Vyas Sekar
Sylvia Ratnasamy
Michael K. Reiter
ABSTRACT
Most network deployments respond to changing application, workload, and policy requirements via the deployment of specialized network appliances or "middleboxes". Despite the critical role that middleboxes play in introducing new network functionality, they have been surprisingly ignored in recent efforts for designing networks that are amenable to innovation. We make the case that enabling innovation in middleboxes is at least as important, if not more important, as that for traditional switches and routers. To this end, our vision is a world with software-centric middlebox implementations running on general-purpose hardware platforms that are managed via open and extensible management APIs. While these principles have been applied in other contexts, they introduce unique opportunities and challenges in the context of middleboxes that we highlight in this paper.
- http://www.snort.org.Google Scholar
- Cavium networks. http://www.caviumnetworks.com/.Google Scholar
- Crossbeam network consolidation. http://bit.ly/qlotDK.Google Scholar
- Palo alto networks. http://www.paloaltonetworks.com/.Google Scholar
- Riverbed Networks: WAN Optimization. http://www.riverbed.com/solutions/optimize/.Google Scholar
- Silver Peak software WAN optimization. http://bit.ly/nCBRst.Google Scholar
- Untangle. www.untangle.com.Google Scholar
- World enterprise network security markets. http://bit.ly/gYW4Us.Google Scholar
- A. Greenberg et al. A Clean Slate 4D Approach to Network Control and Management. ACM SIGCOMM CCR, 35(5), Oct. 2005. Google ScholarDigital Library
- A. Greenlagh et al. Flow Processing and the Rise of Commodity Network Hardware. ACM CCR, Apr. 2009. Google ScholarDigital Library
- A. Shieh et al. SideCar: Building Programmable Datacenter Networks without Programmable Switches. In Proc. HotNets, 2010. Google ScholarDigital Library
- J. Anderson and A. Vahdat. xOMB: eXtensible Open MiddleBoxes. Unpublished Manuscript.Google Scholar
- B. Anwer et al. Switchblade: A platform for rapid deployment of network protocols on programmable hardware. In SIGCOMM, 2010. Google ScholarDigital Library
- G. Lu et al. ServerSwitch: A Programmable and High Performance Platform for Data Center Networks. In Proc. NSDI, 2011. Google ScholarDigital Library
- S. Han, K. Jang, K. Park, and S. Moon. PacketShader: a GPU-Accelerated Software Router. In Proc. SIGCOMM, 2010. Google ScholarDigital Library
- D. Joseph and I. Stoica. Modeling middleboxes. IEEE Network, 2008. Google ScholarDigital Library
- D. A. Joseph, A. Tavakoli, and I. Stoica. A Policy-aware Switching Layer for Data Centers, In Proc. SIGCOMM, 2008. Google ScholarDigital Library
- M. Caesar et al. Design and implementation of a Routing Control Platform. In Proc. of NSDI, 2005. Google ScholarDigital Library
- M. Casado et al. SANE: A Protection Architecture for Enterprise Networks. In USENIX Security, 2006. Google ScholarDigital Library
- M. Dobrescu et al. RouteBricks: Exploiting Parallelism to Scale Software Routers. In Proc. SOSP, 2009. Google ScholarDigital Library
- M. Kounavis et al. Encrypting the Internet. In Proc. SIGCOMM, 2010. Google ScholarDigital Library
- N. Egi et al. Towards high performance virtual routers on commodity hardware. In Proc. CoNEXT, 2008. Google ScholarDigital Library
- N. Gude et al. NOX: Towards an Operating System for Networks. ACM SIGCOMM CCR, July 2008. Google ScholarDigital Library
- N. McKeown et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM CCR, 38(2), Apr. 2008. Google ScholarDigital Library
- R. Pang. V. Paxson, R. Sommer, and L. Peterson, binpac: A yacc for Writing Application Protocol Parsers. In Proc. IMC, 2006. Google ScholarDigital Library
- V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proc. USENIX Security Symposium, 1998. Google ScholarDigital Library
- M. Roughan, Robust network planning, Chapter 5, Guide to Reliable Internet Services and Applications.Google Scholar
- T. Benson et al. Demystifying configuration challenges and trade-offs in network-based isp services. In Proc. SIGCOMM, 2011. Google ScholarDigital Library
- V. Sekar et al. cSamp: A System for Network-Wide Flow Monitoring. In Proc. of NSDI, 2008. Google ScholarDigital Library
- Z. Wang, Z. Qian, Q. Xu, Z. M. Mao, and M. Zhang. An Untold Story of Middleboxes in Cellular Networks. In Proc. SIGCOMM, 2011. Google ScholarDigital Library
Index Terms
- The middlebox manifesto: enabling innovation in middlebox deployment
Recommendations
SIMPLE-fying middlebox policy enforcement using SDN
SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMMNetworks today rely on middleboxes to provide critical performance, security, and policy compliance capabilities. Achieving these benefits and ensuring that the traffic is directed through the desired sequence of middleboxes requires significant manual ...
A flexible and efficient container-based NFV platform for middlebox networking
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied ComputingNetwork Function Virtualization (NFV) enables multiple network functions (NFs) to operate simultaneously on a commodity server. Internet Data Centers (IDCs) gain significant flexibility and agility through NFV's ability to dynamically deploy and ...
Performance Analysis for Pareto-Optimal Green Consolidation Based on Virtual Machines Live Migration
Huge energy requirement of cloud data centers is prime concern. Dynamic Virtual Machine VM consolidation based on VM live migration to switched-off or put some of the under-loaded host Physical Machines PMs into a low power consumption mode can ...
Comments