Efficiently migrating stateful middleboxes

Middleboxes that hold per-flow state and perform Layer 4+ processing are widely deployed in the Internet today: a recent study shows their presence on at least a third of the studied paths [5]. These middleboxes provide functionality ranging from security to performance optimization, and are becoming ubiquitous with time. To reduce costs and enable fast functionality updates there is an ongoing trend of migrating away from specialized hardware implementations of middleboxes to software running on commodity servers [9]. Programmable switches (such as OpenFlow) coupled with x86 machines have been proposed as the natural architecture to create scalable middleboxes that are also easy to deploy and update [3]. The basic recipe is very simple: a collection of x86 servers are connected to an OpenFlow switch, which is in turn “on-path” for the traffic. The servers implement distributedly the functionality of a single middlebox (possibly in virtual machines), such as carrier-grade NAT or firewall. The programmable switch is a key ingredient, splitting load between the machines. To make such distributed middleboxes scalable, we need ways to seamlessly move processing and its associated flow state between local or remote servers. This would allow the platform to deal with load surges by adding servers, and to efficiently scale down by shutting machines off. Processing could even be migrated to different middleboxes in other parts of the world to optimize other aspects such as userperceived delay.