policy-preserving middlebox placement in sdn-enabled data
TRANSCRIPT
![Page 1: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/1.jpg)
Policy-preserving Middlebox Placement in SDN-Enabled Data Centers
Bin Tang Computer Science Department
California State University Dominguez Hills Some slides are from www.cs.berkeley.edu/~randy/Courses/CS268.F08/lectures/22-policy_switching.ppt, and www.cs.yale.edu/homes/yu-minlan/talk/sigcomm13.pptx
![Page 2: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/2.jpg)
Overview
• What is middlebox?
• What is SDN (Software Defined Network) and NFV (Network Function Virtulization)?
• Policy-preserving middlebox placement problem in data centers – Problems and preliminary solutions
• Conclusions 2
![Page 3: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/3.jpg)
Middleboxes
• A middlebox, or network appliance, is a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding. – Intermediariesin-betweenthecommunica9nghosts– O;enwithoutknowledgeofoneorbothpar9es
• Examples– Networkaddresstranslators– Firewalls– Loadbalancers– Intrusiondetec9onsystems– TransparentWebproxycaches 3
![Page 4: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/4.jpg)
Problem: Middleboxes are hard to deploy
• Place on network path
pkt network path
• On path placement fails to achieve
Correctness Guaranteed middlebox traversal
Flexibility (Re)configurable network topology
Efficiency No middlebox resource wastage
Load BalancerFirewall
![Page 5: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/5.jpg)
Common data center topology Internet
Servers
Layer-2 switch Access
Data Center
Layer-2/3 switch Aggregation
Layer-3 router Core
Firewall
Load Balancer
![Page 6: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/6.jpg)
Inflexible topology
Internet
Intrusion Prevention Box
Firewall
Load Balancer
![Page 7: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/7.jpg)
Inefficient - middlebox resource wastage
Internet
Process unnecessary traffic
Unutilized
Backup path
![Page 8: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/8.jpg)
Policy-Preserving of MBs
S1 S2
8
Firewall Proxy IDS
Firewall IDS Proxy * Policy Chain:
Dst
![Page 9: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/9.jpg)
TheInternet:ARemarkableStory
• Tremendoussuccess– Fromresearchexperimenttoglobalinfrastructure
• Brillianceofunder-specifying– Network:best-effortpacketdelivery– Hosts:arbitraryapplica9ons
• Enablesinnova9oninapplica9ons– Web,P2P,VoIP,socialnetworks,virtualworlds
• But,changeiseasyonlyattheedge…L
![Page 10: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/10.jpg)
Insidethe‘Net:ADifferentStory…
• Closedequipment– So;warebundledwithhardware– Vendor-specificinterfaces
• Overspecified– Slowprotocolstandardiza9on
• Fewpeoplecaninnovate– Equipmentvendorswritethecode– Longdelaystointroducenewfeatures
Impacts performance, security, reliability, cost…
![Page 11: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/11.jpg)
NetworksareHardtoManage
• Opera9nganetworkisexpensive– Morethanhalfthecostofanetwork– Yet,operatorerrorcausesmostoutages
• Buggyso;wareintheequipment– Routerswith20+millionlinesofcode– Cascadingfailures,vulnerabili9es,etc.
• Thenetworkis“intheway”– Especiallyaproblemindatacenters– …andhomenetworks
![Page 12: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/12.jpg)
Tradi9onalComputerNetworks
Data plane:Packet streaming
Forward, filter, buffer, mark, rate-limit, and measure packets
![Page 13: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/13.jpg)
Tradi9onalComputerNetworks
Track topology changes, compute routes, install forwarding rules
Control plane:Distributed algorithms
![Page 14: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/14.jpg)
So;wareDefinedNetworking(SDN)
API to the data plane(e.g., OpenFlow)
Logically-centralized control
Switches
Smart
Dumb,fast
![Page 15: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/15.jpg)
Open Innovation
Network Functions
Virtualisation
Software Defined
Networks
Creates operational flexibility Reduces Reduces
CapEx, OpEx, space & power delivery time consumption
Creates control
abstractions to foster innovation.
Creates competitive supply of innovative applications by third parties
3 Complementary but Independent Networking Developments
![Page 16: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/16.jpg)
Network Functions Virtualisation: Vision
Geneva, Switzerland, 4 June 2013
16
ClassicalNetworkApplianceApproach
BRAS
FirewallDPI
CDN
Tester/QoEmonitor
WANAccelera9onMessage
Router
Radio/FixedAccessNetworkNodes
CarrierGradeNAT
SessionBorderController
PERouterSGSN/GGSN
• Fragmented, purpose-built hardware. • Physical install per appliance per site. • Hardware development large barrier to entry for
new vendors, constraining innovation & competition.
NetworkFunc9onsVirtualisa9onApproach
High volume Ethernet switches
High volume standard servers
High volume standard storage
Orchestrated, automatic & remote install.
