don t call them middleboxes call them middlepipes
play

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan - PowerPoint PPT Presentation

Nov 29, 2022 •463 likes •632 views

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra Sharma IBM T. J. Watson Research Center PaaS Makes Things Easy Abstract out infrastructure resource management e.g., BlueMix, Cloud Foundry,

  1. Don’t Call Them Middleboxes, � Call Them Middlepipes Hani Jamjoom – Dan Williams – Upendra Sharma IBM T. J. Watson Research Center

  2. PaaS Makes Things Easy • Abstract out infrastructure resource management – e.g., BlueMix, Cloud Foundry, Heroku, Azure, AppEngine • Simplify consumption of runtimes and services – e.g., “ I want a Ruby runtime or a MongoDB service ” – Automate provisioning, load balancing, auto-scaling, etc. App Service Runtime (e.g., MongoDB) (e.g., Ruby) 2

  3. What About NFV & Middleboxes? • PaaS hides most network configurations – Virtual networking, SDN, routing, firewalling • Opportunity 1: Simplify consumability of traditional middlebox functionality – Intrusion detection, WAN optimizers, etc. • Opportunity 2: Support DevOps lifecycle – Monitoring, circuit breaker, failure injection, A/B testing, etc. 3

  4. Example 1: Adding Intrusion Detection • Scans packet headers and payloads App pp • Alerts or drops packets if intrusion is detected IDS alert!!! something • Typically, IDS/IPS are placed at fishy here the entry point of an application • However, services can be Ser Service vice o ff ered by third-party vendors; intrusion can happen from anywhere 4

  5. Example 2: Mimicking Circuit Breaker • Stateful monitoring of requests • Detect failure in downstream services App pp Circuit • Isolate failure quickly Breaker if response • Return default value, raise time > X exception at app, etc. • Usually implemented in app logic Return Return Ser Service vice Default Default • Conceptually, a lot of the functionality can be separated from application logic. 5

  6. Don’t Shoehorn Middleboxes Into PaaS Services Service (e.g., MongoDB) App Middlebox 1 Middlebox 2 (e.g., IDS) Issues with middleboxes-as-services • They do not run close to apps • They are di ffi cult to chain • They only operate on requests (not packets) • They do not support callbacks into application 6

  7. Middlepipes Middlebox-like functionality in a software-defined pipe abstraction E ffi cient interposition close to invocation Arbitrary chaining is supported outside of app logic Access to requests and packets Can generate callbacks to application Middlepipe Ser Service vice App pp (e.g., MongoDB (e.g., MongoDB) 7

  8. Under The Covers I. Filters: Lightweight “code” that Container runs in the app container II. Aggregators: Control filters and Svc asynchronously receive data III. Controller : Inserts/removes filters; App binds filters to aggregators. Filters Exchange Exchange Aggregators control & control & data data Intrusion Request detection path Circuit Inserts/removes � Breaker filters Provisions aggregators Performance Middlepipe Controller Debugging 8

  9. R1. Move Closer to Invocation Path Container Why place filters inside App container? Svc • Naturally distribute computation across the underlying infrastructure • Reduce overhead on the network substrate • Minimize copying of requests and packets App Filters ilters Exchange Aggregators control & data Intrusion Request detection path Circuit Inserts/removes � Breaker filters Provisions aggregators Performance Middlepipe Controller Middlepipe Controller Debugging 9

  10. R2+3. Chaining Di ff erent Filter Types Filter chain SHARED Standard filter SEGMENT App Header Request Markers Custom filter Level Exchange Aggregators control & Body data Intrusion Request Custom filter detection path Network packets Shared page Packet level between all Circuit Breaker filter filters Provisions aggregators Middlepipe Controller 10 10

  11. R4. Supporting Callbacks • Thin application library facilitates access to middlepipes – Shared memory bu ff ers, etc. • What if the application needs to be notified? – Middlepipes insert “markers” in response – Application can look for markers and react (e.g., library can raise exception ) – Other middlepipes can look for markers and react 11 11

