Making Middleboxes Someone Else s Problem: Network Processing as a Cloud Service

Similar documents
Making Middleboxes Someone Else s Problem: Network Processing as a Cloud Service

Network function virtualization

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Meraki MX Family. Overview

Network in the Cloud: a Map-and-Encap Approach

15-744: Computer Networking. Middleboxes and NFV

EdgeConnect for Amazon Web Services (AWS)

Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

Meraki MX Family Cloud Managed Security Appliances

Takes 3-6 Months to Deploy. MPLS connections take 3-6 months to be up and running in some remote locations. Incurs Significantly High Costs

Never Drop a Call With TecInfo SIP Proxy White Paper

AT&T SD-WAN Network Based service quick start guide

A Ten Minute Introduction to Middleboxes. Justine Sherry, UC Berkeley

Features. HDX WAN optimization. QoS

NGF0502 AWS Student Slides

Who We Are.. ideras Features. Benefits

Securely Access Services Over AWS PrivateLink. January 2019

Silver Peak EC-V and Microsoft Azure Deployment Guide

Meraki MX Family Cloud Managed Security Appliances

VNF Chain Allocation and Management at Data Center Scale

Design and Implementa/on of a Consolidated Middlebox Architecture. Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi Guangyu Shi

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

Data Center Virtualization: VirtualWire

OpenADN: A Case for Open Application Delivery Networking

NGFW Security Management Center

Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances

1. Click on "IaaS" to advance to the Windows Azure Scenario. 2. Click to configure the "CloudNet" Virtual Network

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Azure Compute. Azure Virtual Machines

Embark: Securely Outsourcing Middleboxes to the Cloud

SD-WAN Deployment Guide (CVD)

EdgeXOS Platform QuickStart Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

How to Configure Azure Route Tables (UDR) using Azure Portal and ARM

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Networking Services. This is IBM Cloud the DNA way.

Business Strategy Theatre

Network Service Description

Implementation Guide - VPN Network with Static Routing

GUIDE. Optimal Network Designs with Cohesity

Verifiable Cloud Outsourcing for Network Func9ons (+ Verifiable Resource Accoun9ng for Cloud Services)

Microsoft Internet Security & Acceleration Server Overview

Abstrac(ons for Middleboxes. à StonyBrook

3/10/2011. Copyright Link Technologies, Inc.

Enabling Branch Office Consolidation

Oracle IaaS, a modern felhő infrastruktúra

Grandstream Networks, Inc. GWN7000 Command Line Guide

Atlas Technology White Paper

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

CLOUD GATEWAY TECHNICAL GUIDE INTERNATIONAL

Internet Technology. 15. Things we didn t get to talk about. Paul Krzyzanowski. Rutgers University. Spring Paul Krzyzanowski

Citrix NetScaler LLB Deployment Guide

Cloud Leased Line (CLL) for Enterprise to Branch Office Communications

Citrix CloudBridge Product Overview

Cato Networks. Network Security as a Service

Simplifying the Branch Network

IaaS. IaaS. Virtual Server

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Correct Answer: C. Correct Answer: B

Cloud Security Best Practices

Virtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe

Xrio UBM Quick Start Guide

Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

Seven Criteria for a Sound Investment in WAN Optimization

Leverage the Citrix WANScaler Software Client to Increase Application Performance for Mobile Users

IaaS. IaaS. Virtual Server

Redundancy for Corporate Broadband WHITE PAPER

How to Configure a Hybrid WAN in Parallel to An Existing Traditional Wan Infrastructure

Deployment Scenarios Microsoft TMG Standard, TMG Enterprise, TMG Branch Office series Appliances

AWS VPC Cloud Environment Setup

A Reference Design. VPN user access and VPC networking. Version Copyright Aviatrix Systems, Inc. All rights reserved.

Yealink VCS Network Deployment Solution

Middleboxes. CSU CS557 - Fall 2017 Instructor: Lorenzo De Carli

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

The Cisco WebEx Node for the Cisco ASR 1000 Series Delivers the Best Aspects of On-Premises and On-Demand Web Conferencing

Virtual Private Cloud. User Guide. Issue 03 Date

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Elastic Virtual Network Function Placement CloudNet 2015

VPN Cloud. Mako s SD-WAN Technology

VOIP Network Pre-Requisites

1Y Designing Citrix XenDesktop 7.6 Solutions

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Exam Name: VMware Certified Associate Network Virtualization

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Raj Jain (Washington University in Saint Louis) Mohammed Samaka (Qatar University)

Virtual Private Cloud. User Guide

THE HIDDEN COSTS IN NETWORK BANDWIDTH

Cisco Meraki MX products come in 6 models. The chart below outlines MX hardware properties for each model:

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant

MASERGY S MANAGED SD-WAN

Concepts Introduced in Chapter 6. Warehouse-Scale Computers. Programming Models for WSCs. Important Design Factors for WSCs

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

We re ready. Are you?

