on the performance of middleboxes
play

On the Performance of Middleboxes Mark Allman ICSI Center for - PowerPoint PPT Presentation

Dec 28, 2022 •368 likes •535 views

On the Performance of Middleboxes Mark Allman ICSI Center for Internet Research mallman@icir.org (Work done while with BBN Technologies) Internet Measurement Conference October 2003 "Holly came from Miami, FLA; Hitch-hiked her way across

  1. On the Performance of Middleboxes Mark Allman ICSI Center for Internet Research mallman@icir.org (Work done while with BBN Technologies) Internet Measurement Conference October 2003 "Holly came from Miami, FLA; Hitch-hiked her way across the USA"

  2. Middleboxes "Middleboxes" have cropped up all over the Internet for a variety of reasons: security (firewalls, normalizers, etc.) performance (PEPs, TCP snoopers, etc.) address translation (NATs) Many have espoused the virtues and evilness of these entities. But, little quantitative information about their impact in real networks. We conducted a preliminary evaluation of one middlebox setup. Allman IMC-2003 2

  3. Experimental Setup Application measurements Packet tracing and matching is future work Measurement period: 10/14/2002 - 1/27/2003 Conducted in a production setting A network serving thousands of users Allman IMC-2003 3

  4. Experimental Setup (cont.) Measured: Transaction delay Feedback time (aka "RTT") Bulk transfer FTP performance See the paper Also, failures. Allman IMC-2003 4

  5. Experimental Setup (cont.) Dest FW1 Internet LAN LB1 LB2 Router FW2 MeasBox1 MeasBox2 Firewalls + Load Balancers = MBI Allman IMC-2003 5

  6. Transaction Delay How long does it take to start from nothing and run a transaction between a client and the server? Procedure: A finger transaction between the client and server Time the entire transaction at the application layer Conduct a transaction from each client roughly every 2 minutes. Over 75,000 transactions from each client. Allman IMC-2003 6

  7. Transaction Delay (cont.) 1 0.9 0.8 0.7 0.6 CDF 0.5 0.4 0.3 0.2 Outside 0.1 Inside 0 0 0.2 0.4 0.6 0.8 1 Response Time (sec) 42 failures inside the MBI; 12 failures outside the MBI Allman IMC-2003 7

  8. Feedback Time Once established, how long does it take to send a message across a TCP connection? Procedure: Open a TCP connection between the client and server Send "pings" from the client; echoed by the server Every (roughly) N seconds We only consider N = 30 seconds -- others are similar Until one of the pings does not come back in 20 seconds Then, start a new TCP connection and start over Over 303,000 pings from each client. Allman IMC-2003 8

  9. Feedback Time (cont.) R = 30 1 0.9 0.8 0.7 0.6 CDF 0.5 0.4 0.3 0.2 Outside 0.1 Inside 0 1e-05 0.0001 0.001 0.01 0.1 1 10 100 RTT (sec) Failed to setup connection: 51 from inside; 46 from outside Allman IMC-2003 9

  10. Feedback Time (cont.) Connection lengths are roughly twice as long from the outside as from the inside client On mean and median Allman IMC-2003 10

  11. Bulk Transfer Open a TCP connection Send 1 MB Last 4 bytes are a random number The server echos the random number back to the client Measurement stops when the "ACK" arrives Conduct a transfer from each client roughly every 10 minutes. 15,000 transfers from each client Allman IMC-2003 11

  12. Bulk Transfer (cont.) 1 0.9 0.8 0.7 0.6 CDF 0.5 0.4 0.3 0.2 Outside 0.1 Inside 0 0 200000 400000 600000 800000 1e+06 1.2e+06 1.4e+06 Throughput (bytes/sec) Allman IMC-2003 12

  13. Bulk Transfer (cont.) Why the bi-model distribution? Routing or provisioning changes 1.4e+06 1.2e+06 Throughput (bytes/sec) 1e+06 800000 600000 400000 200000 0 0 2000 4000 6000 8000 10000 12000 14000 16000 Transfer Number Allman IMC-2003 13