  12. Embed Inside Cloud Foundry Service Node Inbound requests go through an Load Balancer elastic L7 Apps bind to router services via VCAP_SERVICES MongoDB Apps Router Lifecycle management DEA (VM) App Cloud Warden App controller container Language Middlepipe runtime filters 12 12

  13. How to Add Middlepipes $ cf create-middlepipe breaker create instance of middlepipe $ cf bind-middlepipe breaker myapp mongodb bind the “breaker” middlepipe to any communication between my app and mongodb $ cf bind-middlepipe bro myapp mongodb bind the “bro” middlepipe to any communication between my app and mongodb (in addition to the breaker) 13 13

  14. Related Work • APLOMB (SIGCOMM’12) • CloudNaaS (SoCC’11) • CoMb (NSDI’12) • End to the Middle (HotOS’09) • Split/Merge (NSDI’13) … • Emerging of OSS frameworks that focus on “DevOps” lifecycle – e.g., Netflix OSS, Airbnb, Etsy, etc. – Canary testing, Circuit Breaker, Stress testing 14 14

  15. Summary Middlebox as a Service Service App Middlebox 1 Middlebox 2 VS. ¡ Middlepipe App pp Ser Service vice 15 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Call to Action What is Call to Action? A Call to Action is an opportunity for everyone to

A Call to Action What is Call to Action? A Call to Action is an opportunity for everyone to

The NHS belongs to everyone: A Call to Action What is Call to Action? A Call to Action is an opportunity for everyone to contribute to the debate about the future of health and care provision in England The aim is to gather views, data

534 views • 17 slides
The NHS belongs to everyone: A Call to Action What is Call to Action? A Call to Action is an

The NHS belongs to everyone: A Call to Action What is Call to Action? A Call to Action is an

The NHS belongs to everyone: A Call to Action What is Call to Action? A Call to Action is an opportunity for everyone to contribute to the debate about the future of health and care provision in England The aim is to gather views, data

532 views • 17 slides
Transforming call recording to the cloud Record, everything. The future of call recording Call

Transforming call recording to the cloud Record, everything. The future of call recording Call

Transforming call recording to the cloud Record, everything. The future of call recording Call Recording Is a Multi billion dollar industry, which is growing as compliance, regulation and work flow processes Increase demand. Dubbers

323 views • 16 slides
PWSCF and new charge density PWSCF call read_input_file (input.f90) call run_pwscf call setup

PWSCF and new charge density PWSCF call read_input_file (input.f90) call run_pwscf call setup

PWSCF and new charge density PWSCF call read_input_file (input.f90) call run_pwscf call setup --> SETUP call init_run --> INIT_RUN do call electrons --> ELECTRONS call forces call stress call move_ions call

195 views • 16 slides
PWSCF and diagonalization ELECTRONS call electron_scf do iter = 1, niter call c_bands

PWSCF and diagonalization ELECTRONS call electron_scf do iter = 1, niter call c_bands

PWSCF and diagonalization ELECTRONS call electron_scf do iter = 1, niter call c_bands --> C_BANDS call sum_band --> SUM_BAND call mix_rho call v_of_rho end do iter PWSCF call read_input_file (input.f90) call run_pwscf

458 views • 27 slides
CAM Call-in May 23rd, 2018 If you are not connected through Skype audio, call: 1-503-934-1400 Use

CAM Call-in May 23rd, 2018 If you are not connected through Skype audio, call: 1-503-934-1400 Use

Monthly Statewide CAM Call-in May 23rd, 2018 If you are not connected through Skype audio, call: 1-503-934-1400 Use Conference ID: 571761 1 CAM.oregon.gov cam.communications@state.or.us Call Agenda Project Updates: Kairi Orejuela

469 views • 16 slides
WELCOME TO OUT & EQUALS 2019 SUMMIT PRESENTER CALL This is a Broadcast Audio call from

WELCOME TO OUT & EQUALS 2019 SUMMIT PRESENTER CALL This is a Broadcast Audio call from

WELCOME TO OUT & EQUALS 2019 SUMMIT PRESENTER CALL This is a Broadcast Audio call from 12:001:00pm Pacific Use speakers or headsets on your computer & turn the volume up! Chat in questions & respond to polls during the call.

