Presentation is loading. Please wait.

Presentation is loading. Please wait.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Published byCali Meddock Modified over 10 years ago

Similar presentations

Presentation on theme: "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"— Presentation transcript:

1 Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†, Sylvia Ratnasamy*, and Vyas Sekar‡ *

2 Typical Enterprise Networks
Internet

3 Typical Enterprise Networks
Internet

4 A Survey 57 enterprise network administrators
Small (< 1k hosts) to XL ( >100k hosts) Asked about deployment size, expenses, complexity, and failures.

5 How many middleboxes do you deploy?
Typically on par with # routers and switches.

6 What kinds of middleboxes do you deploy?
More devices == more expertise needed Many kinds of devices, all with different functions and management expertise required.

7 How many networking personnel are there?
Average salary for a network engineer - $60-80k USD

8 How do administrators spend their time?
Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34%

9 Recap High Capital and Operating Expenses
Time Consuming and Error-Prone Physical and Overload Failures

10 How can we improve this?

11 Our Proposal Internet

12 Our Proposal Cloud Provider Internet

13 A move to the cloud High Capital and Operating Expenses
Time Consuming and Error Prone Physical and Overload Failures Economies of scale and pay-per use Simplifies configuration and deployment Redundant resources for failover

14 Our Design

15 Challenges Minimal Complexity at the Enterprise Functional Equivalence
Low Performance Overhead

16 APLOMB “Appliance for Outsourcing Middleboxes”

17 Outsourcing Middleboxes with APLOMB
Cloud Provider NAT APLOMB Gateway Internet

18 Inbound Traffic Internet Web Server: www.enterprise.com 192.168.1.100
Cloud Provider Register: Internet Enterprise Network Admin.

19 Inbound Traffic Internet Cloud Provider Register: enterprise.com
DNS Register: enterprise.com Internet

20 Choosing a Datacenter External Client Route through cloud datacenter that minimizes end to end latency. Cloud Provider East APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. Cloud Provider West External Client Enterprise

21 Caches and “Terminal Services”
Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

22 APLOMB “Appliance for Outsourcing Middleboxes”
Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

23 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

24 APLOMB+ for Compression
Add generic compression to APLOMB gateway to reduce bandwidth consumption. I Cloud Provider Internet

25 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

26 Does it work?

27 Our Deployment Cloud provider: EC2 – 7 Datacenters
OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: Software VPN client on laptops Tunneling software router for wired hosts

28 Three Part Evaluation Implementation & Deployment
Performance metrics Wide-Area Measurements Network latency Case Study of a Large Enterprise Impact in a real usage scenario

29 Does APLOMB inflate latency?

30 For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.

31 Latency at a Large Enterprise
Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.

32 How does APLOMB impact other quality metrics, like bandwidth and jitter?

33 Bandwidth: download times with BitTorrent increased on average 2.3%
Jitter: consistently within industry standard bounds of 30ms

34 Does APLOMB negate the benefits of bandwidth-saving devices?

35 APLOMB+ incurs a median penalty of 3
APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

36 Does “elastic scaling” at the cloud provide real benefits?

37 Some sites generate as much as 13x traffic more than average at peak hours.

38 Recap Good application performance Latency median inflation 1.1ms
Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

39 Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks.

40

41 What does it mean to “manage” middleboxes?
Upgrades and Vendor Interaction Monitoring and Diagnostics Configuration Appliance Configuration Policy Configuration Training

42 Internal Firewalls Cloud Provider Internet

43 How many middleboxes can APLOMB outsource?

44 How much do middleboxes cost?
Thousands to millions of dollars / 5 years

45 Is maintaining multiple tunnels at the APLOMB gateway useful?

46 With multiple tunnels, the fraction of pairs with 0 inflation or better moves from 40% to 60%

47 How large must a provider’s datacenter footprint be to support middlebox services?

48 Minimal Improvement to E2E Latency with
Larger Footprint.

49 How does APLOMB redirection impact web page load times?

50 Median: slightly worse; 90%-ile: slightly better.

51 Caches may require a larger footprint to provide nationwide service.

52

Download ppt "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"

Similar presentations

A Digital Fountain Approach to Reliable Distribution of Bulk Data

A Digital Fountain Approach to Reliable Distribution of Bulk Data
Greening Backbone Networks Shutting Off Cables in Bundled Links Will Fisher, Martin Suchara, and Jennifer Rexford Princeton University.

Greening Backbone Networks Shutting Off Cables in Bundled Links Will Fisher, Martin Suchara, and Jennifer Rexford Princeton University.
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Negotiating the Internet: Equipment and Beyond David Bankowski IT Manager, Electronic Communications 25 July 2008 Insert graphic.

Negotiating the Internet: Equipment and Beyond David Bankowski IT Manager, Electronic Communications 25 July 2008 Insert graphic.
Remote Network Labs: An On-Demand Network Cloud for Configuration Testing Huan Liu, Dan Orban Accenture Technology Labs.

Remote Network Labs: An On-Demand Network Cloud for Configuration Testing Huan Liu, Dan Orban Accenture Technology Labs.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.
Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.

Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC 4550.020.

Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.

The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Warm Up What is the simplified form of:.

Warm Up What is the simplified form of:.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN

Similar presentations

Ads by Google