Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Published byMelina Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi."— Presentation transcript:

1 The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi

2 2 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP

3 3 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Most innovation today: Middleboxes! Data from a large enterprise: >80K users across tens of sites Just network security ~ 6 billion $ (2010)  10 billion $ (2016)

4 4 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Middleboxes are valuable, but have many painpoints 1. Device Sprawl, High CapEx 2. High OpEx e.g., separate management teams need manual tuning 3. Inflexible, difficult to extend  need for new boxes! ? “consumerization”

5 Most network innovation occurs via middleboxes – Not by changes to routers or switches Suffer similar, and maybe more, pain points – Significant capital and operating expenses – Narrow, closed management interfaces – Difficult to extend Surprisingly MIA in the innovation discussion 5 The Middlebox Manifesto

6 Most network innovation occurs via middleboxes – Not via routers or switches Suffer almost same, if not more, pain points – Too many of them – Narrow, closed interfaces & difficult to extend – Significant capital and operating expenses Surprisingly MIA in the innovation discussion 6 The Middlebox Manifesto How to build? How to manage?

7 Our vision: Enabling innovation in middlebox deployments 7 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive

8 Our vision: Enabling innovation in middlebox deployments 8 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

9 New Efficiency Opportunities “Software-centric”, “extensible” sounds nice.. But, usually very resource inefficient – Compared to “specialized” solutions New efficiency avenues, at least for middleboxes – Multiplexing – Reuse – Spatial distribution 9

10 Opportunity 1: Multiplexing Benefits 10 Multiplexing benefit = 1 - Peak_Sum / Sum_Peak = 28%

11 Opportunity 2: Reusing Modules 11 Session Management Protocol Parsers VPN Web Mail IDS Proxy Firewall How much traffic overlap? > 60 % Contribution of reusable modules? 18 – 54 %

12 New Challenges 12 Network-wide Management Session Protocol Extensible functions Standalone functions Heterogeneity Complex processing Policy constraints

13 Challenges in Management 13 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse

14 Challenges in Single-box Design 14 Session Protocol Extensible functions Standalone functions Accelerators? Primitives? Performance, Isolation?

15 Most network innovation occurs via middleboxes – Little presence in the innovation discussion! Our vision: – Software-based, consolidated – Logically unified, open management APIs New opportunities – Multiplexing, reuse, and spatial distribution Practical challenges: Management + Platform 15 Conclusions

16 Vision: Enabling innovation in middlebox deployments 16 Network-Wide Management 1.Software-centric implementations e.g., Click 2. Consolidate multiple applications on same physical platform 3. Logically centralized Open management APIs e.g., OpenFlow Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

17 Our vision: Enabling innovation in middlebox deployments 17 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges

18 Challenges in Management 18 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse

19 19 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP

20 Challenges at every Layer 20 Network-wide Management Session Protocol Extensible functions Standalone functions Policy/reuse dependencies? What is the API? Accelerators? Primitives? Performance, isolation?

21 Outline Motivation High-level approach New opportunities New challenges 21

22 Pain Point #1: Device Sprawl 22 Inter-site WAN Internet Network Core LAN Mail Web VPN IDS Proxy Data Center DMZ Load Balancers Firewall LAN

23 Pain Point #2: CapEx/OpEx 23 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Almost separate teams to manage

24 Pain Point #3: Lack of interfaces 24 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Independent vendors Manual customization

25 Pain Point #4: “Consumerization” 25 Type of applianceNumber Firewalls166 NIDS127 …110 …67 WAN Optimizers44 ? ? ? Difficult to extend “Consumer” devices expected to increase need for in-network functions

26 Realities of Network Deployments: Innovation via Middleboxes! 26 Web Security +Acceleration WAN optimizer Layer3 Firewall Mail Security + Acceleration IDS/IP S VPN servers Gateway router Market for network security alone ~ 6 billion $ (2010)  10 billion $ (2016)

27 27 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade

28 28 Growing literature on network innovation Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP Network-wide Controller

29 Our vision to address “pain points” 29 1. Device Sprawl 2. High CapEx, OpEx  separate management teams 3. Lack of high-level interfaces  need manual tuning 4. “Consumerization”  Inflexible, difficult to extend  increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow

30 30 1. Device Sprawl 2. High CapEx, OpEx  separate management teams 3. Lack of high-level interfaces  need manual tuning 4. “Consumerization”  Inflexible, difficult to extend  increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges Our proposal to address “pain points”

31 31 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Market for network security appliances alone ~ 6 billion $ (2010)  10 billion $ (2016) Most actual innovation happens via middleboxes! Reality Check: Middleboxes Galore! But, missing from the “how to innovate” themes

32 32 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Reality Check: Middleboxes Galore! Data from a large enterprise: >80K users across tens of sites Network security appliances alone: ~ 6 billion $ (2010)  10 billion $ (2016) Most actual innovation happens via middleboxes! ç

33 New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 33

34 New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 34

Download ppt "The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
ITCR Success through Innovation - 1 -. iTCR Success through Innovation - 2 - CiTRs DECADE Strategy ä DECADE vision integrated electronic customer access.

ITCR Success through Innovation iTCR Success through Innovation CiTRs DECADE Strategy ä DECADE vision integrated electronic customer access.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Hierarchical Design.

Hierarchical Design.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,

Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
15-744: Computer Networking

15-744: Computer Networking
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Network Innovation using OpenFlow: A Survey

Network Innovation using OpenFlow: A Survey
SERVER LOAD BALANCING Presented By : Priya Palanivelu.

SERVER LOAD BALANCING Presented By : Priya Palanivelu.
1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.

1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google