473 views • 31 slides
Allowable and Unallowable Costs Audio is only available by conference call Please call:

Allowable and Unallowable Costs Audio is only available by conference call Please call:

Allowable and Unallowable Costs Audio is only available by conference call Please call: 877-692-8953 Participant Access Code: 1514610 to join the conference call portion of the webinar OFFICE OF HOUSING COUNSE July 28, 2020 LING Webinar

879 views • 42 slides
One Bay Area Grant Cycle 2 (OBAG 2) Overview Region Regions federal funding framew s

One Bay Area Grant Cycle 2 (OBAG 2) Overview Region Regions federal funding framew s

3/16/2017 Call Call for Proje for Projects Worksh Workshop op Welcom Welcome and introduct e and introduction ons 1. 1. OBAG 2 OBAG 2 over overview 2. 2. Call Call for project for projects 3. 3. Application p lication process

302 views • 11 slides
United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an

United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an

United Way of North Carolina 875 Walnut Street, Suite 150B Cary, NC 27511 Call 911 in an Emergency Call 811 before you dig Call 711 to access telecommunications relay services Call 611 to report a phone service issue Call

512 views • 13 slides
FHA Upda FHA Update te Audio is only available by conference call Please call (800) 260-0718

FHA Upda FHA Update te Audio is only available by conference call Please call (800) 260-0718

FHA Upda FHA Update te Audio is only available by conference call Please call (800) 260-0718 Participant Access Code: 429367 to join the conference call portion of the webinar 9/25/2017 1 OFFICE OF HOUSING COUNSELING Webinar Logistics

775 views • 35 slides
Welcome! If not using speakers and you havent already, please call into the call center number

Welcome! If not using speakers and you havent already, please call into the call center number

4/7/2020 Housekeeping Webinar Experience Welcome! If not using speakers and you havent already, please call into the call center number 02 8518 1923 and enter access code 801 914 146 Judy Grobste tein, , AuD-FAAA, MACAud Please be sure

861 views • 6 slides
Welcome! If not using speakers and you havent already, please call into the call center number

Welcome! If not using speakers and you havent already, please call into the call center number

4/6/2020 Housekeeping Webinar Experience Welcome! If not using speakers and you havent already, please call into the call center number 02 8518 1923 and enter access code 801 781 293 Judy dy Grob obste tein, AuD uD-FAAA, A, MAC ACAud

558 views • 16 slides
Welcome! If not using speakers and you havent already, please call into the call center number

Welcome! If not using speakers and you havent already, please call into the call center number

2/18/2020 Housekeeping Webinar Experience Welcome! If not using speakers and you havent already, please call into the call center number 02 8518 1923 and enter access code 809 815 825 Judy dy Grob obste tein, AuD uD-FAAA, A, MAC ACAud

642 views • 14 slides
Call-by-name, call-by-value, and the -calculus G.D. Plotkin Presented by Dietrich Geisler

Call-by-name, call-by-value, and the -calculus G.D. Plotkin Presented by Dietrich Geisler

Call-by-name, call-by-value, and the -calculus G.D. Plotkin Presented by Dietrich Geisler Call-by-name vs call-by-value Define square = xy.x*x Evaluate square(2+2, 2+3) Call-by-name (CBN) Call-by-value (CBV) square(2+2, 2+3)

441 views • 12 slides
Welcome! If not using speakers and you havent already, please call into the call center number

Welcome! If not using speakers and you havent already, please call into the call center number

2/4/2020 Housekeeping Webinar Experience Welcome! If not using speakers and you havent already, please call into the call center number 02 8518 1923 and enter access code 802 708 089 Jud udy Gro robstein, AuD uD-FAAA AA, MAC ACAud

