Challenges in Unifying Control of Middlebox Traversals and ...

Challenges in Unifying Control of Middlebox Traversals and ...

Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison CHALLENGES IN UNIFYING CONTROL OF MIDDLEBOX TRAVERSALS AND FUNCTIONALITY Components of Enterprise Networks Middleboxes make up 40% of the network devices in large enterprises with over 200K hosts1 Enterprises spent on average over1 million dollars over the last 5 years to acquire middleboxes1 A Survey of Enterprise Middlebox Deployments, Justine Sherry

and Sylvia Ratnasamy, 2012 2 Importance of Middleboxes Additional component traffic passes through for examination and/or modification Not a connection endpoint Not responsible for path selection Ensure security

Optimize performance Facilitate remote access 3 Deploying Middlebox Topologies 1) 2) Determine objectives conceptual Select middleboxes, and ordering logical HTTP

Flow Logger IDS Select traffic to examine 3) Plan wiring and network config physical 4 Deployment Scenarios Monitor all paths or specific link

On-path vs. Off-path Enforcing traversals Physical chokepoint: wiring inline Logical chokepoints: routing hacks Software defined networking (SDN) 5 Enforcing Desired Traversals Brittle networks: choke points

Single point-of-failure With SDN, still difficult to expand need control over middlebox to expand Limited flexibility Unable to differentiate based on traffic type Difficult to expand 6 Configuring Middleboxes Infrastructure dependence

Distinct language for each vendor Needtounified middleboxes Hard migrate control between over vendors and network devices 67% of the outages are caused by misconfiguration of these Topology dependence middleboxes1 Tied to servers on path prevents mobility of server and middleboxes A Survey of Enterprise Middlebox Deployments, Justine Sherry

and Sylvia Ratnasamy, 2012 Benefits of Unification Easier to verify middlebox configuration Easier to migrate between infrastructure Automation leads to flexibility Implement energy saving Implement bottleneck detection and scaling

Centralized Unified Control High level Objectives Control Plane Physical Infrastructure Configures physical infrastructure Routers + Switches: OpenFlow + NOX Middleboxes: ?????? Composing Middlebox Topologies

1) Operator specifies logical topology HTTP 2) Flow Logger IDS Control plane determines path 10 Assumptions

Middlebox deployments are based on high level objectives A network of SDN switches Programmatic control over network Challenges Abstractions for specifying high level constraints Simple yet flexible and powerful Oblivious to the separation between

Control Plane middleboxes and routers. Common middlebox interface Extensible support new middleboxes Support for vendor specific functionality Control Plane Strawman for Abstracting Configuration Basic middlebox functionality

Examine Transform Middleboxes should expose: Forward Ways to examine and match packets; e.g., regular-expression on payload, IP headers Transformations supported; e.g., encryption Way to forward; e.g., SSL tunnel, IP Challenges of Considering Underlying Infrastructure

Map constraints to physical infrastructure. Configure physical infrastructure Re-adjust configuration to reflect dynamics Network topology, middlebox features, and network load Strawman for Considering Underlying Infrastructure LP that matches constraints to exposed

MB functionality Minimize latency (# of links) or Minimize resource utilization (# of MBs) Subject to high level constraints Input to LP High level goals Functionality supported by Middleboxes Network topology State-of-the-Art SDN, Policy-Switch, CloudNaaS Flexible interposition of middlebox No control over configuration Difficult to setup rules for flows without

knowledge of middlebox transformations MIDCOM Specify which traffic traverses a middlebox Doesnt support specification of functionality Summary Discussed challenges of deploying middleboxes Enforcing traversals Configuration management

Described outline for unified control Presented advantages and challenges

Recently Viewed Presentations

  • General Herkimer 2013-2014 School Comprehensive Education Plan

    General Herkimer 2013-2014 School Comprehensive Education Plan

    The building leader will monitor the implementation of differentiated instructional strategies (including TAPPLE, TPT, HOTS, and Bloom's questioning techniques) throughout the 2016-2017 school year, by conducting formal and informal observations, instructional walkthroughs, review of lesson plans, and through pre and...
  • Energy - Mr. Woods' Science Classes

    Energy - Mr. Woods' Science Classes

    Mass is conserved - in a chemical reaction, the mass in is equal to the mass out. Energy is conserved - It is changed from one form into another. ... A large chunk of ice with a mass of 15...
  • PROCEDURAL LAW - RUA: Principal

    PROCEDURAL LAW - RUA: Principal

    Procedural Law Vs Substantive Law. P.L. comprises the rules by which a Court hears and determines the result of a civil, criminal or adminsitrativeproceeding. S.L. refers to the actual claims and defenceswhosevalitiy is testedthrough the procedures of procedural Law
  • MURI - Stanford University

    MURI - Stanford University

    • An overall phase develops proportional to area (topological phase), A desired phase shift of achieved with Lifetime-limited atomic linewidth: 3 MHz via Auger recombination Radiative lifetime: 2 ms via phonon assisted process Optimum regime for detuning is just off-resonance...
  • Chapter 7 Chemical Formulas and Chemical Compounds

    Chapter 7 Chemical Formulas and Chemical Compounds

    The ratio of ions is not indicated in the name…it is assumed you will know (or be able to figure it out). Remember… cations come first . in ionic compounds and naming is the same as for monatomic ions. The...
  • Slide sem título - Santa Catarina

    Slide sem título - Santa Catarina

    vi sdr de concordia. xi sdr de curitibanos. xii sdr de rio do sul. xv sdr de blumenau. xix sdr de laguna. xx sdr de tubarÃo. xxi sdr de criciuma. xxiii sdr de joinville. xxvi sdr de canoinhas. xxvii sdr...
  • What is the cultural deprivation theory? What factors

    What is the cultural deprivation theory? What factors

    What is compensatory education? It is useful? What did Nell Keddie say about cultural deprivation in 1973?. What was found to show that working class identity affectseducational success?. What do class identities do to affect achievement? What is an ethnic...
  • The Digital Dilemma: Intellectual Property in the Information Age

    The Digital Dilemma: Intellectual Property in the Information Age

    UCLA School of Education & Information ... the complete work of Shakespeare and a classic vampire movie, Nosferatu, which is in the public domain." -- Stephen Cho quoted in Jefferson Graham, "Next Napsters Wait in the Wings; As music-swap site...