  14. Bulk Transfer (cont.) Why the difference in performance? Possibility #1: Concatenated TCP connections shorter control loop isolate drops Possibility#2: Maybe a difference in TCP’s congestion control algorithms inside and outside the MBI. Allman IMC-2003 14

  15. Conclusions Performance comparison is a muddle of contradictions Bulk transfer performance is enhanced by the middleboxes Transaction times increase roughly 5 times when going through the middleboxes Failures increase when going through the middleboxes But, failures are very low in all the cases (over 99.9% across all measurements). Allman IMC-2003 15

  16. Future Work Tons Lots of questions can be better answered if we had packet traces from various points throughout the middlebox infrastructure. Requires lots of analysis and correlation that may be non-trivial We can pin down why the performance is different E.g., are the MBI elements getting out of sync? E.g., are the firewalls dropping state? Etc. Gather data from more locations and different kinds of middleboxes Allman IMC-2003 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

572 views • 40 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

1.31k views • 44 slides
Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1 Whats all the fuss with middleboxes? 2 Background 3 What are middleboxes? 4 Middleboxes in the Cloud Cloud APLOMB gateway Enterprise

668 views • 37 slides
Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar

Abstrac(ons for Middleboxes Vyas Sekar Sylvia Ratnasamy

613 views • 40 slides
Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra

Dont Call Them Middleboxes, Call Them Middlepipes Hani Jamjoom Dan Williams Upendra Sharma IBM T. J. Watson Research Center PaaS Makes Things Easy Abstract out infrastructure resource management e.g., BlueMix, Cloud Foundry,

632 views • 15 slides
Making Middleboxes Someone Elses Problem: Network Processing as a Cloud Service Justine

Making Middleboxes Someone Elses Problem: Network Processing as a Cloud Service Justine

Making Middleboxes Someone Elses Problem: Network Processing as a Cloud Service Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy , Sylvia Ratnasamy*, and Vyas Sekar * Typical Enterprise Networks Internet

904 views • 52 slides
Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation

Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation

Outline Review Midterm SDN and Middleboxes SDN Wireless Networks Motivation Data Plane Abstraction: OpenRadio Control Plane Architecture Radio Access Networks: SoftRAN Core Networks: SoftCell Software Defined

1.16k views • 78 slides
REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*,

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*,

31st NMRG Meeting REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel and Benoit Donnet. *Universit Catholique de Louvain Universit

1.1k views • 95 slides
Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill, Scott Ruoti, Kent Seamons, Daniel Zappala Internet Research Lab & Internet Security Research Lab Brigham Young University Certificate validation

484 views • 14 slides
mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani,

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani,

mmb : Flexible High-Speed Userspace Middleboxes Korian Edeline , Justin Iurman, Cyril Soldani, Benoit Donnet Montefiore Institute, University of Lige Belgium A middleboxed Internet https://github.com/mami-project/roadshows 7/22/19 2 ANRW

624 views • 28 slides
Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda,

Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda,

Rollback-Recovery for Middleboxes Justine Sherry , Peter Xiang Gao, Soumya Basu, Aurojit Panda, Arvind Krishnamurthy, Christian Maciocco, Maziar Manesh, Joo Martins, Sylvia Ratnasamy, Luigi Rizzo, Scott Shenker Middlebox Recovery: fail over to

1.17k views • 57 slides
Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High Performance Computing Jack Dongarra I nnovative Computing Lab University of Tennessee and Computer Science and Math Division Oak Ridge Nat ional

380 views • 13 slides
The CPU Performance Equation 40 The Performance Equation (PE) We would like to model how

The CPU Performance Equation 40 The Performance Equation (PE) We would like to model how

The CPU Performance Equation 40 The Performance Equation (PE) We would like to model how architecture impacts performance (latency) This means we need to quantify performance in terms of architectural parameters. Instruction Count

