research-article

The middlebox manifesto: enabling innovation in middlebox deployment

Authors:

Sylvia Ratnasamy,

Michael K. Reiter,

Guangyu ShiAuthors Info & Claims

HotNets-X: Proceedings of the 10th ACM Workshop on Hot Topics in Networks

Article No.: 21, Pages 1 - 6

https://doi.org/10.1145/2070562.2070583

Published: 14 November 2011 Publication History

Abstract

Most network deployments respond to changing application, workload, and policy requirements via the deployment of specialized network appliances or "middleboxes". Despite the critical role that middleboxes play in introducing new network functionality, they have been surprisingly ignored in recent efforts for designing networks that are amenable to innovation. We make the case that enabling innovation in middleboxes is at least as important, if not more important, as that for traditional switches and routers. To this end, our vision is a world with software-centric middlebox implementations running on general-purpose hardware platforms that are managed via open and extensible management APIs. While these principles have been applied in other contexts, they introduce unique opportunities and challenges in the context of middleboxes that we highlight in this paper.

References

[1]

http://www.snort.org.

[2]

Cavium networks. http://www.caviumnetworks.com/.

[3]

Crossbeam network consolidation. http://bit.ly/qlotDK.

[4]

Palo alto networks. http://www.paloaltonetworks.com/.

[5]

Riverbed Networks: WAN Optimization. http://www.riverbed.com/solutions/optimize/.

[6]

Silver Peak software WAN optimization. http://bit.ly/nCBRst.

[7]

Untangle. www.untangle.com.

[8]

World enterprise network security markets. http://bit.ly/gYW4Us.

[9]

A. Greenberg et al. A Clean Slate 4D Approach to Network Control and Management. ACM SIGCOMM CCR, 35(5), Oct. 2005.

Digital Library

[10]

A. Greenlagh et al. Flow Processing and the Rise of Commodity Network Hardware. ACM CCR, Apr. 2009.

Digital Library

[11]

A. Shieh et al. SideCar: Building Programmable Datacenter Networks without Programmable Switches. In Proc. HotNets, 2010.

Digital Library

[12]

J. Anderson and A. Vahdat. xOMB: eXtensible Open MiddleBoxes. Unpublished Manuscript.

[13]

B. Anwer et al. Switchblade: A platform for rapid deployment of network protocols on programmable hardware. In SIGCOMM, 2010.

Digital Library

[14]

G. Lu et al. ServerSwitch: A Programmable and High Performance Platform for Data Center Networks. In Proc. NSDI, 2011.

Digital Library

[15]

S. Han, K. Jang, K. Park, and S. Moon. PacketShader: a GPU-Accelerated Software Router. In Proc. SIGCOMM, 2010.

Digital Library

[16]

D. Joseph and I. Stoica. Modeling middleboxes. IEEE Network, 2008.

Digital Library

[17]

D. A. Joseph, A. Tavakoli, and I. Stoica. A Policy-aware Switching Layer for Data Centers, In Proc. SIGCOMM, 2008.

Digital Library

[18]

M. Caesar et al. Design and implementation of a Routing Control Platform. In Proc. of NSDI, 2005.

Digital Library

[19]

M. Casado et al. SANE: A Protection Architecture for Enterprise Networks. In USENIX Security, 2006.

Digital Library

[20]

M. Dobrescu et al. RouteBricks: Exploiting Parallelism to Scale Software Routers. In Proc. SOSP, 2009.

Digital Library

[21]

M. Kounavis et al. Encrypting the Internet. In Proc. SIGCOMM, 2010.

Digital Library

[22]

N. Egi et al. Towards high performance virtual routers on commodity hardware. In Proc. CoNEXT, 2008.

Digital Library

[23]

N. Gude et al. NOX: Towards an Operating System for Networks. ACM SIGCOMM CCR, July 2008.

Digital Library

[24]

N. McKeown et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM CCR, 38(2), Apr. 2008.

Digital Library

[25]

R. Pang. V. Paxson, R. Sommer, and L. Peterson, binpac: A yacc for Writing Application Protocol Parsers. In Proc. IMC, 2006.

Digital Library

[26]

V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proc. USENIX Security Symposium, 1998.

Digital Library

[27]

M. Roughan, Robust network planning, Chapter 5, Guide to Reliable Internet Services and Applications.

[28]

T. Benson et al. Demystifying configuration challenges and trade-offs in network-based isp services. In Proc. SIGCOMM, 2011.

Digital Library

[29]

V. Sekar et al. cSamp: A System for Network-Wide Flow Monitoring. In Proc. of NSDI, 2008.

Digital Library

[30]

Z. Wang, Z. Qian, Q. Xu, Z. M. Mao, and M. Zhang. An Untold Story of Middleboxes in Cellular Networks. In Proc. SIGCOMM, 2011.

