How To Build A Policy Aware Switching Layer For Data Center Data Center Servers



Similar documents
Extensible and Scalable Network Monitoring Using OpenSAFE

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Networking and High Availability

Networking and High Availability

Cisco Application Networking for BEA WebLogic

Packet Classification as a Fundamental Network Primitive

Networking Topology For Your System

Cisco Application Networking for IBM WebSphere

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Routing Security Server failure detection and recovery Protocol support Redundancy

Flow Analysis Versus Packet Analysis. What Should You Choose?

Chapter 11 Cloud Application Development

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Avaya P330 Load Balancing Manager User Guide

12. Firewalls Content

MPLS Based Web Switching

Are Second Generation Firewalls Good for Industrial Control Systems?

Dynamic Security Traversal in OpenFlow Networks with QoS Guarantee

Securing Local Area Network with OpenFlow

Ethernet-based Software Defined Network (SDN)

Panopticon: Incremental SDN Deployment in Enterprise Networks

Lab Developing ACLs to Implement Firewall Rule Sets

Testing Network Security Using OPNET

Virtual PortChannels: Building Networks without Spanning Tree Protocol

Monitoring Load-Balancing Services

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

hp ProLiant network adapter teaming

Configuring DHCP Snooping

OpenFlow: Enabling Innovation in Campus Networks

Software Defined Networking (SDN) - Open Flow

Firewall Load Balancing

IT-AD08: ADD ON DIPLOMA IN COMPUTER NETWORK DESIGN AND INSTALLATION

Towards Software Defined Cellular Networks

Technical Note. ForeScout CounterACT: Virtual Firewall

A SENSIBLE GUIDE TO LATENCY MANAGEMENT

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Optimizing Data Center Networks for Cloud Computing

Brocade One Data Center Cloud-Optimized Networks

Load Balancing SIP Quick Reference Guide v1.3.1

Multiple Service Load-Balancing with OpenFlow

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Enhancing Cisco Networks with Gigamon // White Paper

Load Balancing Sophos Web Gateway. Deployment Guide

How To Design A Network For A Small Business

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

IP Telephony Management

Radhika Niranjan Mysore, Andreas Pamboris, Nathan Farrington, Nelson Huang, Pardis Miri, Sivasankar Radhakrishnan, Vikram Subramanya and Amin Vahdat

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Juniper / Cisco Interoperability Tests. August 2014

WHITEPAPER. VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter

CS514: Intermediate Course in Computer Systems

Isilon IQ Network Configuration Guide

Jive Core: Platform, Infrastructure, and Installation

STEELHEAD HYBRID NETWORKING

Network Simulation Traffic, Paths and Impairment

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

How To Understand and Configure Your Network for IntraVUE

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

SURF Feed Connection Guide

WAN OPTIMIZATION. Srinivasan Padmanabhan (Padhu) Network Architect Texas Instruments, Inc.

NEN Community REANNZ. Design Statement: NEN Edge Device

Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN Sanjay Khanna Foundry Networks

Cisco Dynamic Workload Scaling Solution

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Implementing the Application Control Engine Service Module

Netflow Collection with AlienVault Alienvault 2013

Data Center Network Topologies: FatTree

Top-Down Network Design

Optimize your network for voice.

Computer Networks CS321

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Configuring Health Monitoring

FWSM introduction Intro 5/1

Set Up a VM-Series Firewall on the Citrix SDX Server

Leveraging Advanced Load Sharing for Scaling Capacity to 100 Gbps and Beyond

CERN Cloud Infrastructure. Cloud Networking

Network Expansion Devices, Switches & Routers

Using SDN-OpenFlow for High-level Services

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

Smoothwall Web Filter Deployment Guide

SANE: A Protection Architecture For Enterprise Networks

UPPER LAYER SWITCHING

Data Center Architecture Overview

2. Are explicit proxy connections also affected by the ARM config?

Load Balancing McAfee Web Gateway. Deployment Guide

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

VXLAN: Scaling Data Center Capacity. White Paper

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Barracuda Load Balancer Administrator s Guide

