Open AccessProceedings Article
Design and implementation of a consolidated middlebox architecture
Vyas Sekar,Norbert Egi,Sylvia Ratnasamy,Michael K. Reiter,Guangyu Shi +4 more
- pp 24-24
Reads0
Chats0
TLDR
CoMb is presented, a new architecture for middlebox deployments that systematically explores opportunities for consolidation, both at the level of building individual middleboxes and in managing a network of middleboxes.Abstract:
Network deployments handle changing application, workload, and policy requirements via the deployment of specialized network appliances or "middleboxes". Today, however, middlebox platforms are expensive and closed systems, with little or no hooks for extensibility. Furthermore, they are acquired from independent vendors and deployed as standalone devices with little cohesiveness in how the ensemble of middleboxes is managed. As network requirements continue to grow in both scale and variety, this bottom-up approach puts middlebox deployments on a trajectory of growing device sprawl with corresponding escalation in capital and management costs.
To address this challenge, we present CoMb, a new architecture for middlebox deployments that systematically explores opportunities for consolidation, both at the level of building individual middleboxes and in managing a network of middleboxes. This paper addresses key resource management and implementation challenges that arise in exploiting the benefits of consolidation in middlebox deployments. Using a prototype implementation in Click, we show that CoMb reduces the network provisioning cost 1.8-2.5× and reduces the load imbalance in a network by 2-25×.read more
Citations
More filters
Proceedings ArticleDOI
SIMPLE-fying middlebox policy enforcement using SDN
TL;DR: SIMPLE, a SDN-based policy enforcement layer for efficient middlebox-specific "traffic steering", is presented, a significant step toward addressing industry concerns surrounding the ability of SDN to integrate with existing infrastructure and support L4-L7 capabilities.
Proceedings ArticleDOI
ClickOS and the art of network function virtualization
Joao Martins,Mohamed H. Ahmed,Costin Raiciu,Vladimir Olteanu,Michio Honda,Roberto Bifulco,Felipe Huici +6 more
TL;DR: This work introduces ClickOS, a high-performance, virtualized software middlebox platform, and implements a wide range of middleboxes including a firewall, a carrier-grade NAT and a load balancer and shows that ClickOS can handle packets in the millions per second.
Proceedings ArticleDOI
Kandoo: a framework for efficient and scalable offloading of control applications
TL;DR: Kandoo is proposed, a framework for preserving scalability without changing switches that enables network operators to replicate local controllers on demand and relieve the load on the top layer, which is the only potential bottleneck in terms of scalability.
Journal ArticleDOI
Software-Defined Network Function Virtualization: A Survey
TL;DR: This survey presents a thorough investigation of the development of NFV under the software-defined NFV architecture, with an emphasis on service chaining as its application.
Proceedings ArticleDOI
SoftCell: scalable and flexible cellular core network architecture
TL;DR: The presented SoftCell is a scalable architecture that supports fine-grained policies for mobile devices in cellular core networks, using commodity switches and servers, and enables operators to realize high-level service policies that direct traffic through sequences of middleboxes based on subscriber attributes and applications.
References
More filters
Journal ArticleDOI
OpenFlow: enabling innovation in campus networks
Nick McKeown,Thomas Anderson,Hari Balakrishnan,Guru Parulkar,Larry L. Peterson,Jennifer Rexford,Scott Shenker,Jonathan S. Turner +7 more
TL;DR: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day, based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries.
Proceedings Article
Bro: a system for detecting network intruders in real-time
TL;DR: Bro as mentioned in this paper is a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits, which emphasizes high-speed (FDDI-rate) monitoring, realtime notification, clear separation between mechanism and policy and extensibility.
Journal ArticleDOI
NOX: towards an operating system for networks
TL;DR: The question posed here is: Can one build a network operating system at significant scale?
Proceedings ArticleDOI
The Click modular router
TL;DR: The Click IP router can forward 64-byte packets at 73,000 packets per second, just 10% slower than Linux alone, and is easy to extend by adding additional elements, which are demonstrated with augmented configurations.
Proceedings ArticleDOI
Measuring ISP topologies with rocketfuel
TL;DR: New Internet mapping techniques that have enabled us to directly measure router-level ISP topologies are presented, finding that these maps are substantially more complete than those of earlier Internet mapping efforts.