Results 1 - 10
of
53
Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service
"... Modern enterprises almost ubiquitously deploy middlebox processing services to improve security and performance in their networks. Despite this, we find that today’s middlebox infrastructure is expensive, complex to manage, and creates new failure modes for the networks that use them. Given the prom ..."
Abstract
-
Cited by 89 (8 self)
- Add to MetaCart
(Show Context)
Modern enterprises almost ubiquitously deploy middlebox processing services to improve security and performance in their networks. Despite this, we find that today’s middlebox infrastructure is expensive, complex to manage, and creates new failure modes for the networks that use them. Given the promise of cloud computing to decrease costs, ease management, and provide elasticity and faulttolerance, we argue that middlebox processing can benefit from outsourcing the cloud. Arriving at a feasible implementation, however, is challenging due to the need to achieve functional equivalence with traditional middlebox deployments without sacrificing performance or increasing network complexity. In this paper, we motivate, design, and implement APLOMB, a practical service for outsourcing enterprise middlebox processing to the cloud. Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment. We show that APLOMB solves real problems faced by network administrators, can outsource over 90% of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise, imposes an average latency penalty of 1.1ms and median bandwidth inflation of 3.8%.
SmartRE: An Architecture for Coordinated Network-wide Redundancy Elimination
, 2009
"... Application-independent Redundancy Elimination (RE), or identifying and removing repeated content from network transfers, has been used with great success for improving network performance on enterprise access links. Recently, there is growing interest for supporting RE as a network-wide service. Su ..."
Abstract
-
Cited by 60 (9 self)
- Add to MetaCart
(Show Context)
Application-independent Redundancy Elimination (RE), or identifying and removing repeated content from network transfers, has been used with great success for improving network performance on enterprise access links. Recently, there is growing interest for supporting RE as a network-wide service. Such a network-wide RE service benefits ISPs by reducing link loads and increasing the effective network capacity to better accommodate the increasing number of bandwidth-intensive applications. Further, a networkwide RE service democratizes the benefits of RE to all end-to-end traffic and improves application performance by increasing throughput and reducing latencies. While the vision of a network-wide RE service is appealing, realizing it in practice is challenging. In particular, extending singlevantage-point RE solutions designed for enterprise access links to the network-wide case is inefficient and/or requires modifying routing policies. We present SmartRE, a practical and efficient architecture for network-wide RE. We show that SmartRE can enable more effective utilization of the available resources at network devices, and thus can magnify the overall benefits of network-wide RE. We prototype our algorithms using Click and test our framework extensively using several real and synthetic traces.
CSAMP: A System for Network-Wide Flow Monitoring
"... Critical network management applications increasingly demand fine-grained flow level measurements. However, current flow monitoring solutions are inadequate for many of these applications. In this paper, we present the design, implementation, and evaluation of CSAMP, a system-wide approach for flow ..."
Abstract
-
Cited by 46 (11 self)
- Add to MetaCart
(Show Context)
Critical network management applications increasingly demand fine-grained flow level measurements. However, current flow monitoring solutions are inadequate for many of these applications. In this paper, we present the design, implementation, and evaluation of CSAMP, a system-wide approach for flow monitoring. The design of CSAMP derives from three key ideas: flow sampling as a router primitive instead of uniform packet sampling; hash-based packet selection to achieve coordination without explicit communication; and a framework for distributing responsibilities across routers to achieve network-wide monitoring goals while respecting router resource constraints. We show that CSAMP achieves much greater monitoring coverage, better use of router resources, and enhanced ability to satisfy network-wide flow monitoring goals compared to existing solutions. 1
Unraveling the Complexity of Network Management
"... Operator interviews and anecdotal evidence suggest that an operator’s ability to manage a network decreases as the network becomes more complex. However, there is currently no way to systematically quantify how complex a network’s design is nor how complexity may impact network management activities ..."
