Presentation is loading. Please wait.

Presentation is loading. Please wait.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Published byIrene Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"— Presentation transcript:

1 Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†, Sylvia Ratnasamy*, and Vyas Sekar‡ *

2 Typical Enterprise Networks
Internet Introduce components, really…, describe what mboxes are.

3 Typical Enterprise Networks
Internet These have been a topic of considerable interest in the research community. Our intuition seeing these devices has been “it’s complicated”, but we wanted to test this claim and get to the bottom of how middleboxes impact network administration…

4 A Survey 57 enterprise network administrators
Small (< 1k hosts) to XL ( >100k hosts) Asked about deployment size, expenses, complexity, and failures.

5 How many middleboxes do you deploy?
Typically on par with # routers and switches.

6 What kinds of middleboxes do you deploy?
More devices == more expertise needed Many kinds of devices, all with different functions and management expertise required.

7 How many networking personnel are there?
Average salary for a network engineer - $60-80k USD

8 How do administrators spend their time?
Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34% Most administrators spend between 1-5 hours/week dealing with failures, 9% spent 6-10 hrs/week dealing directly with failures.

9 Recap High Capital and Operating Expenses
Time Consuming and Error-Prone Physical and Overload Failures

10 How can we improve this? One option would be to fix the way that we manage and provision middleboxes in enterprise networks – e.g. CoMB in NSDI, ETTM in last year’s NSDI. A completely different track is to just take them out of the hands of the enterprise entirely, and place them in the cloud

11 Our Proposal Internet There are also a number of middleboxes… (1) Firewalls…

12 Our Proposal Internet Cloud Provider
Introduce components, really…, describe what mboxes are. Internet

13 A move to the cloud High Capital and Operating Expenses
Time Consuming and Error Prone Physical and Overload Failures Economies of scale and pay-per use Simplifies configuration and deployment Redundant resources for failover Use the word service / interface / abstract / policy re: configuration

14 Our Design

15 Challenges Minimal Complexity at the Enterprise Functional Equivalence
Low Performance Overhead “Can we really???”

16 APLOMB “Appliance for Outsourcing Middleboxes”

17 Outsourcing Middleboxes with APLOMB
Cloud Provider NAT APLOMB Gateway Let’s start with a simple scenario --- one of these host guys wants to send traffic out to the Internet…. Internet

18 Inbound Traffic Internet Web Server: www.enterprise.com 192.168.1.100
Cloud Provider Register: “Sure, that works great for end-user services – typically NATed anyway for security – but what about web-facing services? Consider this guy…” “Much like CDN services today…” Internet Enterprise Network Admin.

19 Inbound Traffic Internet Cloud Provider Register: enterprise.com
DNS Register: enterprise.com “Sure, that works great for end-user services – typically NATed anyway for security – but what about web-facing services? Consider this guy…” “Much like CDN services today…” Internet

20 Choosing a Datacenter External Client Route through cloud datacenter that minimizes end to end latency. Cloud Provider East One option would be to map everyone to the cloud provider that’s closest to them; a better option….. APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. Cloud Provider West External Client Enterprise

21 Caches and “Terminal Services”
Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

22 APLOMB “Appliance for Outsourcing Middleboxes”
Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

23 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

24 APLOMB+ for Compression
Add generic compression to APLOMB gateway to reduce bandwidth consumption. I Cloud Provider …I’ll show some numbers from a case study of an enterprise on how well this works. Internet

25 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

26 Does it work? Can such a simple design really work? Will it introduce a heavy performance overhead?

27 Our Deployment Cloud provider: EC2 – 7 Datacenters
OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: Software VPN client on laptops Tunneling software router for wired hosts

28 Three Part Evaluation Implementation & Deployment
Performance metrics Wide-Area Measurements Network latency Mention two key questions we want to ask…. APPLICATION PERFORMANCE;ARCHITECTURAL/FEASIBILITY. Is such a simple solution really practical? Case Study of a Large Enterprise Impact in a real usage scenario

29 Does APLOMB inflate latency?

30 Drop explanations “poorly connected universities”
For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.

31 Latency at a Large Enterprise
Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint. Asia has sites…. “areas where EC2

32 How does APLOMB impact other quality metrics, like bandwidth and jitter?

33 Bandwidth: download times with BitTorrent increased on average 2.3%
Jitter: consistently within industry standard bounds of 30ms

34 Does APLOMB negate the benefits of bandwidth-saving devices?

35 Median case penalty – 3.8%; worst 8%
APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

36 Does “elastic scaling” at the cloud provide real benefits?
Start with overload

37 Some sites generate as much as 13x traffic more than average at peak hours.

38 Recap Good application performance Latency median inflation 1.1ms
Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

39 Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks. I showed you APLOMB – a very simple architecture for outsourcing middlebox processing to the cloud, yet, despite it’s simplicity it achieves good very good performance – and as a result of its simplicity, we consider it easily deployable.

Download ppt "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"

Similar presentations

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.

Economics of stub network multihoming and link load balancing INTERIM RESULTS AND NEXT STEPS Henna Warma Aalto University - COMNET December, 7 th 2011.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
1 Efficient and Robust Streaming Provisioning in VPNs Z. Morley Mao David Johnson Oliver Spatscheck Kobus van der Merwe Jia Wang.

1 Efficient and Robust Streaming Provisioning in VPNs Z. Morley Mao David Johnson Oliver Spatscheck Kobus van der Merwe Jia Wang.
Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.

Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
Module 12: Microsoft Windows 2000 Clustering. Overview Application of Clustering Technology Testing Tools.

Module 12: Microsoft Windows 2000 Clustering. Overview Application of Clustering Technology Testing Tools.
15-744: Computer Networking

15-744: Computer Networking
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Similar presentations

Ads by Google