A Policy-aware Switching Layer for Data Centers

Dilip Joseph Arsalan Tavakoli

Ion Stoica

University of California at Berkeley

Problem: Middleboxes are hard to deploy

•  Place on network path •  Overload path selection mechanisms

pkt network path

•  On path placement fails to achieve

Correctness Guaranteed middlebox traversal

Flexibility (Re)configurable network topology

Efficiency No middlebox resource wastage

Load Balancer Firewall

Preview

•  Problem –  Middleboxes are hard to deploy

•  Solution –  Overview –  Challenges –  Limitations

•  Implementation & evaluation

•  Related work

Common data center topology Internet

Servers

Layer-2 switch Access

Data Center

Layer-2/3 switch Aggregation

Layer-3 router Core

Firewall

Load Balancer

Inflexible topology

Internet

Intrusion Prevention Box

Firewall

Load Balancer

Inefficient - middlebox resource wastage

Internet

Process unnecessary traffic

Unutilized

Backup path

Protect S1 ↔ S2 traffic

Correctness is hard Internet

•  Option 1 –  Existing firewalls

Newly blocked

•  Option 2 –  New firewall

•  Option 3 –  Separate VLANs

Outline

 Problem  Middleboxes are hard to deploy

•  Solution –  Overview –  Challenges –  Limitations

•  Related work

Policy-aware Switching Layer

Policy-aware switching layer

load balancer

Existing mechanisms

firewall

1 Take middleboxes off-path Separate policy from reachability 2

HTTP Firewall Load balancer TCP port = 80

PSwitch

load balancer

firewall

P P P P P P P P P P

P P P P P

PSwitch explicitly forwards packets to middleboxes

Firewall (F) Load Balancer (L)

Core Router

PSwitch Web

Server

Data center

Src:L Header Body

Rule table

Match Next Hop

MACR,port 80 F

Interface 1, port 80 L

MACL,port 80 FinalDest

P P P P P 0

HTTP Firewall Load balancer

Centralized Policy

Controller

Firewall Load

Balancer

PSwitch A Web Server

Data center

Custom Firewall

Intrusion Prevention

ERP Server

Firewall

PSwitch B

HTTP Firewall Load balancer ERP Custom Firewall IPS

•  Distributed forwarding

•  Loadbalancing middleboxes

•  Different policies for different traffic

Challenges

1.  Minimizing infrastructure changes

2.  Non-transparent middleboxes

3.  Guaranteeing correctness under churn

Guarantees under Churn

Network

Middlebox

Policy

Packets never bypass middleboxes

Some packets may be dropped

Limitations

•  Indirect paths

•  Policy specification complexity

Outline

 Problem  Middleboxes are hard to deploy

 Solution  Overview  Challenges  Limitations

•  Related work

Implementation

•  PSwitches prototyped in

P P P P P

750 Mbps

0.3 milliseconds 25 policies

•  Compared to software Ethernet switch –  82% TCP throughput –  16% latency increase

•  Exploring hardware options

PSwitch

Validation of functionality

•  10 PCs with 4 network interfaces each

P P P P P P P P P P P P P P P P P P P P

iptables firewalls webservers BalanceNG Load balancer

client

Physical topology

Logical topologies on same physical topology

Related Work

4D Routing Control Platform Ethane

Indirection Internet Indirection Infrastructure Delegation Oriented Architecture

Separation of policy and reachability

High-end switches

Cisco Catalyst 6500

SIGCOMM 2008

SEATTLE DCell Commodity DC Network Architecture

Conclusion

•  Deploying middleboxes is hard

•  A new layer-2 with explicit middlebox support –  Middleboxes taken off network path –  Policy separated from reachability

Questions?

Backup Slides

Policy churn •  Conflicting policy updates

HTTP Load balancer Firewall Version 1

Firewall Load balancer HTTP Version 2

Firewall Load Balancer

P P P P P

Version 1 Version 2 Match Next Hop

Interface 2, port 80 F

Interface 1, port 80 FinalDest

Match Next Hop

Interface 0, port 80 F

Interface 2, port 80 FinalDest

Intermediate middlebox types

•  Guarantees traversal HTTP Load balancer Firewall Version 1

Firewall’ Load balancer’ HTTP Version 2

Firewall

Load Balancer

P P P P P

Firewall’

Load Balancer’

A Policy-aware Switching Layer for Data Centers

Documents

Transcript of A Policy-aware Switching Layer for Data Centers

TAPS: Software Defined Task-Level Deadline-Aware .... TAPS Software Defined Task-level... · TAPS: Software Deﬁned Task-level Deadline-aware Preemptive Flow scheduling in Data Centers

Resource-Aware Scheduling for Data Centers with ...tidel.mie.utoronto.ca/pubs/TranMISTA15.pdfMISTA 2015 Resource-Aware Scheduling for Data Centers with Heterogenous Servers Tony T.

A Policy-aware Switching Layer for Data Centers Policy-aware Switching Layer for Data Centers Dilip Antony Joseph Arsalan Tavakoli Ion Stoica Electrical Engineering and Computer Sciences

Best Practices in Deploying Converged Data Centers · converged data centers. Converged data center require virtualization, network security, routing/switching technologies, FCoE,

EAWA: Energy-Aware Workload Assignment in Data Centers

A Policy-aware Switching Layer for Data Centers...personal or classroom use is granted without fee provided that copies are not made or distributed for prot or commercial advantage

Using Power Aware IBIS v5.0 Behavioral IO Models to Simulate Simultaneous Switching Noise · 2018-04-27 · Behavioral IO Models to Simulate Simultaneous Switching Noise Romi Mayder,

Traffic Aware Virtual Machine Placement in Data …jiewu/research/publications/Publication... · Let’s Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers

A policy-aware switching layer for data centers ACM Special Interest Group on Data Communication (SIGCOMM’08) Authors: Dilip A. Joseph, Arsalan Tavakoli,

Thermal-aware job scheduling in data centers [0.2em] An ...

On-Chip SDM Switching for Unicast, Multicast and Traffic ... · Index Terms—Data centers, switching, traffic grooming, multicast communication. I. INTRODUCTION raffic in data center

Opus: an Overlay Peer Utility Service - Duke Universityvahdat/ps/openarch02.pdf · data centers) colocated with switching centers at the inte-rior of the Internet “cloud.” Opus

CS528 Power/Energy Aware Cloud System Design · Motivation for Green Data Centers • Economic –New data centers run on the Megawatt scale, requiring millions of dollars to operate.

Power Aware Combinational Synthesismaler/Papers/slides-switching.pdf · Power Aware Combinational Synthesis HVC 2015 Jan L an k , ... Switching power dissipation at a gate P = 1 2

COMMERCIAL MOBILE RADIO SERVICES (CMRS) … · 1.7.3 “Mobile Switching Centers” (“MSCs”) are an essential element of the CMRS network which performs the switching for the

Photonic Switching Applications In Data Centers 12 29 11

Towards a Redundancy -Aware Network Stack for Data Centersmusa/uploads/hotnets_2016_talk.pdf · Towards a Redundancy -Aware Network Stack for Data Centers Ali Musa Iftikhar (Tufts)

Network-aware energy saving multi-objective optimization ...chang5/papers/18/cluster_18.pdf · Network-aware energy saving multi-objective optimization in virtualized data centers

Wireless Aware Smart Switching

Multi-Stage Resource-Aware Scheduling for Data Centers with ...downd/TranMISTA15Journal.pdf · Multi-Stage Resource-Aware Scheduling for Data Centers with Heterogenous Servers Tony