data center middleboxes - cs.cornell.edu · data center middleboxes hakim weatherspoon assistant...
TRANSCRIPT
![Page 1: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/1.jpg)
Data Center Middleboxes
Hakim WeatherspoonAssistant Professor, Dept of Computer Science
CS 5413: High Performance Systems and NetworkingNovember 24, 2014
Slides from ACM SIGCOMM 2012 presentation on “Making middleboxes someone else's problem: network processing as a cloud service”
![Page 2: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/2.jpg)
• Overview and Basics• Data Center Networks
– Basic switching technologies– Data Center Network Topologies (today and Monday)– Software Routers (eg. Click, Routebricks, NetMap, Netslice)– Alternative Switching Technologies– Data Center Transport
• Data Center Software Networking – Software Defined networking (overview, control plane, data plane, NetFGPA)
– Data Center Traffic and Measurements– Virtualizing Networks– Middleboxes
• Advanced Topics
Where are we in the semester?
![Page 3: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/3.jpg)
Goals for Today• Making middleboxes someone else's problem: network processing as a cloud service, – J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar. ACM SIGCOMM Computer Communication Review (CCR) Volume 42, Issue 4 (August 2012), pages 13‐24.
![Page 4: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/4.jpg)
APLOMB“Appliance for Outsourcing Middleboxes”
• Place middleboxes in the cloud.• Use APLOMB devices and DNS to redirect traffic to and from the cloud.
• That’s it.
![Page 5: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/5.jpg)
Typical Enterprise Networks
Internet
![Page 6: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/6.jpg)
Typical Enterprise Networks
Internet
![Page 7: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/7.jpg)
A Survey• 57 enterprise network administrators
• Small (< 1k hosts) to XL ( >100k hosts)
• Asked about deployment size, expenses,complexity, and failures.
![Page 8: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/8.jpg)
Typically on par with # routers and switches.
How many middleboxes do you deploy?
![Page 9: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/9.jpg)
Many kinds of devices, all with different functions and management expertise required.
What kinds of middleboxes do you deploy?
![Page 10: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/10.jpg)
Average salary for a network engineer ‐ $60‐80k USD
How many networking personnel are there?
![Page 11: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/11.jpg)
Misconfig. Overload Physical/Electrical
Firewalls 67.3% 16.3% 16.3%Proxies 63.2% 15.7% 21.1%
IDS 54.45% 11.4% 34%
Most administrators spent 1‐5 hrs/week dealing with failures; 9% spent 6‐10 hrs/week.
How do administrators spend their time?
![Page 12: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/12.jpg)
Recap• High Capital and Operating Expenses
• Time Consuming and Error‐Prone
• Physical and Overload Failures
![Page 13: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/13.jpg)
How can we improve this?
![Page 14: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/14.jpg)
Proposal
Internet
![Page 15: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/15.jpg)
Proposal
Internet
Cloud Provider
![Page 16: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/16.jpg)
• High Capital and Operating Expenses
• Time Consuming and Error Prone
• Physical and Overload Failures
• Economies of scale and pay‐per use
• Simplifies configuration and deployment
• Redundant resources for failover
A move to the cloud
![Page 17: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/17.jpg)
Design
![Page 18: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/18.jpg)
Challenges• Minimal Complexity at the Enterprise
• Functional Equivalence
• Low Performance Overhead
![Page 19: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/19.jpg)
APLOMB“Appliance for Outsourcing Middleboxes”
![Page 20: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/20.jpg)
Outsourcing Middleboxes with APLOMB
Internet
Cloud Provider
APLOMBGateway
NAT
![Page 21: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/21.jpg)
Inbound Traffic
Internet
Cloud Provider
Web Server: www.enterprise.com192.168.1.100
EnterpriseNetwork Admin.
Register:www.enterprise.com192.168.1.100
![Page 22: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/22.jpg)
Inbound Traffic
Internet
Cloud Provider
DNS
Register:enterprise.com98.76.54.32
98.76.54.32
![Page 23: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/23.jpg)
Minimizing latency?
![Page 24: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/24.jpg)
External Client
Choosing a Datacenter
Cloud Provider East
Cloud Provider West
Enterprise
Route through cloud datacenter that minimizes end to end latency.
APLOMB Gateway keeps a “routing table” to select best tunnel for every Internet prefix.
