Efficient routing for middlebox policy enforcement in software-defined networking

Network applications require traffic to sequence through multiple types of middleboxes to enhance network functions, e.g., providing security and guaranteeing performance. Sequenced-middlebox policy routing on top of regular layer 2/3 flow routing is challenging to be flexibly managed by network administrators. In addition, various types of middlebox resources concurrently obtained by numerous applications complicate network-resource management. Furthermore, middlebox failures can lead to a lack of security and the malfunction of entire network. In this paper, we formulate a mixed-integer linear programming problem to achieve a network load-balancing objective in the context of sequenced-middlebox policy routing. Our global routing approach manages network resources efficiently by simplifying candidate-path selections, balancing the entire network and using the simulated annealing algorithm. Moreover, in case of middlebox failures, we design a fast recovery mechanism by exploiting the remaining link and middlebox resources locally. To the best of our knowledge, this is the first work to handle failures in sequenced-middlebox scenarios using OpenFlow. Finally, we implement proposed routing approaches on Mininet testbed and evaluate experiments' scalability, assessing the effectiveness of the approaches. Results of the optimization on a test topology include an increase up to 26.4% of the throughput with respect to a sequenced shortest-path routing.

[1]  Vyas Sekar,et al.  The middlebox manifesto: enabling innovation in middlebox deployment , 2011, HotNets-X.

[2]  Hani Jamjoom,et al.  Pico replication: a high availability framework for middleboxes , 2013, SoCC.

[3]  Peng Wang,et al.  Dynamic function composition for network service chain: Model and optimization , 2015, Comput. Networks.

[4]  Andreas Mauthe,et al.  Resilience support in software-defined networking: A survey , 2015, Comput. Networks.

[5]  Randy H. Katz,et al.  Backup path allocation based on a correlated link failure probability model in overlay networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[6]  Martín Casado,et al.  Dynamic route recomputation considered harmful , 2010, CCRV.

[7]  Ion Stoica,et al.  A policy-aware switching layer for data centers , 2008, SIGCOMM '08.

[8]  Navendu Jain,et al.  Demystifying the dark side of the middle: a field study of middlebox failures in datacenters , 2013, Internet Measurement Conference.

[9]  Dan Li,et al.  Software defined green data center network with exclusive routing , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[10]  Anja Feldmann,et al.  Deriving traffic demands for operational IP networks: methodology and experience , 2001, TNET.

[11]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[12]  A. Neeraja,et al.  Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[13]  Mikkel Thorup,et al.  Traffic engineering with estimated traffic matrices , 2003, IMC '03.

[14]  Meral Shirazipour,et al.  StEERING: A software-defined networking for inline service chaining , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[15]  Deep Medhi,et al.  Routing, flow, and capacity design in communication and computer networks , 2004 .

[16]  Hamid Farhadi,et al.  Software-Defined Networking: A survey , 2015, Comput. Networks.

[17]  Deborah Estrin,et al.  Highly-resilient, energy-efficient multipath routing in wireless sensor networks , 2001, MOCO.

[18]  Brian E. Carpenter,et al.  Middleboxes: Taxonomy and Issues , 2002, RFC.

[19]  Minlan Yu,et al.  FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions , 2013, HotSDN '13.

[20]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[21]  Ian F. Akyildiz,et al.  A roadmap for traffic engineering in SDN-OpenFlow networks , 2014, Comput. Networks.

[22]  Minlan Yu,et al.  Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.

[23]  Antonio Nucci,et al.  The problem of synthetically generating IP traffic matrices: initial recommendations , 2005, CCRV.

[24]  Yongli Zhao,et al.  Multipath protection for data center services in OpenFlow-based software defined elastic optical networks , 2015 .

[25]  Scott Shenker,et al.  Rollback-Recovery for Middleboxes , 2015, Comput. Commun. Rev..

[26]  Vyas Sekar,et al.  Design and Implementation of a Consolidated Middlebox Architecture , 2012, NSDI.

[27]  Emile H. L. Aarts,et al.  Simulated Annealing: Theory and Applications , 1987, Mathematics and Its Applications.