ..................................................................................................................... 8
DefenseFlow Overview ................................................................................................................... 9
Server Custom Operations (SCO) Overview.................................................................................... 9
Use Cases ...................................................................................................................................... 14
Use Case 1: BMF Inline DefensePro SMARTap L2 diversion ............................................... 14
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Executive Summary
As the industry shifts to Software Defined Networking (SDN), the need for security solutions to
integrate into SDN environments has become more prevalent. This document will cover several
use cases on how to integrate the Radware Security Stack with Big Switch Networks Big
Monitoring Fabric (BMF) SDN environment.
This document will cover several use cases for BMF integration with the Radware Security
Stack. However, this document will NOT cover technical deployment options such as BMF High
Availability, LAGs, Tunnels, Controller VIPs, etc. For those and other specific deployment
options, please refer to the BMF Deployment Guide.
This document assumes the reader has a basic understanding of all the Radware components
and how to install them and thus will NOT cover the basic deployment of the Radware solution
elements. This document will cover specific configuration requirements of each component for
each use case. Please refer to the appropriate Radware Deployment Guides for basic
installation.
• DefensePro Installation Guide
• DefenseFlow Installation Guide
• APSolute Vision Installation Guide
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
• Accept EULA
• Set recovery password
• Choose IP Forwarding mode
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Zero Touch Fabric (ZTF) Layer 2 (Auto-discovery switch deployment mode): In this mode, which
is the default, ZTF automatically downloads and installs the appropriate Switch Light OS image
from the BMF controller. This method of installation requires that all the fabric switches and
the BMF controller are in the same Layer 2 network (IP subnet). Also, if the fabric switches
require IPv4 addresses to communicate with SNMP or other external services, you must
configure IPAM, which provides the controller with a range of IPv4 addresses to allocate to the
fabric switches.
Layer 3 (Preconfigured switch deployment mode): This mode allows fabric switches to be in a
different Layer 2 network than the controller. ZTF cannot be used, and you must log in to each
switch individually to either manually install the correct Switch Light OS for your controller or
use DHCP to automatically download the software to each controller. This mode requires that
communication between the controller and the fabric switches occurs using IPv4 addresses,
and no IPAM configuration is required.
NOTE: All the fabric switches in a single fabric must be installed using the same mode. If you
have any fabric switches in a different IP subnet than the controller, you must use Layer 3 mode
for installing all the switches, even those in the same Layer 2 network as the controller.
Installing switches in mixed mode, with some switches using ZTF in the same Layer 2 network as
the controller, while other switches in a different subnet are installed manually or using DHCP is
unsupported.
ZTF Installation
When using ZTF, the BMF controllers and fabric switches use IPv6 for communication. However,
to SSH to the switch directly, you must configure IP address management (IPAM), which assigns
an IPv4 address to the switch from the pool of addresses you assign. Also, regardless of how the
switch is installed, IPAM is required to allocate IPv4 addresses to fabric switches for
communicating with external services that may not support IPv6, including NTP, SNMP, and
syslog. To allocate a pool of IPv4 addresses and configure the DNS server and default gateway,
complete the following steps
• Connect to the BMF Switch Console port
• Power ON or Restart the BMF Switch
• On the GNU GRUB Menu select ONIE
NOTE: To get to the ONIE mode, during the reboot countdown, press any key when you see
the prompt: “Hit any key to stop autoboot: 0”. The following command takes you to the
ONIE install mode:
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
• Select ONIE. This puts the BMF switch into the installer mode, and the rest of the process is
performed automatically.
• The BMF Controller will upgrade the OS Lite software, assign an IP address as well as other
configuration details to the BMF switch via ZTF.
5. Verify BMF Switch Config
You can verify the BMF Switch Config from either the BMF Controller or BMF switch.
Verify from the BMF Controller
• Show switch <switch name> details
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
DefensePro Overview
DefensePro is part of Radware’s Attack Mitigation Solution and is an award-winning, real-time,
perimeter attack mitigation device that secures organizations against emerging network and
applications threats. DefensePro protects the infrastructure against network and application
downtime (or slow time), application vulnerability exploitation, malware spread, network
anomalies, information theft and other types of attacks.
DefensePro provides the industry’s most advanced, automated protection from fast-moving
threats, including from recent IoT-based attacks such as Mirai. It is uniquely built to overcome
both the complexity and scale of today’s sophisticated IoT-based botnets. DefensePro also
helps organizations win the ongoing security battle against availability attacks, by detecting and
mitigating known and zero-day DoS/DDoS attacks in real-time. It protects against other security
threats that are usually undetected by traditional DDoS mitigation tools such as burst attacks,
DNS attacks, encrypted flood attacks, attacks on login pages and attacks behind CDNs.
DefensePro includes a comprehensive set of essential security modules – Anti DDoS, network
behavioral analysis (NBA), intrusion prevention system (IPS), access control, rate-limiters,
keyless encrypted attack protection and Threat Intelligence - to fully protect the infrastructure
against known and emerging network security attacks. It employs multiple detection and
mitigation modules, including adaptive behavioral analysis, challenge response technologies
and signature detection.
• Behavioral Analysis engine dynamically learns traffic patterns and automatically mitigates
attacks in real-time such as BURTS ATTACKS and DNS AMPLIFICATION ATTACKS such as the
Mirai Bot Net
• Challenge & Response mechanisms validates the good guys from the bad guys through a
series of escalated challenges in order to further weed out false positives. Think of this as
your countermeasures.
• Access Controls are well known security measures DefensePro employs to perform such
actions as rate limiting, connection limits, white lists and blacklists.
• Known Vulnerabilities – The DefensePro carries a local IPS signature database to prevent
against well-known attacks
• Threat Intelligence – DefensePro receives real-time threat intelligence from Radware’s
Cloud Infrastructure and Deception Network which was built from the ground up.
Effectively the DefensePro receives a feed on the bad actors that are attacking at that
moment in time so the DefensePro can block them immediately.
For more information on DefensePro please refer to the following webpage
https://www.radware.com/products/defensepro
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
DefenseFlow Overview
DefenseFlow is a software product that sits in the control plane and acts as a cyber security
gateway. DefenseFlow can consume/relay control & telemetry protocols such as BGP,
FlowSpec, NetFlow, syslogs, REST and so on.
DefenseFlow is an orchestration system which unifies the Radware mitigation ecosystem
through automation, custom operations and workflows.
DefenseFlow uses automated workflows to perform a workflow of security actions specific to
business SLAs. DefenseFlow can receive an alert or trigger from any detector. Once
DefenseFlow consumes a trigger it will perform any action that you define. This action could be
a custom action or predefined list of actions embedded in the system. DefenseFlow can
perform multiple operations as well whenever a set or custom condition is met such as divert
via BGP, RTBH or Flowspec.
To integrate other vendor environments into the Radware mitigation ecosystem, DefenseFlow
implements the concept of Custom Operations. Custom Operations are capable of triggering
events externally to DefenseFlow. Custom Operations can be written in any programming
language therefore allowing the integration of virtually any 3rd party vendor to be controlled
programmatically via DefenseFlow.
For more information on DefenseFlow please refer to the following webpage
https://www.radware.com/products/defenseflow
SCO Features
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Installing SCO
SCO can be deployed either on the DefenseFlow host or any external Linux VM. This document
will outline the installation of SCO on the DefenseFlow host.
• Create folder named SCO.
o md /root/SCO
• Change to the SCO directory
o cd root/SCO
• Extract tar inside of the SCO folder
o tar -xvf SCO_113.tar
• Change to the Server directory
o cd server
• Edit sco_config.json accordingly
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
• Set the local_hostname field to a name that will appear on syslog messages identifying this
DefenseFlow/SCO.
• Fill the bigswitch_controllers with a comma separated list of IP:port for the BigSwitch
controllers.
Example:
"bigswitch_controllers": [
"192.168.1.1:8443",
"10.25.209.174:8443"
],
• SCO will attempt to deliver the rule to each BigSwitch controller one by one, stopping the
first that accepts it.
• Fill the vision_servers with a comma separated list of IP for the Vision servers to use for
messaging.
Example:
"vision_servers": [
"192.168.1.106"
],
• SCO will deliver log messages to each one of the Vision servers, reporting if any is
unreachable.
• Fill the syslog_servers with a comma separated list of IP:port for the Syslog servers to use
for messaging.
Example:
"syslog_servers": [
"192.168.1.52:514"
],
• SCO will deliver log messages to each one of the Syslog servers.
• Execute the encrypt.php and follow its instructions carefully, as it will request credentials
for each BigSwitch controller one by one.
• Passwords entered onto the encryptor (therefore set on the DF and BigSwitch) must not
contain the colon ':' character.
• Once the encrypt.php finishes, the authentication data is added to each respective
BigSwitch entry in the configuration file.
• ./stop.sh - Stops any running SCO copy and removes the /tmp/sco.run file.
• ./watchdog - Verifies if SCO is running and attempts to restart it if not. (runs from crond
every minute)
• ./encrypt.php - Creates the encrypted credentials inside the configuration file.
SCO Execution
SCO is executed automatically on boot by adding the start.sh script to the device’s rc.local.
To execute SCO manually just run: ./SCO_server.php from inside the “Server” folder.
All the .php scripts provided are self-executable and can have their execution bits turned on
(chmod 775 <file>). There is no need to use php -f <script name>.
SCO Watchdog
The SCO Watchdog script runs every minute as a cron job, verifying the SCO presence and
attempting to restart it. If SCO is found inoperant, the watchdog reports this situation via
Vision message console and syslog. This message should be treated as high priority.
SCO Troubleshooting
• SCO sends messages to Vision and Syslog servers.
• Extra information if recorded to the log file, which by default is located on the /tmp folder.
This file is called SCO.log.
• The file /tmp/sco.run contains the process id of the currently running SCO copy. This file is
kept if SCO crashes. It can be removed by the provided .sh support scripts.
• In order to increase the amount of data logged by SCO, set the "debug" field on the
configuration file to true.
SCO Version
• The current version doesn't have the ability to collect syslog servers from Vision yet.
• The current version doesn't have the scotag check functionality implemented yet. (*)
• The current version doesn't enforce the sender's list yet.
SCO Error Messages
The following list of error messages are sent by SCO to Vision and syslog. These messages can
be parsed and prioritized by 3rd party applications to trigger alert tickers based on their
identification numbers. The values starting with $ are replaced by the message sender
accordingly.
• [SCO00001] SCO version $version Loaded.
• [SCO00002] Configuration file config.json not found.
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Use Cases
Use Case 1: BMF Inline DefensePro SMARTap L2 diversion
BMF Switch deployed inline. DefensePro is deployed as SMARTap in Transparent Mode. BMF
Switch provides a copy of the traffic to DefensePro via a dedicated port/s. DefenseFlow writes
a policy to the DefensePro which is used to detect attacks. The policy is an always-on policy.
Once DefensePro detects an attack, DefenseFlow will perform a custom operation and send a
JSON object to the SCO module embedded on DefenseFlow. The SCO module will make a REST
API call to the BMF Controller providing the IP under attack. The BMF Controller updates the
filters on the BMF Switch to exclude the attack traffic from the COPY port and provide L2
diversion of the attack to the DefensePro for mitigation. The attack traffic is sent to the
DefensePro on a dedicated port pair where it is scrubbed and returned to the BMF Switch for
delivery to the destination.
This architecture is favored when diversion is preferred to be controlled programmatically via
the BMF controller @ L2 as opposed by BGP. Diversion via BGP is NOT desired and there is no
desire for DefenseFlow to peer with the routers.
Reference Architecture
The following diagrams will be used as a reference point for the configuration details. Keep in
mind these details will change per your environment (e.g. port numbers, policy names, VRFs,
etc).
Reference Diagram Data Plane
Edge Access
25 26
CLEAN
25 26
BMF Switch
11 9 10
SCRUBBED
DIRTY
COPY
11 9 10
DefensePro®
CLEAN
DIRTY
COPY
SCRUBBED
BMF Switch
SCRUBBED
DIRTY
COPY
DefensePro®
POLICY UPDATE
POLICY
ALERT
DefenseFlow®
SCO
BMF Controller
CONTROL PLANE
DefensePro Configuration
DefensePro will be the detection and mitigation device. DefensePro should be configured in
Transparent Mode (default) with a management IP. A single port will be dedicated for receiving
a copy of all inbound traffic from the BMF Switch. A separate port pair will be dedicated for
scrubbing the attack traffic. Cable the DefensePro accordingly per your environment. Policy
configuration is handled by DefenseFlow.
DefenseFlow Configuration
DefenseFlow Mitigation Devices
Go to Configuration-->Network-->Mitigation Devices and click +
• Enabled = Checked
• Name = <Select Name of DefensePro>
• Managed Device = Checked
• Click Submit
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
DefenseFlow Detection
Go to Configuration-->Security Settings-->Detection click +
• Name = DPaaD
• Description = DefensePro as a Detector
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
DefenseFlow Operations
Two Operations will need to be created for this use case. One operation for Detection
and another operation for Diversion.
Detection Operation
This operation will create a pre-defined policy on the DefensePro used to detect attacks
Go to Configuration-->Security Settings-->Operations and click +
• Name = BMF-Operation-Detection
• Operation Type* = Mitigation
• Security Template = Basic
• Mitigation Group = ODS-MR
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
• Click Submit
Diversion Operation
This operation will use the SCO module to automatically update the BMF filter rules via
REST API in order to exclude attack from copy port and divert attack traffic to the
DefensePro to be scrubbed.
Go to Configuration-->Security Settings-->Operations and click +
• Name = BMF-Operation-L2-Diversion
• Operation Type* = Custom
• Custom URL = http://127.0.0.1:8080/
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
DefenseFlow Workflows
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
BMF Controller
Four Policies will need to be configured on the BMF Switch
• Inbound Traffic Policy
o NOTE: This policy will also be used to send COPY traffic to the DefensePro
• Clean Traffic Return Policy
• Dirty Traffic Policy
• Scrubbed Traffic Policy
BMF Policy Inbound-Traffic
This Policy will put the BMF Switch inline of the traffic path
Inbound-Traffic Info
Go to Big Tap-->Policies--> and click +
• Name = Inbound-Traffic
• Description = Optional
• Priority = 100
• Forward = selected
• Active = selected
• Start Policy = At Time
• Run Policy = Always
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Inbound-Traffic Summary
Go to Summary. Validate defined parameters.
• Validate Name = Inbound-Traffic
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Clean-Traffic-Return Summary
Go to Summary
• Validate Name = Clean-Traffic-Return
• Validate Action = forward
• Validate Priority = 100
• Validate Rules = match any
• Validate Filter Interfaces = BS26--AccessRouter26
• Validate Delivery Interfaces = BS25--EdgeRouter25
• Click Save
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Dirty-Traffic Rules
NOTE: This Rule will not be initially configured. This policy acts as a place holder to be
dynamically updated via SCO & DefenseFlow when an attack is detected by DefensePro.
Dirty-Traffic Feeds (SOURCE INTERFACE)
Go to Feeds and click +
• Select BS25--EdgeRouter25. This will be the source of the attack traffic.
• Click APPEND SELECTED
• Select BS09--DP09. This will send traffic to the attack port of the DefensePro.
• Click APPEND SELECTED
Dirty-Traffic Summary
Go to Summary
• Validate Name = Dirty-Traffic
• Validate Action = forward
• Validate Priority = 101
• Validate Filter Interfaces = BS25--EdgeRouter25
• Validate Delivery Interfaces = BS09--DP09
• Click Save
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Scrubbed-Traffic Rules
Go to Rules and click +
• Sequence = 1
• Match All Traffic = Checked
• Click Append
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Scrubbed-Traffic Summary
Go to Summary. Validate This is where you will select where to deliver the traffic. Traffic will
need to be delivered to the DefensePro (as a copy) and back to the core for delivery to the
destination
• Name = Scrubbed-Traffic
• Validate Action = forward
• Validate Priority = 100
• Validate Rules = match any
• Validate Filter Interfaces = Select BS1--DP10
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
BIG SWITCH NETWORKS
VENDOR INTEGRATION SERIES
BIG MONITORING FABRIC (BMF)
VERSION 1.0
Summary
• No VRF
• No BGP
• Fully transparent
• No requirement from netops
• All benefits from packet brokering
For more information on this use case please refer to the following webinar
https://www.radware.com/products/defensepro
This document is provided for information purposes only. This document is not
warranted to be error-free, nor subject to any other warranties or conditions, whether
expressed orally or implied in law. Radware specifically disclaims any liability with
respect to this document and no contractual obligations are formed either directly or
indirectly by this document. The technologies, functionalities, services, or processes
described herein are subject to change without notice.
©2019 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered
trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of
their respective owners. The Radware products and solutions mentioned in this document are protected by trademarks,
patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/