Com
petitive &
Innovative O
pen Ecosystem
Independent Software Vendors
![Page 17: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/17.jpg)
Policy-Preserving MB Placement Problem in Data Centers
![Page 18: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/18.jpg)
CoreSwitches
Aggrega9onSwitches
EdgeSwitches
:PM
:VM
1 2 5 3 4 7 8 9 10 11 12 6 15 16 13 14
v2’v1’v2v1
![Page 19: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/19.jpg)
MBPlacementProblems
§ Manycommunica9onpairsinthenetwork§ SingleMBType
§ OneMBtype,sayfirewall,butmul9pleinstances
§ Mul9pleMBsType§ eachhasoneinstance§ OrderedServiceChaining§ UnorderedServerChaining
§ Goal:Minimizetotalcommunica9oncost§ Constraint:CapacityofMB(eachcanonlyprocesslimitednumberofpairs)
19
![Page 20: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/20.jpg)
SingleMBCase
§ GivenadatacentergraphG(V,E) § There are m instances of a MB, placed at different
node in V § Asetofpcommunica9ngnodepairsP,eachpair(s,t)inPneedstotraversetoaninstanceofaMB
§ Eachmiddleboxcanonlybetraversedbyatmostkpairs
§ Whenp=(s,t)traversesanMBinstancem,itscostc(p,m)=d(s,sw(m))+d(sw(m),t)
§ Goal:assignallthepairsinP,eachtraversesoneMBinstance,s.t.thetotalcostisminimized,subjecttothateachMBinstancetakesatmostkpairs.
subjecttocost(A) < B
20
![Page 21: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/21.jpg)
Solu9on–minimumcostflow
21
![Page 22: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/22.jpg)
p Communication Pairs
s' t'
(s1, t1) 1
m
m MB instances
Sink
(1, 0)
(1, 0)
(1, 0)
(k, 0)
(k, 0) 2
3
(k, 0)
(k, 0)
(1, c(1,sw(1)))
(1, c(p, m))
(1, c(1,sw(2)))
Source
(s2, t2)
(sp, tp)
(1, c(p, 1))
![Page 23: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/23.jpg)
OrderedMul9pleMBsCase
§ GivenadatacentergraphG(V,E) § There are m MBs M={mb1, mb2, …, mbm} to be
placed inside the data center § Asetofpcommunica9ngnodepairsP,eachpair(s,t)inPneedstotraversemb1, mb2, …, mbm inthatorder
§ Thecostforp=(s,t)isc(p)=d(s, mb1)+d(mb1, mb2)+…+d(mbm-1, mbm)+d(mbm, t)
§ Goal:wheretoplacethemMBs,s.t.thetotalcostofallppairsisminimized
23
![Page 24: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/24.jpg)
OrderedMul9pleMBsCase:Solu9on
§ NP-hard§ Random:randomlyplacethemMBsinsidethedatacenter
§ Greedy:takesplaceinmrounds§ Inroundi,itplacesmbiatanodethatminimizesthetotalcommunica9oncostsofar
§ LoadBalancing:eachswitchcanonlyaccommodatelimitednumberofcommunica9onpairs
24
![Page 25: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/25.jpg)
Un-OrderedMul9pleMBsCase
§ GivenadatacentergraphG(V,E) § There are m MBs M={mb1, mb2, …, mbm} to to be
placed inside the data center § Asetofpcommunica9ngnodepairsP,eachpair(s,t)inPneedstotraversemb1, mb2, …, mbm , butnotnecessarilyinthatorder
§ Thecostforp=(s,t)isc(p)=d(s, mbi,1)+d(mbi,1, mbi,2)+…+d(mbi,m-1, mbi, m)+d(mbi, m, t)
§ Goal:wheretoplacethemMBs,s.t.thetotalcostofallppairsisminimized
25
![Page 26: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/26.jpg)
Un-OrderedMul9pleMBsCase:Solu9on
§ EvenmorecomplicatedthatOrderedMul9pleMBcase
26
![Page 27: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/27.jpg)
MBMigra9onProblems
§ Manycommunica9onpairsinthenetwork§ MoveMBsfromtheirini9alloca9ontootherloca9ons
§ Goal:Minimizetotalcommunica9oncost§ Constraint:CapacityofMB(eachcanonlyprocesslimitednumberofpairs)
27
![Page 28: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/28.jpg)
MBReplica9onProblems
§ Manycommunica9onpairsinthenetwork§ Mul9pleMBtypes,eachhasoneinstance§ Goal:HowtoreplicatetheMBs,inordertominimizetotalcommunica9oncost
§ Constraint:Capacityofswitch(eachcanonlystorelimitednumberofMBinstances)
28
![Page 29: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/29.jpg)
Conclusions
• Deploying middleboxes is hard, but SDN and NFV makes it easier
• Middleboxes management in SDN-enabled data center is a new and exciting research fields
• Many new algorithmic problems that have not been solved
• Need your participation!
![Page 30: Policy-preserving Middlebox Placement in SDN-Enabled Data](https://reader033.vdocuments.site/reader033/viewer/2022042101/625669e232baaf22b247e8cd/html5/thumbnails/30.jpg)
Questions?