making middleboxes someone
play

Making Middleboxes Someone Elses Problem: Network Processing as a - PowerPoint PPT Presentation

Aug 26, 2022 •375 likes •904 views

Making Middleboxes Someone Elses Problem: Network Processing as a Cloud Service Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy , Sylvia Ratnasamy*, and Vyas Sekar * Typical Enterprise Networks Internet

  1. Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy † , Sylvia Ratnasamy*, and Vyas Sekar ‡ * ‡ †

  2. Typical Enterprise Networks Internet

  3. Typical Enterprise Networks Internet

  4. A Survey • 57 enterprise network administrators • Small (< 1k hosts) to XL ( >100k hosts) • Asked about deployment size, expenses, complexity, and failures.

  5. How many middleboxes do you deploy? Typically on par with # routers and switches.

  6. What kinds of middleboxes do you deploy? Many kinds of devices, all with different functions and management expertise required.

  7. How many networking personnel are there? Average salary for a network engineer - $60-80k USD

  8. How do administrators spend their time? Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34%

  9. Recap • High Capital and Operating Expenses • Time Consuming and Error-Prone • Physical and Overload Failures

  10. How can we improve this?

  11. Our Proposal Internet

  12. Our Proposal Cloud Provider Internet

  13. A move to the cloud • High Capital and Operating Expenses • Economies of scale and pay-per use • Time Consuming and Error Prone • Simplifies configuration and deployment • Physical and Overload Failures • Redundant resources for failover

  14. Our Design

  15. Challenges • Minimal Complexity at the Enterprise • Functional Equivalence • Low Performance Overhead

  16. APLOMB “Appliance for Outsourcing Middleboxes”

  17. Outsourcing Middleboxes with APLOMB Cloud Provider NAT Internet APLOMB Gateway

  18. Inbound Traffic Web Server: www.enterprise.com 192.168.1.100 Cloud Provider Internet Register: www.enterprise.com 192.168.1.100 Enterprise Network Admin.

  19. Inbound Traffic Cloud Provider 98.76.54.32 Internet Register: enterprise.com DNS 98.76.54.32

  20. Choosing a Datacenter External Route through cloud datacenter that Client minimizes end to end latency. Cloud Provider East APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix. Cloud External Enterprise Provider Client West

  21. Caches and “Terminal Services” Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

  22. APLOMB “Appliance for Outsourcing Middleboxes” • Place middleboxes in the cloud. • Use APLOMB devices and DNS to redirect traffic to and from the cloud. • That’s it.

  23. Can we outsource all middleboxes? Firewalls ✔ IDSes ✔ Load Balancers ✔ VPNs ✔ ✗ Bandwidth? Proxy/Caches ✗ Compression? WAN Optimizers

  24. APLOMB+ for Compression Add generic compression to APLOMB gateway to reduce bandwidth consumption. Cloud Provider I Internet

  25. Can we outsource all middleboxes? Firewalls ✔ IDSes ✔ Load Balancers ✔ VPNs ✔ ✗ Bandwidth? Proxy/Caches ✔ ✗ Compression? WAN Optimizers ✔

  26. Does it work?

  27. Our Deployment • Cloud provider: EC2 – 7 Datacenters • OpenVPN for tunneling, Vyatta for middlebox services • Two Types of Clients: – Software VPN client on laptops – Tunneling software router for wired hosts

  28. Three Part Evaluation Implementation & Deployment • Performance metrics Wide-Area Measurements • Network latency Case Study of a Large Enterprise • Impact in a real usage scenario

  29. Does APLOMB inflate latency?

  30. For PlanetLab nodes, 60% of pairs’ latency improve s with redirection through EC2.

  31. Latency at a Large Enterprise Measured redirection latency between enterprise sites. • Median latency inflation: 1.13 ms • Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.

  32. How does APLOMB impact other quality metrics, like bandwidth and jitter?

  33. • Bandwidth: download times with BitTorrent increased on average 2.3% • Jitter: consistently within industry standard bounds of 30ms

  34. Does APLOMB negate the benefits of bandwidth-saving devices?

  35. APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

  36. Does “elastic scaling” at the cloud provide real benefits?

  37. Some sites generate as much as 13x traffic more than average at peak hours.

  38. Recap • Good application performance – Latency median inflation 1.1ms – Download times increased only 2.3% • Generic redundancy elimination saves bandwidth costs • Strong benefits from elasticity

  39. Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks.