Dimension Data Public Cloud Rate Card

MX Sizing Guide. 4Gon Tel: +44 (0) Fax: +44 (0)

Guide to Vyatta Documentation

KillTest ᦝ䬺 䬽䭶䭱䮱䮍䭪䎃䎃䎃ᦝ䬺 䬽䭼䯃䮚䮀 㗴 㓸 NZZV ]]] QORRZKYZ PV ٶ瀂䐘މ悹伥濴瀦濮瀃瀆ݕ 濴瀦

Transcription:

Making Middleboxes Someone Else s Problem: Network Processing as a Cloud Service Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy, Sylvia Ratnasamy*, and Vyas Sekar *

Typical Enterprise Networks Internet

Typical Enterprise Networks Internet

A Survey 57 enterprise network administrators Small (< 1k hosts) to XL ( >100k hosts) Asked about deployment size, expenses, complexity, and failures.

How many middleboxes do you deploy? Typically on par with # routers and switches.

What kinds of middleboxes do you deploy? Many kinds of devices, all with different functions and management expertise required.

How many networking personnel are there? Average salary for a network engineer - $60-80k USD

How do administrators spend their time? Most administrators spent 1-5 hrs/week dealing with failures; 9% spent 6-10 hrs/week. Misconfig. Overload Physical/ Electrical Firewalls 67.3% 16.3% 16.3% Proxies 63.2% 15.7% 21.1% IDS 54.45% 11.4% 34%

Recap High Capital and Operating Expenses Time Consuming and Error-Prone Physical and Overload Failures

How can we improve this?

Our Proposal Internet

Our Proposal Cloud Provider Internet

A move to the cloud High Capital and Operating Expenses Economies of scale and pay-per use Time Consuming and Error Prone Simplifies configuration and deployment Physical and Overload Failures Redundant resources for failover

Our Design

Challenges Minimal Complexity at the Enterprise Functional Equivalence Low Performance Overhead

APLOMB Appliance for Outsourcing Middleboxes

Outsourcing Middleboxes with APLOMB Cloud Provider APLOMB Gateway NAT Internet

Inbound Traffic Web Server: www.enterprise.com 192.168.1.100 Cloud Provider Enterprise Network Admin. Register: www.enterprise.com 192.168.1.100 Internet

Inbound Traffic Cloud Provider DNS Register: enterprise.com 98.76.54.32 98.76.54.32 Internet

Choosing a Datacenter Route through cloud datacenter that minimizes end to end latency. External Client Cloud Provider East Cloud Provider West External Client APLOMB Gateway keeps a routing table to select best tunnel for every Internet prefix. Enterprise

Caches and Terminal Services Traffic destined to services like caches should be redirected to the nearest node. Cloud Provider West

APLOMB Appliance for Outsourcing Middleboxes Place middleboxes in the cloud. Use APLOMB devices and DNS to redirect traffic to and from the cloud. That s it.

Can we outsource all middleboxes? Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers Bandwidth? Compression?

APLOMB+ for Compression Add generic compression to APLOMB gateway to reduce bandwidth consumption. Cloud Provider I Internet

Can we outsource all middleboxes? Firewalls IDSes Load Balancers VPNs Proxy/Caches WAN Optimizers Bandwidth? Compression?

Does it work?

Our Deployment Cloud provider: EC2 7 Datacenters OpenVPN for tunneling, Vyatta for middlebox services Two Types of Clients: Software VPN client on laptops Tunneling software router for wired hosts

Three Part Evaluation Implementation & Deployment Performance metrics Wide-Area Measurements Network latency Case Study of a Large Enterprise Impact in a real usage scenario

Does APLOMB inflate latency?

For PlanetLab nodes, 60% of pairs latency improves with redirection through EC2.

Latency at a Large Enterprise Measured redirection latency between enterprise sites. Median latency inflation: 1.13 ms Sites experiencing inflation were primarily in areas where EC2 does not have a wide footprint.

How does APLOMB impact other quality metrics, like bandwidth and jitter?

Bandwidth: download times with BitTorrent increased on average 2.3% Jitter: consistently within industry standard bounds of 30ms

Does APLOMB negate the benefits of bandwidth-saving devices?

APLOMB+ incurs a median penalty of 3.8% bandwidth inflation over traditional WAN Optimizers.

Does elastic scaling at the cloud provide real benefits?

Some sites generate as much as 13x traffic more than average at peak hours.

Recap Good application performance Latency median inflation 1.1ms Download times increased only 2.3% Generic redundancy elimination saves bandwidth costs Strong benefits from elasticity

Conclusion Moving middleboxes to the cloud is a practical and feasible solution to the complexity of enterprise networks.

What does it mean to manage middleboxes? Upgrades and Vendor Interaction Monitoring and Diagnostics Configuration Appliance Configuration Policy Configuration Training

Internal Firewalls Cloud Provider Internet

How many middleboxes can APLOMB outsource?

How much do middleboxes cost? Thousands to millions of dollars / 5 years

Is maintaining multiple tunnels at the APLOMB gateway useful?

With multiple tunnels, the fraction of pairs with 0 inflation or better moves from 40% to 60%

How large must a provider s datacenter footprint be to support middlebox services?

Minimal Improvement to E2E Latency with Larger Footprint.

How does APLOMB redirection impact web page load times?

Median: slightly worse; 90%-ile: slightly better.

Caches may require a larger footprint to provide nationwide service.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback