Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24,

Published byImogen Neal Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24,"— Presentation transcript:

1 Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24, 2014 Slides from ACM SIGCOMM 2012 presentation on “Making middleboxes someone else's problem: network processing as a cloud service”

2 Overview and Basics Data Center Networks – Basic switching technologies – Data Center Network Topologies (today and Monday) – Software Routers (eg. Click, Routebricks, NetMap, Netslice) – Alternative Switching Technologies – Data Center Transport Data Center Software Networking – Software Defined networking (overview, control plane, data plane, NetFGPA) – Data Center Traffic and Measurements – Virtualizing Networks – Middleboxes Advanced Topics Where are we in the semester?

3 Goals for Today Making middleboxes someone else's problem: network processing as a cloud service, – J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar. ACM SIGCOMM Computer Communication Review (CCR) Volume 42, Issue 4 (August 2012), pages 13-24.

4 APLOMB “Appliance for Outsourcing Middleboxes” Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

5 Typical Enterprise Networks Internet

6 Typical Enterprise Networks Internet

7 A Survey 57 enterprise network administrators Small ( 100k hosts) Asked about deployment size, expenses, complexity, and failures.

8 Typically on par with # routers and switches. How many middleboxes do you deploy?

9 Many kinds of devices, all with different functions and management expertise required. What kinds of middleboxes do you deploy?

10 Average salary for a network engineer - $60-80k USD How many networking personnel are there?

11 Misconfig.OverloadPhysical/ Electrical Firewalls67.3%16.3% Proxies63.2%15.7%21.1% IDS54.45%11.4%34% Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. How do administrators spend their time?

12 Recap High Capital and Operating Expenses Time Consuming and Error-Prone Physical and Overload Failures

13 How can we improve this?

14 Proposal Internet

15 Proposal Internet Cloud Provider

16 High Capital and Operating Expenses Time Consuming and Error Prone Physical and Overload Failures Economies of scale and pay-per use Simplifies configuration and deployment Redundant resources for failover A move to the cloud

17 Design

18 Challenges Minimal Complexity at the Enterprise Functional Equivalence Low Performance Overhead

19 APLOMB “Appliance for Outsourcing Middleboxes”

20 Outsourcing Middleboxes with APLOMB Internet Cloud Provider APLOMB Gateway NAT

21 Inbound Traffic Internet Cloud Provider Web Server: www.enterprise.com 192.168.1.100 Enterprise Network Admin. Register: www.enterprise.com 192.168.1.100

22 Inbound Traffic Internet Cloud Provider DNS Register: enterprise.com 98.76.54.32

23 Minimizing latency?

24 External Client Choosing a Datacenter Cloud Provider East Cloud Provider West Enterprise Route through cloud datacenter that minimizes end to end latency. APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. External Client

25 Caches and “Terminal Services” Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

26 APLOMB “Appliance for Outsourcing Middleboxes” Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

27 Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✔ ✔ ✔ ✔ ✗ Bandwidth? ✗ Compression? Can we outsource all middleboxes?

28 I APLOMB+ for Compression Add generic compression to APLOMB gateway to reduce bandwidth consumption. Cloud Provider Internet

29 Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✔ ✔ ✔ ✔ ✗ Bandwidth? ✗ Compression? ✔ ✔ Can we outsource all middleboxes?

30 Does it work?

31 Deployment Cloud provider: EC2 – 7 Datacenters OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: – Software VPN client on laptops – Tunneling software router for wired hosts

32 Implementation & Deployment Performance metrics Case Study of a Large Enterprise Impact in a real usage scenario Wide-Area Measurements Network latency Three Part Evaluation

33 Does APLOMB inflate latency?

34 For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.

35 Latency at a Large Enterprise Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.

36 How does APLOMB impact other quality metrics, like bandwidth and jitter?

37 Bandwidth: download times with BitTorrent increased on average 2.3% Jitter: consistently within industry standard bounds of 30ms

38 Does APLOMB negate the benefits of bandwidth-saving devices?

39 APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

40 Does “elastic scaling” at the cloud provide real benefits?

41 Some sites generate as much as 13x traffic more than average at peak hours.

42 Recap Good application performance – Latency median inflation 1.1ms – Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

43 Moving middleboxes to the cloud seems to be practical and feasible solution to the complexity of enterprise networks. Conclusion and Discussion

44 Did the soln make the problem simpler? – How to measure simplicity/complexity? Does the soln also make security problems someone else's problems. – Do we trust the cloud provider? Privacy concerns? – Do we trust the cloud provider Monetary cost: Is APLOMB cheaper or more expensive? Precedence – Zscalar – Ariaka – Total uptime Middleboxes not at the edge of your network – APLOMB cannot outsource these middleboxes Conclusion and Discussion

45 Before Next time Project Interim report – Due Today, Monday, November 24. – And meet with groups, TA, and professor Fractus Upgrade: Should be back online Required review and reading for Monday, December 1 – IOFlow: a software-defined storage architecture, E. Thereska, H. Ballani, G. O'Shea, T. Karagiannis, A. Rowstron, T. Talpey, R. Black, T. Zhu. ACM Symposium on Operating Systems Principles (SOSP), October 2013, pages 182-196. – http://dl.acm.org/citation.cfm?doid=2517349.2522723 Check piazza: http://piazza.com/cornell/fall2014/cs5413 Check website for updated schedule

Download ppt "Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24,"

Similar presentations

Elastic Provisioning In Virtual Private Clouds

Elastic Provisioning In Virtual Private Clouds
Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.

Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
Data Center Storage and Networking Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking December.

Data Center Storage and Networking Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking December.
15-744: Computer Networking

15-744: Computer Networking
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
CSCD 433/533 Advanced Computer Networks Lecture 1 Course Overview Fall 2011.

CSCD 433/533 Advanced Computer Networks Lecture 1 Course Overview Fall 2011.

Similar presentations

Ads by Google