The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Slides:

Advertisements

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Advertisements

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

ITCR Success through Innovation iTCR Success through Innovation CiTRs DECADE Strategy ä DECADE vision integrated electronic customer access.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Hierarchical Design.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Toward Practical Integration of SDN and Middleboxes

SIMPLE-fying Middlebox Policy Enforcement Using SDN

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

15-744: Computer Networking

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Network Innovation using OpenFlow: A Survey

SERVER LOAD BALANCING Presented By : Priya Palanivelu.

1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

1 Restricted to Nortel Networks Internal Review Ebusiness Infrastructure Platform.

Computer Networks IGCSE ICT Section 4.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Private Cloud: Application Transformation Business Priorities Presentation.

Enterprise Resource Planning

SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

EWAN Equipment Last Update Copyright 2010 Kenneth M. Chipps Ph.D. 1.

Enabling Innovation Inside the Network Jennifer Rexford Princeton University

1 MICHAEL BANIC VP ENTERPRISE MAKETING. THE NEW DATA CENTER NETWORK.

IPv4 TO IPv6 TRANSITION AND INTEROPERABILITY FOR TELECOM SERVICE PROVIDER Business Problem In today’s environment of growing connectivity where almost.

1 06/00 Questions 10/6/2015 QoS in DOS ECOOP 2000John Zinky BBN Technologies ECOOP 2000 Workshop on Quality of Service in Distributed Object Systems

Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.

Deploying XenApp and XenDesktop with BIG-IP Brent Imhoff – Field Systems Engineer Gary Zaleski – Solutions Architect Michael Koyfman – Solutions Architect.

FUTURE OF NETWORKING SAJAN PAUL JUNIPER NETWORKS.

Extending SDN to Handle Dynamic Middlebox Actions via FlowTags (Full version to appear in NSDI’14) Seyed K. Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan.

S4-Chapter 3 WAN Design Requirements. WAN Technologies Leased Line –PPP networks –Hub and Spoke Topologies –Backup for other links ISDN –Cost-effective.

Network Components By: Zach Przybilla CECS 5460 Fall 2015.

A survey of SDN: Past, Present and Future of Programmable Networks Speaker :Yu-Fu Huang Advisor :Dr. Kai-Wei Ke Date:2014/Sep./30 1.

SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.

CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.

SIMPLE-fying Middlebox Policy Enforcement Using SDN

The role of networking in the Dynamic Data Center Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration.

Characteristics of Scaleable Internetworks

.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.

0 What Does SIP Bring to Your Customer Experience ? Extend VoIP and IP Contact Center values through support of SIP o Media and location independent support.

Design and Implementation of a Consolidated Middlebox Architecture (CoMb) Vyas Sekar, Norbert Egi, Sylvia Ratnasamy Michael K. Reiter, Guangyu Shi Intel.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Eric Osborne ARNOG 2016 NFV (and SDN). Introduction About me: 20+ years in Internet networking: startup, Cisco, Level(3) Currently a principal architect.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

Chapter 7. Identifying Assets and Activities to Be Protected

A Survey of Network Function Placement

15-744: Computer Networking

15-744: Computer Networking

How Smart Networks are Changing Corporate Networks

Software Defined Networking (SDN)

Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.

Tailor slide to customer industry/pain points

Cloud Computing and Cloud Networking

Software Defined Networking (SDN)

An Introduction to Computer Networking

Ebusiness Infrastructure Platform

Concept of VLAN (Virtual LAN) and Benefits

Extending MPLS/BGP VPNs to End-Systems

Wide Area Network Fundamentals

NFV and SD-WAN Multi vendor deployment

Presentation transcript:

The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi

2 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP

3 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Most innovation today: Middleboxes! Data from a large enterprise: >80K users across tens of sites Just network security ~ 6 billion $ (2010)  10 billion $ (2016)

4 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Middleboxes are valuable, but have many painpoints 1. Device Sprawl, High CapEx 2. High OpEx e.g., separate management teams need manual tuning 3. Inflexible, difficult to extend  need for new boxes! ? “consumerization”

Most network innovation occurs via middleboxes – Not by changes to routers or switches Suffer similar, and maybe more, pain points – Significant capital and operating expenses – Narrow, closed management interfaces – Difficult to extend Surprisingly MIA in the innovation discussion 5 The Middlebox Manifesto

Most network innovation occurs via middleboxes – Not via routers or switches Suffer almost same, if not more, pain points – Too many of them – Narrow, closed interfaces & difficult to extend – Significant capital and operating expenses Surprisingly MIA in the innovation discussion 6 The Middlebox Manifesto How to build? How to manage?