383 views • 37 slides
THE PERFORMANCE GAP Introduction There is a gap in performance! There is a mismatch between the

THE PERFORMANCE GAP Introduction There is a gap in performance! There is a mismatch between the

USING BIM TO CLOSE THE PERFORMANCE GAP Introduction There is a gap in performance! There is a mismatch between the expectations around the performance of new buildings and the reality of utility bills. This difference between expected and

650 views • 28 slides
What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation

3/16/2015 Employee Performance Evaluations and Their Importance Presented by Summer Randall March 18, 2015 What is a performance evaluation? Performance Management v. Performance Evaluation Evaluation Management One time event Ongoing

175 views • 6 slides
2/21/2020 Tap Into Your Moral Compass: Navigating Ethical Dilemmas Encountered with Assistive

2/21/2020 Tap Into Your Moral Compass: Navigating Ethical Dilemmas Encountered with Assistive

2/21/2020 Tap Into Your Moral Compass: Navigating Ethical Dilemmas Encountered with Assistive Technology Erin Simunds MS, PT Conflict of Interest No relevant financial relationship or conflicts of interest to disclose Instructor at

469 views • 8 slides
Functions, new Functions, revisited Optional parameters Defining, parameters Returning

Functions, new Functions, revisited Optional parameters Defining, parameters Returning

As you arrive: 1. Start up your computer and plug it in Plus in-class time 2. Log into Angel and go to CSSE 120 working on these concepts AND 3. Do the Attendance Widget the PIN is on the board practicing previous 4. Go to the course

468 views • 18 slides
How the Net Works A Brief History of Internet Interconnection April 23, 2014 Bret Swanson

How the Net Works A Brief History of Internet Interconnection April 23, 2014 Bret Swanson

How the Net Works A Brief History of Internet Interconnection April 23, 2014 Bret Swanson bret@entropyeconomics.com +1 317.663.0509 1 entropyeconomics.com Virtuous Circle Internet is always changing. Dynamism is one of its chief

321 views • 17 slides
EMPOWERED Achieving Extraordinary Results with Ordinary People Marty Cagan, Silicon Valley

EMPOWERED Achieving Extraordinary Results with Ordinary People Marty Cagan, Silicon Valley

EMPOWERED Achieving Extraordinary Results with Ordinary People Marty Cagan, Silicon Valley Product Group Product Discovery A rapid series of experiments , primarily using prototypes, that enable us to discover effective solutions to the problems

525 views • 27 slides
Formal Epistemology: What are the rules of the game and why bother playing it? Seamus Bradley

Formal Epistemology: What are the rules of the game and why bother playing it? Seamus Bradley

Formal Epistemology: What are the rules of the game and why bother playing it? Seamus Bradley TiLPS/Leeds September 11, 2018 Plan My goal is to say something about the methodology of formal epistemology. Plan My goal is to say something

948 views • 65 slides
Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University

Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University

Compiling Collapsing Rules in Certain Constructor Systems Sergio Antoy Portland State University Joint work with Andy Jost LOPSTR 2015 Siena, Italy Thanks NSF CCF-1317249 Outline The virtues of FLP Graph Rewriting The Problem

201 views • 19 slides
1 1 The Greater Good Science Center Resources for a compassionate and resilient society Online

1 1 The Greater Good Science Center Resources for a compassionate and resilient society Online

1 1 The Greater Good Science Center Resources for a compassionate and resilient society Online Magazine : Find award-winning articles, parenting blog, videos, podcasts, and more at www.GreaterGoodScience.org Events: The Science of A

1.56k views • 99 slides
The most unimaginable statement So in Christ Jesus you are all children of God through faith.

The most unimaginable statement So in Christ Jesus you are all children of God through faith.

The most unimaginable statement So in Christ Jesus you are all children of God through faith. Galatians 3.26 Pauls most radical statement that, we are not only saved by grace, despite our sinful nature, but that God has adopted us as

431 views • 18 slides

More recommend