Presentation is loading. Please wait.

Presentation is loading. Please wait.

Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1.

Published byLayton Belger Modified over 10 years ago

Similar presentations

Presentation on theme: "Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1."— Presentation transcript:

1 Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1

2 Case for Network Function Outsourcing (NFO) Internet Cloud Provider + Economies of scale, pay-per use + Simplifies configuration & deployment 2 Today: High CapEx, OpEx, Delay in innovation

3 Concerns with ceding control Internet Cloud Provider e.g., Is this equivalent to in-house? e.g., Am I really getting cost reduction? 3

4 Our Vision: Verifiable NFO 4 Our focus is meeting customer expectations Key correctness properties: – Behavior – Performance – Accounting Other issues outside our scope: isolation, privacy, bandwidth costs..

5 What makes this challenging? Lack of visibility into the workload Dynamic, traffic-dependent, and potentially proprietary actions of the middleboxes Stochastic effects introduced by the network 5

6 Outline Motivation for verifiable NFO Formalizing properties A roadmap for vNFO Ongoing work and discussion 6

7 Formal Framework Management Interface f1f1 fnfn …. σ1σ1 σnσn B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... State SpacePacket Space Reference implementation 7

8 Behavioral equivalence? 8 Are packets being modified or incorrectly processed? Cloud IPS Customer

9 Blackbox Behavioral Correctness …. σ1σ1 σnσn π 1 in π 1 out visible to customer …. σ1σ1 σnσn π 1 in Is there some viable state? π 1 out ? ? 9

10 Snapshot Behavioral Correctness …. σ1σ1 σnσn π 1 in π 1 out visible to customer …. σ1σ1 σnσn π 1 in Would I get the same output? π 1 out ? 10

11 Performance impact? 11 Is the cloud processing introducing delays? 11 Cloud IPS t1t1 t2t2 t3t3 Customer

12 Performance Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Would it really take this long? t 1 out, t 2 out,... observed provider performance reference performance 12

13 Accounting correctness? Is the provider overcharging me? 13 Cloud IPS Customer 13

14 Did-It Accounting Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Did It actually consume? Charged value of resource r Consumption of resource r by provider 14

15 Should-It Accounting Correctness …. σ1σ1 σnσn π 1 in, π 2 in, … π 1 out, π 2 out,... Should It really cost this much? 15 Consumption of resource r by provider Consumption of resource r by reference implementation

16 Summarizing Correctness Properties Behavioral correctness – Blackbox: Function states are not visible to customer. – Snapshot: Function states are visible to customer Performance correctness – Is performance metric within Δ (SLA) of reference? Accounting correctness – Did-It: Were resources actually consumed? – Should-It: Was the consumption necessary? 16

17 Outline Motivation for NFO + vNFO Formalizing vNFO properties A roadmap for vNFO Ongoing work and discussion 17

18 Verifiable NFO (vNFO) Overview Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. Each function is implemented as a virtual appliance. NFO provider deploys a trusted shim for logging. 18

19 Idealized view Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. Shim logs every packet, instantaneous VM state, and resource usage, timestamps per packet 19

20 Challenges with Idealized view Management Interface B CPU, B Mem, B Net Customer CPU, Mem Net CPU, Mem π 1 in, π 2 in, … π 1 out, π 2 out,... …. 1. Middlebox actions make it difficult to correlate logs 2. Scalability and performance impact due to logging 20

21 Potential solutions to challenges 1.Lack of visibility into middlebox actions: – Packets may be modified by middleboxes. 1.Scalability – Infeasible to log all packets and processing stats. 21 FlowTags Trajectory Sampling

22 Ongoing work Leveraging nested virtualization – NFO provider does not need any platform change Adding hooks to KVM – Trustworthy accounting (CPU, memory) – Trajectory sampling + FlowTags – Instantaneous snapshotting Benchmark memory/time overheads associate with: – Packet sampling – Resource consumption calculations – Snapshotting 22

23 Discussion Does the customer trust the NFO provider? Is the NFO provider willing to deploy the shim layer? – Market forces: Premium service, competitive edge, etc. What are the market factors for customers? – Can customer easily switch to a different NFO provider? What is the role of SLA? – Can the billed amount always be formulated in terms of resource consumption? … 23

Download ppt "Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Terms. 1. Globalization 2. Financing 3. Inputs.

Terms. 1. Globalization 2. Financing 3. Inputs.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts

Similar presentations

Ads by Google