Cisco Application Networking for Citrix Presentation Server

Transcription:

A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley 1 Problem: Middleboxes are hard to deploy Place on network path Overload path selection mechanisms pkt Load Balancer On path placement fails to achieve network path Flexibility (Re)configurable network topology Efficiency No middlebox resource wastage Correctness Guaranteed middlebox traversal 1

Preview Problem Middleboxes are hard to deploy Solution Overview Challenges Limitations Implementation & evaluation Related work Common data center topology Core Internet Layer-3 router Data Center Aggregation Load Balancer Layer-2/3 switch Access Layer-2 switch Servers 2

Inflexible topology Internet Intrusion Prevention Box Load Balancer Inefficient - middlebox resource wastage Internet Process unnecessary traffic Backup path Unutilized 3

Correctness is hard Internet Protect S1 S2 traffic Option 1 Existing firewalls Newly blocked link S1 S2 Correctness is hard Internet Protect S1 S2 traffic Option 1 Existing firewalls Option 2 New firewall S1 S2 4

Correctness is hard Internet Protect S1 S2 traffic Option 1 Existing firewalls Option 2 New firewall Option 3 Separate VLANs S1 S2 Outline Problem Middleboxes are hard to deploy Solution Overview Challenges Limitations Implementation & evaluation Related work 5

Policy-aware Switching Layer 1 Take middleboxes off-path 2 Separate policy from reachability HTTP Load balancer TCP port = 80 firewall load balancer PSwitch P P P P P P P P P P P P P P P Existing mechanisms firewall load balancer Policy-aware switching layer PSwitch explicitly forwards packets to middleboxes (F) Load Balancer (L) Data center Header Body Src:L Centralized Policy Controller Src:R Core Router R 1 2 0 P P P P P PSwitch Match 3 Next Hop Web Server MAC R,port 80 F Interface 1, port 80 L MAC L,port 80 FinalDest HTTP Rule table Load balancer 6

Distributed forwarding Loadbalancing middleboxes Different policies for different traffic Data center Load Balancer Custom Intrusion Prevention Box PSwitch A PSwitch B HTTP Load balancer ERP Custom IPS Web Server ERP Server Challenges 1. Minimizing infrastructure changes 2. Non-transparent middleboxes 3. Guaranteeing correctness under churn 7

Guarantees under Churn Network Middlebox Policy Packets never bypass middleboxes Some packets may be dropped Limitations Indirect paths Policy specification complexity 8

Outline Problem Middleboxes are hard to deploy Solution Overview Challenges Limitations Implementation & evaluation Related work Implementation PSwitches prototyped in Compared to software Ethernet switch 82% TCP throughput 16% latency increase 750 Mbps P P P P P PSwitch 0.3 milliseconds 25 policies Exploring hardware options 9

Validation of functionality 10 PCs with 4 network interfaces each iptables firewalls BalanceNG Load balancer webservers client P P P P P P P P P P P P P P P P P P P P Physical topology Logical topologies on same physical topology X 10

Related Work Indirection Separation of policy and reachability High-end switches SIGCOMM 2008 Internet Indirection Infrastructure Delegation Oriented Architecture 4D Routing Control Platform Ethane Cisco Catalyst 6500 SEATTLE DCell Commodity DC Network Architecture Conclusion Deploying middleboxes is hard A new layer-2 with explicit middlebox support Middleboxes taken off network path Policy separated from reachability 11

Questions? Backup Slides 12

Policy churn Conflicting policy updates Version 1 Version 2 HTTP HTTP Load balancer Load balancer Load Balancer 1 2 0 P P P P P 3 Version 1 Version 2 Match Next Hop Match Interface 0, port 80 L Interface 0, port 80 Interface 2, port 80 F Interface 2, port 80 Interface 1, port 80 FinalDest Interface 1, port 80 Next Hop F FinalDest L Intermediate middlebox types Guarantees traversal Version 1 Version 2 HTTP HTTP Load balancer Load balancer Load Balancer Load Balancer P P P P P 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information