Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Published byCalista Mudd Modified over 9 years ago

Similar presentations

Presentation on theme: "Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S."— Presentation transcript:

1 Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S. Navy SPAWAR under contract N66001-11-C-4017

2 Network Policies Reachability – Alice can not send packets to Bob Application classification – Place Skype traffic in the gold queue

3 Limitations of SDN Data Plane 10.2.3.4:10.2.3.3 Fwd Port 1 A2:e3:f1:ba:ea:23:* Drop Match Action Limited actions and matching – Match: Ethernet, IP, TCP/UDP port numbers – Action: forward, drop, rewrite header, etc.

4 Extending SDN’s Data Plane Expand the OpenFlow standards – Requires hardware support Implement richer data plane in controller – Introduces additional latency to packets Add new devices (Middleboxes)

5 Example: Detecting Network Attacks Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber

6 Example: Detecting Network Attacks Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber

7 Example: Detecting Network Attacks Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber

8 Example: Detecting Network Attacks Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber Inspect all DNS traffic with a DPI device If suspicious lookup takes place, send to traffic scrubber

9 Challenges Specify network policies across middleboxes – Difficult to automatically react to middlebox events Dynamically place sophisticated middleboxes – Difficult to determine efficient placement – Difficult to adjust placement to traffic patterns Support for arbitrary middlebox functionality – Difficult to capture hardware requirements

10 Slick Contributions Abstraction for programming middleboxes – Simplifies the development of network policies – Separates specification of intent from implementation Dynamic placement of middlebox functionality – Online resource allocation algorithm Support for heterogeneous devices – Maintains performance profiles of middlebox

11 Slick Architecture Slick Controller Middlebox Element Middlebox Element Middlebox Element Middlebox Element Application Encodes network policy Provides handlers for triggers Encodes network policy Provides handlers for triggers Piece of code encapsulating middlebox functions Your network operator 3 rd party element developers Programmable device: NetFPGA, x86 server Virtual Switch Triggers from elements

12 Slick Architecture Slick Controller Application Runs applications Runs resource allocation algo. Places middlebox elements Steers traffic through middleboxes Configures switches Runs applications Runs resource allocation algo. Places middlebox elements Steers traffic through middleboxes Configures switches Installs/uninstalls middlebox functions Deploy Middlebox code Middlebox Element Middlebox Element Middlebox Element Middlebox Element Programmable device: NetFPGA, x86 server Virtual Switch

13 Slick Controller Features Resource allocation heuristic – Minimizes latency  minimize path length Dealing with heterogeneity – Algorithms for discovering hardware – Model of middlebox performance

14 Slick Controller Features Resource allocation Heuristic – Inputs: – Constraint: Hardware limitations of slick servers – Objective: minimize latency, maximize throughput Dealing with heterogeneity – Different hardware provides different throughput – Mapping of elements to acceptable hardware – Create models for automatically characterizing elements

15 Resource Allocation Heuristic Resource allocation heuristic Resource allocation heuristic Traffic Steering OpenFlow Controller OpenFlow Controller Placement Decisions Traffic matrix And topology Network policies in applications Middlebox perf profile Hardware constraints Programmable device Virtual Switch Programmable device Virtual Switch Objective: minimize latency (path lengths)

16 Status and Conclusion Slick: control plane for middleboxes – Presented an initial architecture – Discussed algorithmic challenge Slick is implemented in python – Slick controller as a module on NoX 0.5.0 – Developed 2 applications and 3 middlebox elements

17 Current Status Slick is implemented in python – Slick controller as a module on NoX 0.5.0 – Developed 2 applications and 3 middlebox elements

18 Conclusion and Open Questions Slick: control plane for middleboxes – Presented an initial architecture – Discussed algorithmic challenge Open questions – How can developers help guide placement? – What is the optimal solution for resource allocation?

19 Questions?

20 Related Work CoMB [NSDI ’12] – Calculations are off-line – Focuses on placement (paths are fixed) PLayer [Sigcomm ‘08] – Focuses solely on traffic steering Point solutions lacking the generality to allow operators to generate dynamic policies

Download ppt "Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S."

Similar presentations

Towards Software Defined Cellular Networks

Towards Software Defined Cellular Networks
SDN Controller Challenges

SDN Controller Challenges
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.

Frenetic: A High-Level Language for OpenFlow Networks Nate Foster, Rob Harrison, Matthew L. Meola, Michael J. Freedman, Jennifer Rexford, David Walker.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Composing Software Defined Networks

Composing Software Defined Networks
Nanxi Kang Princeton University

Nanxi Kang Princeton University
An Overview of Software-Defined Network Presenter: Xitao Wen.

An Overview of Software-Defined Network Presenter: Xitao Wen.
SDN: Extensions Middleboxes 1 Ack: Vyas Sekar, Aaron Gember, Felipe Huici, Zafar Qazi.

SDN: Extensions Middleboxes 1 Ack: Vyas Sekar, Aaron Gember, Felipe Huici, Zafar Qazi.
OpenFlow-Based Server Load Balancing GoneWild

OpenFlow-Based Server Load Balancing GoneWild
Scalable Network Virtualization in Software-Defined Networks

Scalable Network Virtualization in Software-Defined Networks
Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.

Scalable Flow-Based Networking with DIFANE 1 Minlan Yu Princeton University Joint work with Mike Freedman, Jennifer Rexford and Jia Wang.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
An Overview of Software-Defined Network

An Overview of Software-Defined Network
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.

Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park

Jaehoon (Paul) Jeong, Hyoungshick Kim, and Jung-Soo Park
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
An Overview of Software-Defined Network Presenter: Xitao Wen.

An Overview of Software-Defined Network Presenter: Xitao Wen.
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

Similar presentations

Ads by Google