Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Slides:



Advertisements
Similar presentations
New Directions in Enterprise Network Management Aditya Akella University of Wisconsin, Madison MSR Networking Summit June 2006.
Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
Towards Software Defined Cellular Networks
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Next Generation Network Architectures Summary John.
Toward Practical Integration of SDN and Middleboxes
SIMPLE-fying Middlebox Policy Enforcement Using SDN
Composing Software-Defined Networks Princeton*Cornell^ Chris Monsanto*, Joshua Reich* Nate Foster^, Jen Rexford*, David Walker*
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
SDN: Extensions Middleboxes 1 Ack: Vyas Sekar, Aaron Gember, Felipe Huici, Zafar Qazi.
Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
Software Defined Networking COMS , Fall 2013 Guest Speaker: Seyed Kaveh Fayazbakhsh Stony Brook University 11/12/2013: SDN and Middleboxes.
Network Innovation using OpenFlow: A Survey
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.
MIGRATION FROM SCREENOS TO JUNOS based firewall
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
Khaja Ahmed Architect Windows Networking Microsoft Corporation.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
Data Center Network Redesign using SDN
Cellular Core Network Architecture
Opportunities in Middlebox Virtualization Prof. Anat Bremler-Barr IDC Herzliya Supported by European Research Council (ERC) Starting.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Software-Defined Networks Jennifer Rexford Princeton University.
Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar Stanford University In collaboration with Martin Casado and Scott.
FUTURE OF NETWORKING SAJAN PAUL JUNIPER NETWORKS.
Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags Seyed K. Fayazbakhsh *, Luis Chiang ¶, Vyas Sekar *, Minlan.
Extending SDN to Handle Dynamic Middlebox Actions via FlowTags (Full version to appear in NSDI’14) Seyed K. Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
SIMPLE-fying Middlebox Policy Enforcement Using SDN
FlowTags: Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions Author: Seyed Kaveh Fayazbakhsh, Vyas Sekar, Minlan Yu and Jeffrey.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar, Rui Miao, Minlan Yu Presenter : ChoongHee.
Design and Implementation of a Consolidated Middlebox Architecture (CoMb) Vyas Sekar, Norbert Egi, Sylvia Ratnasamy Michael K. Reiter, Guangyu Shi Intel.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
I2RS Overlay usecase 1 Fangwei hu Bhumip Khasnabish.
Atrium Router Project Proposal Subhas Mondal, Manoj Nair, Subhash Singh.
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
Craig Farrell CTO Telecom IBM. Why to operators want SDN and NFV? Definitions SDN: Separate control/management & data plane of switches Centralization.
Software–Defined Networking Meron Aymiro. What is Software-Defined Networking?  Software-Defined Networking (SDN) has the potential of to transcend the.
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
NFP: Enabling Network Function Parallelism in NFV
Ready-to-Deploy Service Function Chaining for Mobile Networks
Road to SDN Review the main features of SDN
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
A Survey of Network Function Placement
The DPIaaS Controller Prototype
15-744: Computer Networking
of Dynamic NFV-Policies
The NPD Group - Enterprise DC Agenda
Software Defined Networking (SDN)
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
NFP: Enabling Network Function Parallelism in NFV
Software Defined Networking (SDN)
Software Defined Networking
NFP: Enabling Network Function Parallelism in NFV
SDN + NetSec Vyas Sekar.
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu

Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Why middleboxes? Data from a large enterprise Survey across 57 network operators Critical piece of network infrastructure But painful to manage, hard to add new functions 2

Why should SDN community care? 3 Aug ONF report – Integrate SDN into production networks – APIs for functions the market views as important Survey on SDN adoption [Metzler 2012] – use cases that justify deployment – “add a focus on Layer 4 through Layer 7 functionality … change in the perceived value of SDN.” Middleboxes: Necessity and Opportunity

4 Goal: SDN + Middlebox integration Centralized Controller “ Flow ” FwdAction …… “ Flow ” FwdAction …… Can we achieve SDN-Middlebox integration: with existing SDN APIs? with unmodified middleboxes? Open APIs

S1 S2 S4 Src S3 FirewallIDSProxy Proxy1 IDS1 Challenge: Policy Composition Dst Firewall1 Pkt, S2—S4: IDS1 vs Dst ?? Policy routing Need more expressive data plane?

2= Post Firewall Solution: Tag Packet Processing State 6 Firewall Proxy IDS 1=None 3=Post IDS 4 = Post Proxy S2 S4 Use “state” tags in addition to header, interface info

S1 S2 S4 Src S3 Proxy1 IDS1 = 50% Challenge: Resource Management Dst Firewall1 IDS2 = 50% How much TCAM does this load balancing need? Rules to “split” traffic

Solution: Joint Optimization 8 Resource Manager Topology Traffic Switch TCAM Middlebox Hardware Policy Spec Processing Distribution Forwarding Rules Theoretically hard, but we have practical decomposition

S1 S2 S4 Src S3 Proxy1 IDS1 = 50% Challenge: Traffic Modifications Dst Firewall1 IDS2 = 50% How can we set up the correct forwarding rules? Proxy may modify sessions

10 Proxy Correlate flows Install rules p1 Collect first 2-3 packets Time window T p2 p3 p4 p1 p2 User 1 User 2 p1* p2* p3 p4* P1* P2* q1 q2 q3 q1 q2 f1: f1’: f2’: Solution: Infer flow correlations Payload similarity algorithms

Challenges in SDN-Middlebox integration Policy composition Resource management Traffic modification 11 Scalable joint optimization Infer flow correlations “Tag” processing state Tunnels for compact routing

Admin FW IDS Proxy Web Rule Generator Resource ManagerDynamics Handler NIMBLE System Overview Legacy Middleboxes OpenFlow-enabled Switches Using OpenFlow 1.0! FlowTag/TunnelAction …… FlowTag/TunnelAction …… Forward first k pkts

Evaluation TBD Say something about prototype Show one/two results 13

Broader Middlebox Research Agenda 14 High capital costs Management complexity Inflexible, not extensible Consolidated Architecture [NSDI ‘12] ONS Poster Cloud Outsourcing [SIGCOMM’12] SDN integration [ongoing]

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.