Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advanced Piloting Cruise Plot.
Terms. 1. Globalization 2. Financing 3. Inputs.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Electricity and Magnetism
Year 6 mental test 5 second questions
ZMQS ZMQS
Micro Focus Research 1 As far as youre aware, how does your organization plan to drive business growth over the next three years? (Respondents' first choices)
1Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Richmond House, Liverpool (1) 26 th January 2004.
BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.
Chapter 1: Introduction to Scaling Networks
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS TE Overview Configuring MPLS TE on Cisco IOS Platforms.
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Taiwan ITQ.
ABC Technology Project
1© Copyright 2013 EMC Corporation. All rights reserved. EMC STORAGE ANALYTICS With VNX and VMAX Support.
© S Haughton more than 3?
© Charles van Marrewijk, An Introduction to Geographical Economics Brakman, Garretsen, and Van Marrewijk.
© Charles van Marrewijk, An Introduction to Geographical Economics Brakman, Garretsen, and Van Marrewijk.
VOORBLAD.
Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
1. 2 No lecture on Wed February 8th Thursday 9 th Feb 14: :00 Thursday 9 th Feb 14: :00.
Linking Verb? Action Verb or. Question 1 Define the term: action verb.
Squares and Square Root WALK. Solve each problem REVIEW:
Do you have the Maths Factor?. Maths Can you beat this term’s Maths Challenge?
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I NETWORK LAYER AND IP Derived From CCNA Network Fundamentals.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 ETHERNET Derived From CCNA Network Fundamentals – Chapter 9 EN0129 PC AND NETWORK TECHNOLOGY.
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
1 First EMRAS II Technical Meeting IAEA Headquarters, Vienna, 19–23 January 2009.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
We will resume in: 25 Minutes.
A SMALL TRUTH TO MAKE LIFE 100%
1 Unit 1 Kinematics Chapter 1 Day
PSSA Preparation.
MEF Reference Presentation November 2011
Chapter 20 The ISLM Model. Copyright © 2007 Pearson Addison-Wesley. All rights reserved Determination of Aggregate Output.
1 PART 1 ILLUSTRATION OF DOCUMENTS  Brief introduction to the documents contained in the envelope  Detailed clarification of the documents content.
How Cells Obtain Energy from Food
McGraw-Hill©The McGraw-Hill Companies, Inc., 2001 Chapter 16 Integrated Services Digital Network (ISDN)
A Measurement Study of Available Bandwidth Estimation Tools MIT - CSAIL with Jacob Strauss & Frans Kaashoek Dina Katabi.
The Student Handbook to T HE A PPRAISAL OF R EAL E STATE 1 Chapter 23 Yield Capitalization — Theory and Basic Applications.
Verifiable Resource Accounting for Cloud Computing Services Vyas Sekar, Petros Maniatis ISTC for Secure Computing 1.
FlowTags: Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions Author: Seyed Kaveh Fayazbakhsh, Vyas Sekar, Minlan Yu and Jeffrey.
Presentation transcript:

Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1

Case for Network Function Outsourcing (NFO) Internet Cloud Provider + Economies of scale, pay-per use + Simplifies configuration & deployment 2 Today: High CapEx, OpEx, Delay in innovation

Concerns with ceding control Internet Cloud Provider e.g., Is this equivalent to in-house? e.g., Am I really getting cost reduction? 3

Our Vision: Verifiable NFO 4 Our focus is meeting customer expectations Key correctness properties: – Behavior – Performance – Accounting Other issues outside our scope: isolation, privacy, bandwidth costs..

What makes this challenging? Lack of visibility into the workload Dynamic, traffic-dependent, and potentially proprietary actions of the middleboxes Stochastic effects introduced by the network 5

Outline Motivation for verifiable NFO Formalizing properties A roadmap for vNFO Ongoing work and discussion 6

Formal Framework Management Interface f1f1 fnfn …. σ1σ1 σnσn B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... State SpacePacket Space Reference implementation 7

Behavioral equivalence? 8 Are packets being modified or incorrectly processed? Cloud IPS Customer

Blackbox Behavioral Correctness …. σ1σ1 σnσn π 1 in π 1 out visible to customer …. σ1σ1 σnσn π 1 in Is there some viable state? π 1 out ? ? 9

Snapshot Behavioral Correctness …. σ1σ1 σnσn π 1 in π 1 out visible to customer …. σ1σ1 σnσn π 1 in Would I get the same output? π 1 out ? 10

Performance impact? 11 Is the cloud processing introducing delays? 11 Cloud IPS t1t1 t2t2 t3t3 Customer

Performance Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Would it really take this long? t 1 out, t 2 out,... observed provider performance reference performance 12

Accounting correctness? Is the provider overcharging me? 13 Cloud IPS Customer 13

Did-It Accounting Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Did It actually consume? Charged value of resource r Consumption of resource r by provider 14

Should-It Accounting Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Should It really cost this much? 15 Consumption of resource r by provider Consumption of resource r by reference implementation

Summarizing Correctness Properties Behavioral correctness – Blackbox: Function states are not visible to customer. – Snapshot: Function states are visible to customer Performance correctness – Is performance metric within Δ (SLA) of reference? Accounting correctness – Did-It: Were resources actually consumed? – Should-It: Was the consumption necessary? 16

Outline Motivation for NFO + vNFO Formalizing vNFO properties A roadmap for vNFO Ongoing work and discussion 17

Verifiable NFO (vNFO) Overview Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. Each function is implemented as a virtual appliance. NFO provider deploys a trusted shim for logging. 18

Idealized view Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. Shim logs every packet, instantaneous VM state, and resource usage, timestamps per packet 19

Challenges with Idealized view Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. 1. Middlebox actions make it difficult to correlate logs 2. Scalability and performance impact due to logging 20

Potential solutions to challenges 1.Lack of visibility into middlebox actions: – Packets may be modified by middleboxes. 1.Scalability – Infeasible to log all packets and processing stats. 21 FlowTags Trajectory Sampling

Ongoing work Leveraging nested virtualization – NFO provider does not need any platform change Adding hooks to KVM – Trustworthy accounting (CPU, memory) – Trajectory sampling + FlowTags – Instantaneous snapshotting Benchmark memory/time overheads associate with: – Packet sampling – Resource consumption calculations – Snapshotting 22

Discussion Does the customer trust the NFO provider? Is the NFO provider willing to deploy the shim layer? – Market forces: Premium service, competitive edge, etc. What are the market factors for customers? – Can customer easily switch to a different NFO provider? What is the role of SLA? – Can the billed amount always be formulated in terms of resource consumption? … 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.