Our vision: Enabling innovation in middlebox deployments 7 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive

Our vision: Enabling innovation in middlebox deployments 8 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

New Efficiency Opportunities “Software-centric”, “extensible” sounds nice.. But, usually very resource inefficient – Compared to “specialized” solutions New efficiency avenues, at least for middleboxes – Multiplexing – Reuse – Spatial distribution 9

Opportunity 1: Multiplexing Benefits 10 Multiplexing benefit = 1 - Peak_Sum / Sum_Peak = 28%

Opportunity 2: Reusing Modules 11 Session Management Protocol Parsers VPN Web Mail IDS Proxy Firewall How much traffic overlap? > 60 % Contribution of reusable modules? 18 – 54 %

New Challenges 12 Network-wide Management Session Protocol Extensible functions Standalone functions Heterogeneity Complex processing Policy constraints

Challenges in Management 13 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse

Challenges in Single-box Design 14 Session Protocol Extensible functions Standalone functions Accelerators? Primitives? Performance, Isolation?

Most network innovation occurs via middleboxes – Little presence in the innovation discussion! Our vision: – Software-based, consolidated – Logically unified, open management APIs New opportunities – Multiplexing, reuse, and spatial distribution Practical challenges: Management + Platform 15 Conclusions

Vision: Enabling innovation in middlebox deployments 16 Network-Wide Management 1.Software-centric implementations e.g., Click 2. Consolidate multiple applications on same physical platform 3. Logically centralized Open management APIs e.g., OpenFlow Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

Our vision: Enabling innovation in middlebox deployments 17 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

Challenges in Management 18 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse

19 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP

Challenges at every Layer 20 Network-wide Management Session Protocol Extensible functions Standalone functions Policy/reuse dependencies? What is the API? Accelerators? Primitives? Performance, isolation?

Outline Motivation High-level approach New opportunities New challenges 21

Pain Point #1: Device Sprawl 22 Inter-site WAN Internet Network Core LAN Mail Web VPN IDS Proxy Data Center DMZ Load Balancers Firewall LAN

Pain Point #2: CapEx/OpEx 23 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Almost separate teams to manage

Pain Point #3: Lack of interfaces 24 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Independent vendors Manual customization

Pain Point #4: “Consumerization” 25 Type of applianceNumber Firewalls166 NIDS127 …110 …67 WAN Optimizers44 ? ? ? Difficult to extend “Consumer” devices expected to increase need for in-network functions

Realities of Network Deployments: Innovation via Middleboxes! 26 Web Security +Acceleration WAN optimizer Layer3 Firewall Mail Security + Acceleration IDS/IP S VPN servers Gateway router Market for network security alone ~ 6 billion $ (2010)  10 billion $ (2016)

27 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade

28 Growing literature on network innovation Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP Network-wide Controller

Our vision to address “pain points” Device Sprawl 2. High CapEx, OpEx  separate management teams 3. Lack of high-level interfaces  need manual tuning 4. “Consumerization”  Inflexible, difficult to extend  increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow

30 1. Device Sprawl 2. High CapEx, OpEx  separate management teams 3. Lack of high-level interfaces  need manual tuning 4. “Consumerization”  Inflexible, difficult to extend  increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges Our proposal to address “pain points”

31 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Market for network security appliances alone ~ 6 billion $ (2010)  10 billion $ (2016) Most actual innovation happens via middleboxes! Reality Check: Middleboxes Galore! But, missing from the “how to innovate” themes

32 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Reality Check: Middleboxes Galore! Data from a large enterprise: >80K users across tens of sites Network security appliances alone: ~ 6 billion $ (2010)  10 billion $ (2016) Most actual innovation happens via middleboxes! ç

New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 33

New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 34