External Client
![Page 25: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/25.jpg)
Caches and “Terminal Services”
Traffic destined to services like caches should be redirected to the nearest node.
Cloud Provider West
![Page 26: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/26.jpg)
APLOMB“Appliance for Outsourcing Middleboxes”
• Place middleboxes in the cloud.• Use APLOMB devices and DNS to redirect traffic to and from the cloud.
• That’s it.
![Page 27: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/27.jpg)
FirewallsIDSesLoad BalancersVPNsProxy/CachesWAN Optimizers
✔✔✔✔✗ Bandwidth?✗ Compression?
Can we outsource all middleboxes?
![Page 28: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/28.jpg)
I
APLOMB+ for Compression
Add generic compression to APLOMB gateway to reduce bandwidth consumption.
Cloud Provider
Internet
![Page 29: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/29.jpg)
FirewallsIDSesLoad BalancersVPNsProxy/CachesWAN Optimizers
✔✔✔✔✗ Bandwidth?✗ Compression?
✔✔
Can we outsource all middleboxes?
![Page 30: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/30.jpg)
Does it work?
![Page 31: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/31.jpg)
Deployment• Cloud provider: EC2 – 7 Datacenters
• OpenVPN for tunneling, Vyatta for middlebox services
• Two Types of Clients:– Software VPN client on laptops– Tunneling software router for wired hosts
![Page 32: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/32.jpg)
Implementation & Deployment • Performance metrics
Case Study of a Large Enterprise• Impact in a real usage scenario
Wide‐Area Measurements• Network latency
Three Part Evaluation
![Page 33: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/33.jpg)
Does APLOMB inflate latency?
![Page 34: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/34.jpg)
For PlanetLab nodes, 60% of pairs’ latency improves with redirection through EC2.
![Page 35: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/35.jpg)
Latency at a Large Enterprise
Measured redirection latency between enterprise sites.
• Median latency inflation: 1.13 ms• Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.
![Page 36: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/36.jpg)
How does APLOMB impact other quality metrics, like bandwidth and
jitter?
![Page 37: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/37.jpg)
• Bandwidth: download times with BitTorrentincreased on average 2.3%
• Jitter: consistently within industry standard bounds of 30ms
![Page 38: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/38.jpg)
Does APLOMB negate the benefits of bandwidth‐saving devices?
![Page 39: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/39.jpg)
APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.
![Page 40: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/40.jpg)
Does “elastic scaling” at the cloud provide real benefits?
![Page 41: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/41.jpg)
Some sites generate as much as 13x traffic more than average at peak hours.
![Page 42: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/42.jpg)
Recap• Good application performance– Latency median inflation 1.1ms–Download times increased only 2.3%
• Generic redundancy elimination saves bandwidth costs
• Strong benefits from elasticity
![Page 43: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/43.jpg)
Moving middleboxes to the cloud seems to be practical and feasible solution to the complexity
of enterprise networks.
Conclusion and Discussion
![Page 44: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/44.jpg)
• Did the soln make the problem simpler?– How to measure simplicity/complexity?
• Does the soln also make security problems someone else's problems. – Do we trust the cloud provider?
• Privacy concerns?– Do we trust the cloud provider
• Monetary cost: Is APLOMB cheaper or more expensive?• Precedence
– Ariaka– Total uptime
• Middleboxes not at the edge of your network– APLOMB cannot outsource these middleboxes
Conclusion and Discussion
![Page 45: Data Center Middleboxes - cs.cornell.edu · Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking](https://reader034.vdocument.in/reader034/viewer/2022042315/5f03c0f87e708231d40a9a3e/html5/thumbnails/45.jpg)
Before Next time• Project Interim report
– Due Today, Monday, November 24.– And meet with groups, TA, and professor
• Fractus Upgrade: Should be back online
• Required review and reading for Monday, December 1– IOFlow: a software‐defined storage architecture, E. Thereska, H. Ballani, G.
O'Shea, T. Karagiannis, A. Rowstron, T. Talpey, R. Black, T. Zhu. ACM Symposium on Operating Systems Principles (SOSP), October 2013, pages 182‐196.
– http://dl.acm.org/citation.cfm?doid=2517349.2522723
• Check piazza: http://piazza.com/cornell/fall2014/cs5413• Check website for updated schedule