Abstract
-
Cited by 43 (4 self)
- Add to MetaCart
(Show Context)
Operator interviews and anecdotal evidence suggest that an operator’s ability to manage a network decreases as the network becomes more complex. However, there is currently no way to systematically quantify how complex a network’s design is nor how complexity may impact network management activities. In this paper, we develop a suite of complexity models that describe the routing design and configuration of a network in a succinct fashion, abstracting away details of the underlying configuration languages. Our models, and the complexity metrics arising from them, capture the difficulty of configuring control and data plane behaviors on routers. They also measure the inherent complexity of the reachability constraints that a network implements via its routing design. Our models simplify network design and management by facilitating comparison between alternative designs for a network. We tested our models on seven networks, including four university networks and three enterprise networks. We validated the results through interviews with the operators of five of the networks, and we show that the metrics are predictive of the issues operators face when reconfiguring their networks. 1
Procera: A Language for High-Level Reactive Network Control
"... Our previous experience building systems for implementing network policies in home and enterprise networks has revealed that the intuitive notion of network policy in these domains is inherently dynamic and stateful. Current configuration languages, both in traditional network architectures and in O ..."
Abstract
-
Cited by 39 (5 self)
- Add to MetaCart
(Show Context)
Our previous experience building systems for implementing network policies in home and enterprise networks has revealed that the intuitive notion of network policy in these domains is inherently dynamic and stateful. Current configuration languages, both in traditional network architectures and in OpenFlow systems, are not expressive enough to capture these policies. As a result, most prototype OpenFlow systems lack a configurable interface and instead require operators to program in the system implementation language, often C++. We describe Procera, a control architecture for software-defined networking (SDN) that includes a declarative policy language based on the notion of functional reactive programming; we extend this formalism with both signals relevant for expressing high-level network policies in a variety of network settings, including home and enterprise networks, and a collection of constructs expressing temporal queries over event streams that occur frequently in network policies. Although sophisticated users can take advantage of Procera’s full expressiveness by expressing network policies directly in Procera, simpler configuration interfaces (e.g., graphical user interfaces) can also easily be built on top of this formalism.
Towards Systematic Design of Enterprise Networks
"... Enterprise networks are important, with size and complexity even surpassing carrier networks. Yet, the design of enterprise networks remains ad-hoc and poorly understood. In this paper, we show how a systematic design approach can handle two key areas of enterprise design: virtual local area network ..."
Abstract
-
Cited by 39 (12 self)
- Add to MetaCart
(Show Context)
Enterprise networks are important, with size and complexity even surpassing carrier networks. Yet, the design of enterprise networks remains ad-hoc and poorly understood. In this paper, we show how a systematic design approach can handle two key areas of enterprise design: virtual local area networks (VLANs) and reachability control. We focus on these tasks given their complexity, prevalence, and time-consuming nature. Our contributions are three-fold. First, we show how these design tasks may be formulated in terms of networkwide performance, security, and resilience requirements. Our formulations capture the correctness and feasibility constraints on the design, and they model each task as one of optimizing desired criteria subject to the constraints. The optimization criteria may further be customized to meet operator-preferred design strategies. Second, we develop a set of algorithms to solve the problems that we formulate. Third, we demonstrate the feasibility and value of our systematic design approach through validation on a large-scale campus network with hundreds of routers and VLANs.
Shadow configuration as a network management primitive
- In SIGCOMM
, 2008
"... Configurations for today’s IP networks are becoming increasingly complex. As a result, configuration management is becoming a major cost factor for network providers and configuration errors are becoming a major cause of network disruptions. In this paper, we present and evaluate the novel idea of s ..."
Abstract
-
Cited by 29 (0 self)
- Add to MetaCart
(Show Context)
Configurations for today’s IP networks are becoming increasingly complex. As a result, configuration management is becoming a major cost factor for network providers and configuration errors are becoming a major cause of network disruptions. In this paper, we present and evaluate the novel idea of shadow configurations. Shadow configurations allow configuration evaluation before deployment and thus can reduce potential network disruptions. We demonstrate using real implementation that shadow configurations can be implemented with low overhead.
ETTM: A Scalable Fault Tolerant Network Manager
"... In this paper, we design, implement, and evaluate a new scalable and fault tolerant network manager, called ETTM, for securely and efficiently managing network resources at a packet granularity. Our aim is to provide network administrators a greater degree of control over network behavior at lower c ..."
Abstract
-
Cited by 27 (1 self)
- Add to MetaCart
(Show Context)
In this paper, we design, implement, and evaluate a new scalable and fault tolerant network manager, called ETTM, for securely and efficiently managing network resources at a packet granularity. Our aim is to provide network administrators a greater degree of control over network behavior at lower cost, and network users a greater degree of performance, reliability, and flexibility, than existing solutions. In our system, network resources are managed via software running in trusted execution environments on participating endpoints. Although the software is physically running on endpoints, it is logically controlled centrally by the network administrator. Our approach leverages the trend to open management interfaces on network switches as well as trusted computing hardware and multicores at endpoints. We show that functionality that seemingly must be implemented inside the network, such as network address translation and priority allocation of access link bandwidth, can be simply and efficiently implemented in our system. 1
Network exception handlers: Host-network control in enterprise networks
- In SIGCOMM
, 2008
"... Enterprise network architecture and management have followed the Internet’s design principles despite different requirements and characteristics: enterprise hosts are administered by a single authority, which intrinsically assigns different values to traffic from different business applications. We ..."
Abstract
-
Cited by 21 (3 self)
- Add to MetaCart
(Show Context)
Enterprise network architecture and management have followed the Internet’s design principles despite different requirements and characteristics: enterprise hosts are administered by a single authority, which intrinsically assigns different values to traffic from different business applications. We advocate a new approach where hosts are no longer relegated to the network’s periphery, but actively participate in network-related decisions. To enable host participation, network information, such as dynamic network topology and per-link characteristics and costs, is exposed to the hosts, and network administrators specify conditions on the propagated network information that trigger actions to be performed while a condition holds. The combination of a condition and its actions embodies the concept of the network exception handler, defined analogous to a program exception handler. Conceptually, network exception handlers execute on hosts with actions parameterized by network and host state. Network exception handlers allow hosts to participate in network management, traffic engineering and other operational decisions by explicitly controlling host traffic under predefined conditions. This flexibility improves overall performance by allowing efficient use of network resources. We outline several sample network exception handlers, present an architecture to support them, and evaluate them using data collected from our own enterprise network.
MOSAIC: Unified Declarative Platform for Dynamic Overlay Composition ∗
"... Overlay networks create new networking services across nodes that communicate using pre-existing networks. MOSAIC is a unified declarative platform for constructing new overlay networks from multiple existing overlays, each possessing a subset of the desired new network’s characteristics. MOSAIC ove ..."
Abstract
-
Cited by 16 (9 self)
- Add to MetaCart
(Show Context)
Overlay networks create new networking services across nodes that communicate using pre-existing networks. MOSAIC is a unified declarative platform for constructing new overlay networks from multiple existing overlays, each possessing a subset of the desired new network’s characteristics. MOSAIC overlays are specified using Mozlog, a new declarative language for expressing overlay properties independently from their particular implementation or underlying network. This paper focuses on the runtime aspects of MOSAIC: composition and deployment of control and/or data plane functions of different overlay networks, dynamic compositions of overlay networks to meet changing application needs and network conditions, and seamless support for legacy applications. MOSAIC is validated experimentally using compositions specified in Mozlog: we combine an indirection overlay that supports mobility (i3), a resilient overlay (RON), and scalable lookups (Chord), to provide new overlay networks with new functions. MOSAIC uses runtime composition to simultaneously deliver application-aware mobility, NAT traversal and reliability. We further demonstrate MO-SAIC’s dynamic composition capabilities by Chord switching its underlay from IP to RON at runtime. These benefits are obtained at a low performance cost, as demonstrated by measurements on both a local cluster and PlanetLab. 1.
