It's a Match!: Near-Optimal and Incremental Middlebox Deployment

The virtualization and softwarization of modern computer networks offers new opportunities for the simplified management and exible placement of middleboxes as e.g. rewalls and proxies. This paper initiates the study of algorithmically exploiting the exibilities present in virtualized and software-defined networks. Particularly, we are interested in the initial as well as the incremental deployment of middleboxes. We present a deterministic O(log(min{n,k})) approximation algorithm for n-node computer networks, where k is the middlebox capacity. The algorithm is based on optimizing over a submodular function which can be computed efficiently using a fast augmenting path approach. The derived approximation bound is optimal: the underlying problem is computationally hard to approximate within sublogarithmic factors, unless P = NP holds. We additionally present an exact algorithm based on integer programming, and complement our formal analysis with simulations. In particular, we consider the number of used middleboxes and highlight the benefits of the approximation algorithm in incremental deployments. Our approach also finds interesting applications, e.g., in the context of incremental deployment of software-defined networks.

[1]  Mischa Schwartz,et al.  ACM SIGCOMM computer communication review , 2001, CCRV.

[2]  Jorge Lobo,et al.  Towards making network function virtualization a cloud computing service , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[3]  Ran Raz,et al.  A sub-constant error-probability low-degree test, and a sub-constant error-probability PCP characterization of NP , 1997, STOC '97.

[4]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[5]  Carsten Lund,et al.  On the hardness of approximating minimization problems , 1994, JACM.

[6]  Aditya Akella,et al.  OpenNF , 2014, SIGCOMM.

[7]  László Lovász,et al.  Submodular functions and convexity , 1982, ISMP.

[8]  Matthew Roughan,et al.  The Internet Topology Zoo , 2011, IEEE Journal on Selected Areas in Communications.

[9]  Stefan Schmid,et al.  SHEAR: A Highly Available and Flexible Network Architecture Marrying Distributed and Logically Centralized Control Planes , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[10]  Tarik Taleb,et al.  Service-aware network function placement for efficient traffic handling in carrier cloud , 2014, 2014 IEEE Wireless Communications and Networking Conference (WCNC).

[11]  Chen-Nee Chuah,et al.  MeasuRouting: A Framework for Routing Assisted Traffic Monitoring , 2010, IEEE/ACM Transactions on Networking.

[12]  Joseph Naor,et al.  Covering problems with hard capacities , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[13]  Laurence A. Wolsey,et al.  An analysis of the greedy algorithm for the submodular set covering problem , 1982, Comb..

[14]  Vasek Chvátal,et al.  A Greedy Heuristic for the Set-Covering Problem , 1979, Math. Oper. Res..

[15]  Minlan Yu,et al.  FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions , 2013, HotSDN '13.

[16]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[17]  Olivier Bonaventure,et al.  Opportunities and research challenges of hybrid software defined networks , 2014, CCRV.

[18]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[19]  Tamás Lukovszki,et al.  Online Admission Control and Embedding of Service Chains , 2015, SIROCCO.

[20]  Anja Feldmann,et al.  Panopticon: Reaping the Benefits of Incremental SDN Deployment in Enterprise Networks , 2014, USENIX Annual Technical Conference.

[21]  Alexander Schrijver,et al.  Combinatorial optimization. Polyhedra and efficiency. , 2003 .