  41. What does it mean to “manage” middleboxes? • Upgrades and Vendor Interaction • Monitoring and Diagnostics • Configuration – Appliance Configuration – Policy Configuration • Training

  42. Internal Firewalls Cloud Provider Internet

  43. How many middleboxes can APLOMB outsource?

  44. How much do middleboxes cost? Thousands to millions of dollars / 5 years

  45. Is maintaining multiple tunnels at the APLOMB gateway useful?

  46. With multiple tunnels, the fraction of pairs with 0 inflation or better moves from 40% to 60%

  47. How large must a provider’s datacenter footprint be to support middlebox services?

  48. Minimal Improvement to E2E Latency with Larger Footprint.

  49. How does APLOMB redirection impact web page load times?

  50. Median: slightly worse; 90%-ile: slightly better.

  51. Caches may require a larger footprint to provide nationwide service.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

572 views • 40 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

1.31k views • 44 slides
Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah &amp; Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah &amp; Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah &amp; Sumukh Shivakumar 1 Whats all the fuss with middleboxes? 2 Background 3 What are middleboxes? 4 Middleboxes in the Cloud Cloud APLOMB gateway Enterprise

668 views • 37 slides
Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar Sylvia Ratnasamy

613 views • 40 slides
Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra Sharma IBM T. J. Watson Research Center PaaS Makes Things Easy Abstract out infrastructure resource management e.g., BlueMix, Cloud Foundry,

632 views • 15 slides
Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation

Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation

Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation Data Plane Abstraction: OpenRadio Control Plane Architecture Radio Access Networks: SoftRAN Core Networks: SoftCell Software Defined

1.16k views • 78 slides
REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*,

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*,

31st NMRG Meeting REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel and Benoit Donnet. *Universit Catholique de Louvain Universit

1.1k views • 95 slides
On the Performance of Middleboxes Mark Allman ICSI Center for Internet Research mallman@icir.org

On the Performance of Middleboxes Mark Allman ICSI Center for Internet Research mallman@icir.org

On the Performance of Middleboxes Mark Allman ICSI Center for Internet Research mallman@icir.org (Work done while with BBN Technologies) Internet Measurement Conference October 2003 &quot;Holly came from Miami, FLA; Hitch-hiked her way across

535 views • 16 slides
Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill, Scott Ruoti, Kent Seamons, Daniel Zappala Internet Research Lab &amp; Internet Security Research Lab Brigham Young University Certificate validation

484 views • 14 slides
mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani,

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani,

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Lige Belgium A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW

624 views • 28 slides
Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda,

Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda,

Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda, Arvind Krishnamurthy, Christian Maciocco, Maziar Manesh, Joo Martins, Sylvia Ratnasamy, Luigi Rizzo, Scott Shenker Middlebox Recovery: fail over to

1.17k views • 57 slides
Reducing Natural Gas Use in Acton WHY: Making the Case HOW: Making it Happen WHY: Making the

Reducing Natural Gas Use in Acton WHY: Making the Case HOW: Making it Happen WHY: Making the

035 (3) 12/05/2016 Reducing Natural Gas Use in Acton WHY: Making the Case HOW: Making it Happen WHY: Making the Case __________________ 2015 Porter Ranch, CA gas leak (via infrared imaging) Methane (Natural) Gas Leakage by System

332 views • 30 slides
Making maps pretty Andrea Aime Jim Groffen Making Maps Pretty Making Maps Pretty 1 1 Making

Making maps pretty Andrea Aime Jim Groffen Making Maps Pretty Making Maps Pretty 1 1 Making

Making maps pretty Andrea Aime Jim Groffen Making Maps Pretty Making Maps Pretty 1 1 Making maps pretty Introduction Making Maps Pretty Making Maps Pretty 2 2 Introducing carthography Depiciting shape and location, conveing

588 views • 48 slides
DECISION MAKING readysetpresent.com Decision Making Program Objectives ( 1 of 2 ) To examine

DECISION MAKING readysetpresent.com Decision Making Program Objectives ( 1 of 2 ) To examine

