Practical and Incremental Convergence between SDN and Middleboxes

Networks today rely on middleboxes to provide critical performance, security, and policy compliance functions. Today, however, achieving these benefits and ensuring that the traffic traverses the desired sequence of middleboxes requires significant manual effort and operator expertise. In this respect, Software-defined Networking (SDN) offers a promising alternative. However, middleboxes introduce new aspects (e.g., policy composition, resource management, packet modifications) that fall outside the purvey of traditional L2/L3 functions that SDN supports (e.g., access control or routing). Thus, prior attempts in applying the SDN philosophy to middlebox management have mandated significant changes to middlebox implementations and/or SDN control interfaces. This paper addresses a practical question: Can today’s SDN simplify and improve the management of current middlebox deployments? To this end, we address algorithmic and system design challenges to demonstrate the feasibility of using SDN to simplify middlebox management. In doing so, we also take a significant step toward addressing industry concerns surrounding the ability of SDN to integrate with existing infrastructure and support L4–L7 capabilities.

[1]  Ramesh Govindan,et al.  vCRIB: Virtualized Rule Management in the Cloud , 2012, HotCloud.

[2]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[3]  Minlan Yu,et al.  Scalable flow-based networking with DIFANE , 2010, SIGCOMM 2010.

[4]  Qiang Xu,et al.  An untold story of middleboxes in cellular networks , 2011, SIGCOMM 2011.

[5]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[6]  Katerina J. Argyraki,et al.  RouteBricks: exploiting parallelism to scale software routers , 2009, SOSP '09.

[7]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[8]  Vyas Sekar,et al.  The middlebox manifesto: enabling innovation in middlebox deployment , 2011, HotNets-X.

[9]  Mark Handley,et al.  Flow processing and the rise of commodity network hardware , 2009, CCRV.

[10]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[11]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[12]  Amin Vahdat,et al.  xOMB: Extensible Open MiddleBoxes with commodity servers , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[13]  Mark Handley,et al.  Is it still possible to extend TCP? , 2011, IMC '11.

[14]  Rob Sherwood,et al.  OFLOPS: An Open Framework for OpenFlow Switch Evaluation , 2012, PAM.

[15]  Aditya Akella,et al.  Toward software-defined middlebox networking , 2012, HotNets-XI.

[16]  Ion Stoica,et al.  A policy-aware switching layer for data centers , 2008, SIGCOMM '08.

[17]  Navendu Jain,et al.  Understanding network failures in data centers: measurement, analysis, and implications , 2011, SIGCOMM.

[18]  Glen Gibb,et al.  Outsourcing network functionality , 2012, HotSDN '12.

[19]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM 2011.

[20]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[21]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[22]  Anees Shaikh,et al.  CloudNaaS: a cloud networking platform for enterprise applications , 2011, SoCC.

[23]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[24]  Himabindu Pucha,et al.  Exploiting Similarity for Multi-Source Downloads Using File Handprints , 2007, NSDI.

[25]  Ming Zhang,et al.  The Case for Fine-Grained Traffic Engineering in Data Centers , 2010, INM/WREN.

[26]  Thomas E. Anderson,et al.  ETTM: A Scalable Fault Tolerant Network Manager , 2011, NSDI.

[27]  Richard Wang,et al.  OpenFlow-Based Server Load Balancing Gone Wild , 2011, Hot-ICE.

[28]  David Walker,et al.  Composing Software Defined Networks , 2013, NSDI.

[29]  Chen-Nee Chuah,et al.  MeasuRouting: A Framework for Routing Assisted Traffic Monitoring , 2010, IEEE/ACM Transactions on Networking.

[30]  Ion Stoica,et al.  Modeling middleboxes , 2008, IEEE Network.

[31]  Anja Feldmann,et al.  Deriving traffic demands for operational IP networks: methodology and experience , 2001, TNET.

[32]  David Walker,et al.  Abstractions for network update , 2012, SIGCOMM '12.

[33]  Vyas Sekar,et al.  New opportunities for load balancing in network-wide intrusion detection systems , 2012, CoNEXT '12.

[34]  Dan Li,et al.  PACE: Policy-Aware Application Cloud Embedding , 2013, 2013 Proceedings IEEE INFOCOM.