the middlebox manifesto: enabling innovation in middlebox deployment 1 vyas sekarsylvia...
TRANSCRIPT
1
The Middlebox Manifesto:Enabling Innovation in Middlebox Deployment
Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi
2
Growing literature on network innovation
Build programmable elements using commodity hardware
e.g., PacketShader, RouterBricks, ServerSwitch, SwitchBlade
Centralized management with open interfaces
e.g., 4D, NOX/OpenFlow, RCP
3
Type of appliance NumberFirewalls 166NIDS 127Media gateways 110Load balancers 67Proxies 66VPN gateways 45WAN Optimizers 44Voice gateways 11Total Middleboxes 636Total routers ~900
Most innovation today: Middleboxes!Data from a large enterprise: >80K users across tens of sites
Just network security ~ 6 billion $ (2010) 10 billion $ (2016)
4
Type of appliance Number
Firewalls 166
NIDS 127
Media gateways 110
Load balancers 67
Proxies 66
VPN gateways 45
WAN Optimizers 44
Voice gateways 11
Middleboxes are valuable, but have many painpoints
1. Device Sprawl, High CapEx
2. High OpExe.g., separate management teamsneed manual tuning
3. Inflexible, difficult to extend need for new boxes!
?
“consumerization”
• Most network innovation occurs via middleboxes– Not by changes to routers or switches
• Suffer similar, and maybe more, pain points– Significant capital and operating expenses– Narrow, closed management interfaces – Difficult to extend
• Surprisingly MIA in the innovation discussion
5
The Middlebox Manifesto
• Most network innovation occurs via middleboxes– Not via routers or switches
• Suffer almost same, if not more, pain points– Too many of them– Narrow, closed interfaces & difficult to extend– Significant capital and operating expenses
• Surprisingly MIA in the innovation discussion
6
The Middlebox Manifesto
How to build?
How to manage?
Our vision: Enabling innovation in middlebox deployments
7
Network-WideManagement
1. Software-centric implementations 2. Consolidated
physical platform
3. Logically centralized open management APIs
Easy to deploy, extendReduce sprawl
Direct control, expressive
Our vision: Enabling innovation in middlebox deployments
8
Network-WideManagement
1. Software-centric implementations 2. Consolidated
physical platform
3. Logically centralized open management APIs
Easy to deploy, extendReduce sprawl
Direct control, expressive
In a general context, ideas aren’t especially new!But, middleboxes raise new opportunities and challenges
New Efficiency Opportunities• “Software-centric”, “extensible” sounds nice ..
• But, usually very resource inefficient– Compared to “specialized” solutions
• New efficiency avenues, at least for middleboxes– Multiplexing– Reuse– Spatial distribution
9
Opportunity 1: Multiplexing Benefits
10
Multiplexing benefit = 1 - Peak_Sum / Sum_Peak = 28%
Opportunity 2: Reusing Modules
11
Session Management
Protocol Parsers
VPN Web Mail IDS Proxy
Firewall
How much traffic overlap? > 60 %Contribution of reusable modules? 18 – 54 %
New Challenges
12
Network-wide Management
Session
Protocol
Extensible functions Standalone functions
Heterogeneity Complex processingPolicy constraints
Challenges in Management
13
Network-wide Management
Session
Protocol
Extensible functions Standalone functions
Policydependencies?e.g. IDS < Proxy
What is aminimal interface?
Is it tractable?e.g., reuse
Challenges in Single-box Design
14
Session
Protocol
Extensible functions Standalone functions
Accelerators?
Primitives? Performance,Isolation?
• Most network innovation occurs via middleboxes– Little presence in the innovation discussion!
• Our vision:– Software-based, consolidated– Logically unified, open management APIs
• New opportunities – Multiplexing, reuse, and spatial distribution
• Practical challenges: Management + Platform15
Conclusions