DECISION MAKING readysetpresent.com Decision Making Program Objectives ( 1 of 2 ) To examine different decision making models. To maximize creativity and logic in decision making. To acquire decision making tips and techniques that

2.35k views • 175 slides
$ Lesson One Making Decisions 04/09 the decision-making process The decision-making process

$ Lesson One Making Decisions 04/09 the decision-making process The decision-making process

Presentation Slides $ Lesson One Making Decisions 04/09 the decision-making process The decision-making process Identify the problem Gather information and list possible alternatives Consider consequences of each

314 views • 7 slides
Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating the Imagine Stream Architecture Jung Ho Ahn et al. Presented by Dan Amelang Background Digital media processing has become pervasive

177 views • 14 slides
Processing Data from Files n So far: n Inputs : n from user n

Processing Data from Files n So far: n Inputs : n from user n

Processing Data from Files n So far: n Inputs : n from user n &quot;hard-wired&quot; into program n Outputs : n &quot;printing&quot; on the screen n In practice, usually: n Input from file n Output to file 1

511 views • 15 slides
AIMS CDT - Signal Processing Michaelmas Term 2020 Xiaowen Dong Department of Engineering Science

AIMS CDT - Signal Processing Michaelmas Term 2020 Xiaowen Dong Department of Engineering Science

AIMS CDT - Signal Processing Michaelmas Term 2020 Xiaowen Dong Department of Engineering Science Outline Lectures - Monday-Thursday 10:00-12:00 - slides: http://www.robots.ox.ac.uk/~xdong/teaching.html Lab sessions - Tuesday &amp;

866 views • 76 slides
Scalable Data Processing at Network transfer rates with nCorium Compute in Memory Modules Suresh

Scalable Data Processing at Network transfer rates with nCorium Compute in Memory Modules Suresh

Scalable Data Processing at Network transfer rates with nCorium Compute in Memory Modules Suresh Devalapalli, Brett Neuman, Arvindh Lalam 11/18/2019 1 OSS Layer Bottlenecks in HPC Facilities 10,000 000s s server ers 10s of Peta

125 views • 8 slides
Near-Memory Processing: Its the SW and HW, stupid! Boris Grot www.inf.ed.ac.uk DATE 2019 The

Near-Memory Processing: Its the SW and HW, stupid! Boris Grot www.inf.ed.ac.uk DATE 2019 The

Near-Memory Processing: Its the SW and HW, stupid! Boris Grot www.inf.ed.ac.uk DATE 2019 The End is Near Here! Where do we go from here? An exponential is ending 10%, 20%, .. improvement in performance of component X wont get you far

497 views • 36 slides
Out-of of-GPU-Memory ry Graph Processing Amir Hossein Nodehi Sabet, Zhijia Zhao, Rajiv Gupta

Out-of of-GPU-Memory ry Graph Processing Amir Hossein Nodehi Sabet, Zhijia Zhao, Rajiv Gupta

Su Subway : : Min inimizing Data Transfer during Out-of of-GPU-Memory ry Graph Processing Amir Hossein Nodehi Sabet, Zhijia Zhao, Rajiv Gupta Computer Science and Engineering UC Riverside 1 Background and Motivation GPUs enable massive

317 views • 9 slides
Language What is Processing Object Complete orientated with IDE Open source Java Based Can

Language What is Processing Object Complete orientated with IDE Open source Java Based Can

James Brooks and Chris Tacon Processing Language What is Processing Object Complete orientated with IDE Open source Java Based Can run on Develop Windows, Advanced Mac or Linux Visualisations History Developed in 2001 by Casey

666 views • 25 slides
for each dst in my.out_edges if dst.depth &gt; my.depth+1 then dst.depth = my.depth+1

for each dst in my.out_edges if dst.depth &gt; my.depth+1 then dst.depth = my.depth+1

for each dst in my.out_edges if dst.depth &gt; my.depth+1 then dst.depth = my.depth+1 0 1 2 3 I 1 I 2 0, 1 2, 3 S 1 S 2 SS 1.1 SS 1.1 SS 1.2 1 2 0,1 3 SS 2.1 SS 2.2 3 0 3 2 2,3 1

518 views • 24 slides

More recommend