Download presentation
Presentation is loading. Please wait.
Published byMelina Hampton Modified over 9 years ago
1
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi
2
2 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP
3
3 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Most innovation today: Middleboxes! Data from a large enterprise: >80K users across tens of sites Just network security ~ 6 billion $ (2010) 10 billion $ (2016)
4
4 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Middleboxes are valuable, but have many painpoints 1. Device Sprawl, High CapEx 2. High OpEx e.g., separate management teams need manual tuning 3. Inflexible, difficult to extend need for new boxes! ? “consumerization”
5
Most network innovation occurs via middleboxes – Not by changes to routers or switches Suffer similar, and maybe more, pain points – Significant capital and operating expenses – Narrow, closed management interfaces – Difficult to extend Surprisingly MIA in the innovation discussion 5 The Middlebox Manifesto
6
Most network innovation occurs via middleboxes – Not via routers or switches Suffer almost same, if not more, pain points – Too many of them – Narrow, closed interfaces & difficult to extend – Significant capital and operating expenses Surprisingly MIA in the innovation discussion 6 The Middlebox Manifesto How to build? How to manage?
7
Our vision: Enabling innovation in middlebox deployments 7 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive
8
Our vision: Enabling innovation in middlebox deployments 8 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges
9
New Efficiency Opportunities “Software-centric”, “extensible” sounds nice.. But, usually very resource inefficient – Compared to “specialized” solutions New efficiency avenues, at least for middleboxes – Multiplexing – Reuse – Spatial distribution 9
10
Opportunity 1: Multiplexing Benefits 10 Multiplexing benefit = 1 - Peak_Sum / Sum_Peak = 28%
11
Opportunity 2: Reusing Modules 11 Session Management Protocol Parsers VPN Web Mail IDS Proxy Firewall How much traffic overlap? > 60 % Contribution of reusable modules? 18 – 54 %
12
New Challenges 12 Network-wide Management Session Protocol Extensible functions Standalone functions Heterogeneity Complex processing Policy constraints
13
Challenges in Management 13 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse
14
Challenges in Single-box Design 14 Session Protocol Extensible functions Standalone functions Accelerators? Primitives? Performance, Isolation?
15
Most network innovation occurs via middleboxes – Little presence in the innovation discussion! Our vision: – Software-based, consolidated – Logically unified, open management APIs New opportunities – Multiplexing, reuse, and spatial distribution Practical challenges: Management + Platform 15 Conclusions
16
Vision: Enabling innovation in middlebox deployments 16 Network-Wide Management 1.Software-centric implementations e.g., Click 2. Consolidate multiple applications on same physical platform 3. Logically centralized Open management APIs e.g., OpenFlow Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges
17
Our vision: Enabling innovation in middlebox deployments 17 Network-Wide Management 1. Software-centric implementations 2. Consolidated physical platform 3. Logically centralized open management APIs Easy to deploy, extend Reduce sprawl Direct control, expressive In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges
18
Challenges in Management 18 Network-wide Management Session Protocol Extensible functions Standalone functions Policy dependencies? e.g. IDS < Proxy What is a minimal interface? Is it tractable? e.g., reuse
19
19 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP
20
Challenges at every Layer 20 Network-wide Management Session Protocol Extensible functions Standalone functions Policy/reuse dependencies? What is the API? Accelerators? Primitives? Performance, isolation?
21
Outline Motivation High-level approach New opportunities New challenges 21
22
Pain Point #1: Device Sprawl 22 Inter-site WAN Internet Network Core LAN Mail Web VPN IDS Proxy Data Center DMZ Load Balancers Firewall LAN
23
Pain Point #2: CapEx/OpEx 23 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Almost separate teams to manage
24
Pain Point #3: Lack of interfaces 24 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Independent vendors Manual customization
25
Pain Point #4: “Consumerization” 25 Type of applianceNumber Firewalls166 NIDS127 …110 …67 WAN Optimizers44 ? ? ? Difficult to extend “Consumer” devices expected to increase need for in-network functions
26
Realities of Network Deployments: Innovation via Middleboxes! 26 Web Security +Acceleration WAN optimizer Layer3 Firewall Mail Security + Acceleration IDS/IP S VPN servers Gateway router Market for network security alone ~ 6 billion $ (2010) 10 billion $ (2016)
27
27 Growing literature on network innovation Build programmable elements using commodity hardware e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade
28
28 Growing literature on network innovation Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP Network-wide Controller
29
Our vision to address “pain points” 29 1. Device Sprawl 2. High CapEx, OpEx separate management teams 3. Lack of high-level interfaces need manual tuning 4. “Consumerization” Inflexible, difficult to extend increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow
30
30 1. Device Sprawl 2. High CapEx, OpEx separate management teams 3. Lack of high-level interfaces need manual tuning 4. “Consumerization” Inflexible, difficult to extend increases need for new boxes! 1. Software-centric middlebox implementations e.g., Click 2. Consolidate multiple applications on hardware e.g., done in data centers 3. Logically centralized and open, unified management APIs e.g., OpenFlow In a general context, ideas aren’t especially new! But, middleboxes raise new opportunities and challenges Our proposal to address “pain points”
31
31 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Market for network security appliances alone ~ 6 billion $ (2010) 10 billion $ (2016) Most actual innovation happens via middleboxes! Reality Check: Middleboxes Galore! But, missing from the “how to innovate” themes
32
32 Type of applianceNumber Firewalls166 NIDS127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Reality Check: Middleboxes Galore! Data from a large enterprise: >80K users across tens of sites Network security appliances alone: ~ 6 billion $ (2010) 10 billion $ (2016) Most actual innovation happens via middleboxes! ç
33
New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 33
34
New Challenges Why are middleboxes different? – Heterogeneity – Complex processing – Policy constraints Challenges for: – For network management, and – Individual middlebox design 34
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.