Presentation is loading. Please wait.

Presentation is loading. Please wait.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Similar presentations


Presentation on theme: "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"— Presentation transcript:

1 Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†, Sylvia Ratnasamy*, and Vyas Sekar‡ *

2 Typical Enterprise Networks
Internet Introduce components, really…, describe what mboxes are.

3 Typical Enterprise Networks
Internet These have been a topic of considerable interest in the research community. Our intuition seeing these devices has been “it’s complicated”, but we wanted to test this claim and get to the bottom of how middleboxes impact network administration…

4 A Survey 57 enterprise network administrators
Small (< 1k hosts) to XL ( >100k hosts) Asked about deployment size, expenses, complexity, and failures.

5 How many middleboxes do you deploy?
Typically on par with # routers and switches.

6 What kinds of middleboxes do you deploy?
More devices == more expertise needed Many kinds of devices, all with different functions and management expertise required.

7 How many networking personnel are there?
Average salary for a network engineer - $60-80k USD

8 How do administrators spend their time?
Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34% Most administrators spend between 1-5 hours/week dealing with failures, 9% spent 6-10 hrs/week dealing directly with failures.

9 Recap High Capital and Operating Expenses
Time Consuming and Error-Prone Physical and Overload Failures

10 How can we improve this? One option would be to fix the way that we manage and provision middleboxes in enterprise networks – e.g. CoMB in NSDI, ETTM in last year’s NSDI. A completely different track is to just take them out of the hands of the enterprise entirely, and place them in the cloud

11 Our Proposal Internet There are also a number of middleboxes… (1) Firewalls…

12 Our Proposal Internet Cloud Provider
Introduce components, really…, describe what mboxes are. Internet

13 A move to the cloud High Capital and Operating Expenses
Time Consuming and Error Prone Physical and Overload Failures Economies of scale and pay-per use Simplifies configuration and deployment Redundant resources for failover Use the word service / interface / abstract / policy re: configuration

14 Our Design

15 Challenges Minimal Complexity at the Enterprise Functional Equivalence
Low Performance Overhead “Can we really???”

16 APLOMB “Appliance for Outsourcing Middleboxes”

17 Outsourcing Middleboxes with APLOMB
Cloud Provider NAT APLOMB Gateway Let’s start with a simple scenario --- one of these host guys wants to send traffic out to the Internet…. Internet

18 Inbound Traffic Internet Web Server: www.enterprise.com 192.168.1.100
Cloud Provider Register: “Sure, that works great for end-user services – typically NATed anyway for security – but what about web-facing services? Consider this guy…” “Much like CDN services today…” Internet Enterprise Network Admin.

19 Inbound Traffic Internet Cloud Provider Register: enterprise.com
DNS Register: enterprise.com “Sure, that works great for end-user services – typically NATed anyway for security – but what about web-facing services? Consider this guy…” “Much like CDN services today…” Internet

20 Choosing a Datacenter External Client Route through cloud datacenter that minimizes end to end latency. Cloud Provider East One option would be to map everyone to the cloud provider that’s closest to them; a better option….. APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. Cloud Provider West External Client Enterprise

21 Caches and “Terminal Services”
Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

22 APLOMB “Appliance for Outsourcing Middleboxes”
Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That’s it.

23 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

24 APLOMB+ for Compression
Add generic compression to APLOMB gateway to reduce bandwidth consumption. I Cloud Provider …I’ll show some numbers from a case study of an enterprise on how well this works. Internet

25 Can we outsource all middleboxes?
Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers ✗ Bandwidth? ✗ Compression?

26 Does it work? Can such a simple design really work? Will it introduce a heavy performance overhead?

27 Our Deployment Cloud provider: EC2 – 7 Datacenters
OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: Software VPN client on laptops Tunneling software router for wired hosts

28 Three Part Evaluation Implementation & Deployment
Performance metrics Wide-Area Measurements Network latency Mention two key questions we want to ask…. APPLICATION PERFORMANCE;ARCHITECTURAL/FEASIBILITY. Is such a simple solution really practical? Case Study of a Large Enterprise Impact in a real usage scenario

29 Does APLOMB inflate latency?

30 Drop explanations “poorly connected universities”
For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.

31 Latency at a Large Enterprise
Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint. Asia has sites…. “areas where EC2

32 How does APLOMB impact other quality metrics, like bandwidth and jitter?

33 Bandwidth: download times with BitTorrent increased on average 2.3%
Jitter: consistently within industry standard bounds of 30ms

34 Does APLOMB negate the benefits of bandwidth-saving devices?

35 Median case penalty – 3.8%; worst 8%
APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

36 Does “elastic scaling” at the cloud provide real benefits?
Start with overload

37 Some sites generate as much as 13x traffic more than average at peak hours.

38 Recap Good application performance Latency median inflation 1.1ms
Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

39 Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks. I showed you APLOMB – a very simple architecture for outsourcing middlebox processing to the cloud, yet, despite it’s simplicity it achieves good very good performance – and as a result of its simplicity, we consider it easily deployable.


Download ppt "Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,"

Similar presentations


Ads by Google