Justine Sherry, Shaddi Hasan, Colin Scott*, Arvind Krishnamurthy†,

Slides:

Advertisements

Similar presentations

A Digital Fountain Approach to Reliable Distribution of Bulk Data

Advertisements

Greening Backbone Networks Shutting Off Cables in Bundled Links Will Fisher, Martin Suchara, and Jennifer Rexford Princeton University.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Negotiating the Internet: Equipment and Beyond David Bankowski IT Manager, Electronic Communications 25 July 2008 Insert graphic.

Remote Network Labs: An On-Demand Network Cloud for Configuration Testing Huan Liu, Dan Orban Accenture Technology Labs.

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC

The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

Warm Up What is the simplified form of:.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Toward Practical Integration of SDN and Middleboxes

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

SIMPLE-fying Middlebox Policy Enforcement Using SDN

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

15-744: Computer Networking

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

James Tam Computer Networks You will learn what is a network, how they work and what are the different types.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24,

The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Middleboxes & Network Appliances EE122 TAs Past and Present.

LB VIP:Input Endpoint Internal Endpoint foo.cloudapp.net  VIP.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

IPv4 TO IPv6 TRANSITION AND INTEROPERABILITY FOR TELECOM SERVICE PROVIDER Business Problem In today’s environment of growing connectivity where almost.

ESubnet Enterprises Inc. Richard Danielli, eSubnet Higher sales volumes through high network availability INTIX 2010.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Kiew-Hong Chua a.k.a Francis Computer Network Presentation 12/5/00.

FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.

Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.

SIMPLE-fying Middlebox Policy Enforcement Using SDN

CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.

Benefits For hoster or private cloud: Multi-tenant gateway reduces cost Enhanced Reliability with Clustering Works Seamlessly with Hyper-V network.

Office 365 Performance Management. Meet Paul Andrew Office 365 Technical Product Manager – Office 365 datacenter, networking, identity management.

On the Placement of Web Server Replicas Yu Cai. Paper On the Placement of Web Server Replicas Lili Qiu, Venkata N. Padmanabhan, Geoffrey M. Voelker Infocom.

John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS.

FatPipe Networks invented the concept of router clustering to make branch office connectivity reliable without BGP Programming FatPipe Networks provides.

Chapter 1 Introduction to Networking

Barracuda Link Balancer

15-744: Computer Networking

Authors: Justine Sherry. , Shaddi Hasan. , Colin Scott

Considerations for operating MS SQL in the cloud, in production, DR, or hybrid scenarios. By Nick Rubtsov.

15-744: Computer Networking

Design Unit 26 Design a small or home office network

Network Optimizer Optimize Your Business & Cloud Networks

Wide Area Network Fundamentals

Lecture 21, Computer Networks (198:552)

Dynamic WAN Selection Optimize Your Business & Cloud Networks

Presentation transcript:

Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†, Sylvia Ratnasamy*, and Vyas Sekar‡ * ‡ †

Typical Enterprise Networks Internet

Typical Enterprise Networks Internet

A Survey 57 enterprise network administrators Small (< 1k hosts) to XL ( >100k hosts) Asked about deployment size, expenses, complexity, and failures.

How many middleboxes do you deploy? Typically on par with # routers and switches.

What kinds of middleboxes do you deploy? More devices == more expertise needed Many kinds of devices, all with different functions and management expertise required.

How many networking personnel are there? Average salary for a network engineer - $60-80k USD

How do administrators spend their time? Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34%

Recap High Capital and Operating Expenses Time Consuming and Error-Prone Physical and Overload Failures

How can we improve this?

Our Proposal Internet

Our Proposal Cloud Provider Internet

A move to the cloud High Capital and Operating Expenses Time Consuming and Error Prone Physical and Overload Failures Economies of scale and pay-per use Simplifies configuration and deployment Redundant resources for failover

Our Design

Challenges Minimal Complexity at the Enterprise Functional Equivalence Low Performance Overhead

APLOMB “Appliance for Outsourcing Middleboxes”

Outsourcing Middleboxes with APLOMB Cloud Provider NAT APLOMB Gateway Internet

Inbound Traffic Internet Web Server: www.enterprise.com 192.168.1.100 Cloud Provider Register: www.enterprise.com 192.168.1.100 Internet Enterprise Network Admin.

Inbound Traffic Internet Cloud Provider Register: enterprise.com DNS Register: enterprise.com 98.76.54.32 Internet

Choosing a Datacenter External Client Route through cloud datacenter that minimizes end to end latency. Cloud Provider East APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. Cloud Provider West External Client Enterprise

Caches and “Terminal Services” Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

APLOMB “Appliance for Outsourcing Middleboxes” Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

Can we outsource all middleboxes? Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✔ ✔ ✔ ✔ ✗ Bandwidth? ✗ Compression?

APLOMB+ for Compression Add generic compression to APLOMB gateway to reduce bandwidth consumption. I Cloud Provider Internet

Can we outsource all middleboxes? Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✔ ✔ ✔ ✔ ✗ Bandwidth? ✗ Compression? ✔ ✔

Does it work?

Our Deployment Cloud provider: EC2 – 7 Datacenters OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: Software VPN client on laptops Tunneling software router for wired hosts

Three Part Evaluation Implementation & Deployment Performance metrics Wide-Area Measurements Network latency Case Study of a Large Enterprise Impact in a real usage scenario

Does APLOMB inflate latency?

For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.

Latency at a Large Enterprise Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.

How does APLOMB impact other quality metrics, like bandwidth and jitter?

Bandwidth: download times with BitTorrent increased on average 2.3% Jitter: consistently within industry standard bounds of 30ms

Does APLOMB negate the benefits of bandwidth-saving devices?

APLOMB+ incurs a median penalty of 3 APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

Does “elastic scaling” at the cloud provide real benefits?

Some sites generate as much as 13x traffic more than average at peak hours.

Recap Good application performance Latency median inflation 1.1ms Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks.

What does it mean to “manage” middleboxes? Upgrades and Vendor Interaction Monitoring and Diagnostics Configuration Appliance Configuration Policy Configuration Training

Internal Firewalls Cloud Provider Internet

How many middleboxes can APLOMB outsource?

How much do middleboxes cost? Thousands to millions of dollars / 5 years

Is maintaining multiple tunnels at the APLOMB gateway useful?

With multiple tunnels, the fraction of pairs with 0 inflation or better moves from 40% to 60%

How large must a provider’s datacenter footprint be to support middlebox services?

Minimal Improvement to E2E Latency with Larger Footprint.

How does APLOMB redirection impact web page load times?

Median: slightly worse; 90%-ile: slightly better.

Caches may require a larger footprint to provide nationwide service.