646 views • 18 slides
The RAMDISK Storage Accelerator A Method of Accelerating I/O Performance on HPC Systems Using

The RAMDISK Storage Accelerator A Method of Accelerating I/O Performance on HPC Systems Using

The RAMDISK Storage Accelerator A Method of Accelerating I/O Performance on HPC Systems Using RAMDISKs Tim Wickberg, Christopher D. Carothers wickbt@rpi.edu, chrisc@cs.rpi.edu Rensselaer Polytechnic Institute Background CPUs performance

416 views • 18 slides
Operating Systems Operating Systems CMPSC 473 CMPSC 473 Memory Management Memory Management

Operating Systems Operating Systems CMPSC 473 CMPSC 473 Memory Management Memory Management

Operating Systems Operating Systems CMPSC 473 CMPSC 473 Memory Management Memory Management March 4, 2008 - Lecture 14 14 March 4, 2008 - Lecture Instructor: Trent Jaeger Instructor: Trent Jaeger Last class: Deadlocks

562 views • 33 slides
Android Data Binding: This is the DSL you're looking for Maksim Lin Freelance Android Developer

Android Data Binding: This is the DSL you're looking for Maksim Lin Freelance Android Developer

Android Data Binding: This is the DSL you're looking for Maksim Lin Freelance Android Developer www.manichord.com The plan Why Data Binding ? Brief intro to Data Binding Library Adding Data Binding to an existing app Two-way

719 views • 55 slides
The RDF* and SPARQL* Approach to Annotate Statements in RDF and to Reconcile RDF and Property

The RDF* and SPARQL* Approach to Annotate Statements in RDF and to Reconcile RDF and Property

The RDF* and SPARQL* Approach to Annotate Statements in RDF and to Reconcile RDF and Property Graphs Olaf Hartjg @olafiartjg Not supported natjvely in the RDF data model mentioned Kubrick Welles influencedBy name = "Stanley

522 views • 25 slides
OpenGL 3.x Part 2: Textures and Objects Ingo Radax, Gnther Voglsam Institute of Computer

OpenGL 3.x Part 2: Textures and Objects Ingo Radax, Gnther Voglsam Institute of Computer

OpenGL 3.x Part 2: Textures and Objects Ingo Radax, Gnther Voglsam Institute of Computer Graphics and Algorithms Vienna University of Technology Topics for today OpenGL 3.x Part 1 - Revisited Textures Framebuffer Objects Vertexbuffer

1.39k views • 69 slides
L6: Multiparameter models example: Bioassay experiment Tuesday 14th August 2012, afternoon Lyle

L6: Multiparameter models example: Bioassay experiment Tuesday 14th August 2012, afternoon Lyle

L6: Multiparameter models example: Bioassay experiment Tuesday 14th August 2012, afternoon Lyle Gurrin Bayesian Data Analysis 13 17 August 2012, Copenhagen Multiparameter models Few multiparameter sampling models allow explicit

400 views • 6 slides
Validation of whole effluent bioassays for assessment of hydrocarbon ecotoxicity Review of

Validation of whole effluent bioassays for assessment of hydrocarbon ecotoxicity Review of

ENVIRONMENTAL SCIENCE FOR THE EUROPEAN REFINING INDUSTRY Validation of whole effluent bioassays for assessment of hydrocarbon ecotoxicity Review of findings from Concawe/ Total artificial streams research project (2007 to 2014) Kevin

611 views • 32 slides
Droplet-Routing-Aware Module Placement for Cross-Referencing Biochips Zigang Xiao, Evangeline F.

Droplet-Routing-Aware Module Placement for Cross-Referencing Biochips Zigang Xiao, Evangeline F.

Droplet-Routing-Aware Module Placement for Cross-Referencing Biochips Zigang Xiao, Evangeline F. Y. Young Department of Computer Science and Engineering The Chinese University of Hong Kong ISPD 10, San Francisco California, USA Mar. 17th,

292 views • 26 slides

More recommend