Digital Library

Cited By

Al Azad MMastorakis S(2024)Deduplicator: When Computation Reuse Meets Load Balancing at the Network Edge2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619734(448-454)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619734
Li HDang YSun GWu CZhang PShan DPan THu C(2024)Programming Network Stack for Physical Middleboxes and Virtualized Network FunctionsIEEE/ACM Transactions on Networking10.1109/TNET.2023.330764132:2(971-986)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3307641
Hill LRotsos CEdwards CHutchison D(2024)Katoptron: Efficient State Mirroring for Middlebox ResilienceNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575815(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575815
Show More Cited By

Index Terms

The middlebox manifesto: enabling innovation in middlebox deployment
1. Networks
  1. Network architectures
  2. Network services
    1. Network management

Recommendations

SIMPLE-fying middlebox policy enforcement using SDN
SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM

Networks today rely on middleboxes to provide critical performance, security, and policy compliance capabilities. Achieving these benefits and ensuring that the traffic is directed through the desired sequence of middleboxes requires significant manual ...
A flexible and efficient container-based NFV platform for middlebox networking
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Network Function Virtualization (NFV) enables multiple network functions (NFs) to operate simultaneously on a commodity server. Internet Data Centers (IDCs) gain significant flexibility and agility through NFV's ability to dynamically deploy and ...
Performance Analysis for Pareto-Optimal Green Consolidation Based on Virtual Machines Live Migration

Huge energy requirement of cloud data centers is prime concern. Dynamic Virtual Machine VM consolidation based on VM live migration to switched-off or put some of the under-loaded host Physical Machines PMs into a low power consumption mode can ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotNets-X: Proceedings of the 10th ACM Workshop on Hot Topics in Networks

November 2011

148 pages

ISBN:9781450310598

DOI:10.1145/2070562

General Chairs:
Hari Balakrishnan
MIT
,
Dina Katabi
MIT
,
Program Chairs:
Aditya Akella
University of Wisconsin-Madison
,
Ion Stoica
UC Berkeley

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

HOTNETS-X

Sponsor:

SIGCOMM

HOTNETS-X: Tenth ACM Workshop on Hot Topics in Networks

November 14 - 15, 2011

Massachusetts, Cambridge

Acceptance Rates

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

129
Total Citations
View Citations
575
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al Azad MMastorakis S(2024)Deduplicator: When Computation Reuse Meets Load Balancing at the Network Edge2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619734(448-454)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619734
Li HDang YSun GWu CZhang PShan DPan THu C(2024)Programming Network Stack for Physical Middleboxes and Virtualized Network FunctionsIEEE/ACM Transactions on Networking10.1109/TNET.2023.330764132:2(971-986)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3307641
Hill LRotsos CEdwards CHutchison D(2024)Katoptron: Efficient State Mirroring for Middlebox ResilienceNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575815(1-9)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575815
Chen S(2024)Choate: Toward High-Level, Cross-Layer SDN ProgrammingNetwork Simulation and Evaluation10.1007/978-981-97-4522-7_7(102-117)Online publication date: 2-Aug-2024
https://doi.org/10.1007/978-981-97-4522-7_7
Jose MLazri KFrancois JFestor O(2023)Stateful InREC: Stateful In-Network Real Number Computation With Recursive FunctionsIEEE Transactions on Network and Service Management10.1109/TNSM.2022.319800820:1(830-845)Online publication date: Mar-2023
https://doi.org/10.1109/TNSM.2022.3198008
Chang HKodialam MLakshman TMukherjee SVan der Merwe JZaheer Z(2023)MAGNet: Machine Learning Guided Application-Aware Networking for Data CentersIEEE Transactions on Cloud Computing10.1109/TCC.2021.308744711:1(291-307)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TCC.2021.3087447
Tu HZhao GXu HZhao YZhai Y(2022)A Robustness-Aware Real-Time SFC Routing Update Scheme in Multi-Tenant CloudsIEEE/ACM Transactions on Networking10.1109/TNET.2021.313741830:3(1230-1244)Online publication date: Jun-2022
https://doi.org/10.1109/TNET.2021.3137418
Tola BJiang Y(2022)Modeling and Provisioning Highly Available NFV Services2022 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)10.1109/NFV-SDN56302.2022.9974747(117-123)Online publication date: 14-Nov-2022
https://doi.org/10.1109/NFV-SDN56302.2022.9974747
Tu HZhao GXu HZhao YZhai Y(2021)Robustness-Aware Real-Time SFC Routing Update in Multi-Tenant Clouds2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS)10.1109/IWQOS52092.2021.9521350(1-6)Online publication date: 25-Jun-2021
https://doi.org/10.1109/IWQOS52092.2021.9521350
Ganta PYu KChintala DPark Y(2021)Adaptive Network Security Service Orchestration Based on SDN/NFVInformation Security Applications10.1007/978-3-030-89432-0_19(231-242)Online publication date: 11-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-89432-0_19
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents