1 / 16

Slick: A control plane for middleboxes

Slick: A control plane for middleboxes. Bilal Anwer , Theophilus Benson, Dave Levin, Nick Feamster , Jennifer Rexford. Supported by DARPA through the U.S. Navy SPAWAR under contract N66001-11-C- 4017. Network Policies. Reachability Alice can not send packets to Bob

beau-matthews
Download Presentation

Slick: A control plane for middleboxes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S. Navy SPAWAR under contract N66001-11-C-4017

  2. Network Policies • Reachability • Alice can not send packets to Bob • Application classification • Place Skype traffic in the gold queue

  3. Limitations of SDN Data Plane • Limited actions and matching • Match: Ethernet, IP, TCP/UDP port numbers • Action: forward, drop, rewrite header, etc. Match Action 10.2.3.4:10.2.3.3 Fwd Port 1 A2:e3:f1:ba:ea:23:* Drop

  4. Extending SDN’s Data Plane • Expand the OpenFlow standards • Requires hardware support • Implement richer data plane in controller • Introduces additional latency to packets • Add new devices (Middleboxes)

  5. Example: Detecting Network Attacks • Inspect all DNS traffic with a DPI device • If suspicious lookup takes place, send to traffic scrubber

  6. Example: Detecting Network Attacks • Inspect all DNS traffic with a DPI device • If suspicious lookup takes place, send to traffic scrubber

  7. Example: Detecting Network Attacks • Inspect all DNS traffic with a DPI device • If suspicious lookup takes place, send to traffic scrubber

  8. Example: Detecting Network Attacks • Inspect all DNS traffic with a DPI device • If suspicious lookup takes place, send to traffic scrubber

  9. Challenges • Specify network policies across middleboxes • Difficult to automatically react to middlebox events • Dynamically place sophisticated middleboxes • Difficult to determine efficient placement • Difficult to adjust placement to traffic patterns • Support for arbitrary middlebox functionality • Difficult to capture hardware requirements

  10. Slick Contributions • Abstraction for programming middleboxes • Simplifies the development of network policies • Separates specification of intent from implementation • Dynamic placement of middlebox functionality • Online resource allocation algorithm • Support for heterogeneous devices • Maintains performance profiles of middlebox

  11. Slick Architecture • Encodes network policy • Provides handlers for triggers Application Slick Controller Your network operator Triggers from elements • Piece of code encapsulating middlebox functions Middlebox Element Middlebox Element 3rd party element developers Virtual Switch Programmable device: NetFPGA, x86 server

  12. Slick Architecture • Runs applications • Runs resource allocation algo. • Places middlebox elements • Steers traffic through middleboxes • Configures switches Application Slick Controller Deploy Middlebox code • Installs/uninstalls middlebox functions Middlebox Element Middlebox Element Virtual Switch Programmable device: NetFPGA, x86 server

  13. Resource Allocation Heuristic Network policies in applications Middlebox perf profile Hardware constraints Traffic matrix And topology Resource allocation heuristic Objective: minimize latency (path lengths) Traffic Steering Placement Decisions OpenFlow Controller Virtual Switch Virtual Switch Programmable device Programmable device

  14. Current Status • Slick is implemented in python • Slick controller as a module on NoX 0.5.0 • Developed 2 applications and 3 middlebox elements

  15. Conclusion and Open Questions • Slick: control plane for middleboxes • Presented an initial architecture • Discussed algorithmic challenge • Open questions • How can developers help guide placement? • What is the optimal solution for resource allocation?

  16. Questions?

More Related