A Policy-aware Switching Layer for Data Centers

13
1 1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley Problem: Middleboxes are hard to deploy Place on network path Overload path selection mechanisms pkt network path On path placement fails to achieve Correctness Guaranteed middlebox traversal Flexibility (Re)configurable network topology Efficiency No middlebox resource wastage Load Balancer Firewall

Transcript of A Policy-aware Switching Layer for Data Centers

Page 1: A Policy-aware Switching Layer for Data Centers

1

1

A Policy-aware Switching Layer for Data Centers

Dilip Joseph Arsalan Tavakoli

Ion Stoica

University of California at Berkeley

Problem: Middleboxes are hard to deploy

•  Place on network path •  Overload path selection mechanisms

pkt network path

•  On path placement fails to achieve

Correctness Guaranteed middlebox traversal

Flexibility (Re)configurable network topology

Efficiency No middlebox resource wastage

Load Balancer Firewall

Page 2: A Policy-aware Switching Layer for Data Centers

2

Preview

•  Problem –  Middleboxes are hard to deploy

•  Solution –  Overview –  Challenges –  Limitations

•  Implementation & evaluation

•  Related work

Common data center topology Internet

Servers

Layer-2 switch Access

Data Center

Layer-2/3 switch Aggregation

Layer-3 router Core

Firewall

Load Balancer

Page 3: A Policy-aware Switching Layer for Data Centers

3

Inflexible topology

Internet

Intrusion Prevention Box

Firewall

Load Balancer

Inefficient - middlebox resource wastage

Internet

Process unnecessary traffic

Unutilized

Backup path

Page 4: A Policy-aware Switching Layer for Data Centers

4

S1 S2

Protect S1 ↔ S2 traffic

Correctness is hard Internet

•  Option 1 –  Existing firewalls

Newly blocked

link

Correctness is hard Internet

•  Option 1 –  Existing firewalls

•  Option 2 –  New firewall

S1 S2

Protect S1 ↔ S2 traffic

Page 5: A Policy-aware Switching Layer for Data Centers

5

Correctness is hard Internet

•  Option 1 –  Existing firewalls

•  Option 2 –  New firewall

•  Option 3 –  Separate VLANs

S1 S2

Protect S1 ↔ S2 traffic

Outline

 Problem  Middleboxes are hard to deploy

•  Solution –  Overview –  Challenges –  Limitations

•  Implementation & evaluation

•  Related work

Page 6: A Policy-aware Switching Layer for Data Centers

6

Policy-aware Switching Layer

Policy-aware switching layer

load balancer

Existing mechanisms

firewall

1 Take middleboxes off-path Separate policy from reachability 2

HTTP Firewall Load balancer TCP port = 80

PSwitch

load balancer

firewall

P P P P P P P P P P

P P P P P

PSwitch explicitly forwards packets to middleboxes

Firewall (F) Load Balancer (L)

Core Router

R

PSwitch Web

Server

Data center

Src:R

Src:L Header Body

Rule table

Match Next Hop

MACR,port 80 F

Interface 1, port 80 L

MACL,port 80 FinalDest

P P P P P 0

1 2

3

HTTP Firewall Load balancer

Centralized Policy

Controller

Page 7: A Policy-aware Switching Layer for Data Centers

7

Firewall Load

Balancer

PSwitch A Web Server

Data center

Custom Firewall

Intrusion Prevention

Box

ERP Server

Firewall

PSwitch B

HTTP Firewall Load balancer ERP Custom Firewall IPS

•  Distributed forwarding

•  Loadbalancing middleboxes

•  Different policies for different traffic

Challenges

1.  Minimizing infrastructure changes

2.  Non-transparent middleboxes

3.  Guaranteeing correctness under churn

Page 8: A Policy-aware Switching Layer for Data Centers

8

Guarantees under Churn

Network

Middlebox

Policy

Packets never bypass middleboxes

Some packets may be dropped

Limitations

•  Indirect paths

•  Policy specification complexity

Page 9: A Policy-aware Switching Layer for Data Centers

9

Outline

 Problem  Middleboxes are hard to deploy

 Solution  Overview  Challenges  Limitations

•  Implementation & evaluation

•  Related work

Implementation

•  PSwitches prototyped in

P P P P P

750 Mbps

0.3 milliseconds 25 policies

•  Compared to software Ethernet switch –  82% TCP throughput –  16% latency increase

•  Exploring hardware options

PSwitch

Page 10: A Policy-aware Switching Layer for Data Centers

10

Validation of functionality

•  10 PCs with 4 network interfaces each

P P P P P P P P P P P P P P P P P P P P

iptables firewalls webservers BalanceNG Load balancer

client

Physical topology

Logical topologies on same physical topology

X

Page 11: A Policy-aware Switching Layer for Data Centers

11

Related Work

4D Routing Control Platform Ethane

Indirection Internet Indirection Infrastructure Delegation Oriented Architecture

Separation of policy and reachability

High-end switches

Cisco Catalyst 6500

SIGCOMM 2008

SEATTLE DCell Commodity DC Network Architecture

Conclusion

•  Deploying middleboxes is hard

•  A new layer-2 with explicit middlebox support –  Middleboxes taken off network path –  Policy separated from reachability

Page 12: A Policy-aware Switching Layer for Data Centers

12

Questions?

Backup Slides

Page 13: A Policy-aware Switching Layer for Data Centers

13

Policy churn •  Conflicting policy updates

HTTP Load balancer Firewall Version 1

Firewall Load balancer HTTP Version 2

Firewall Load Balancer

P P P P P

Version 1 Version 2 Match Next Hop

Interface 0, port 80 L

Interface 2, port 80 F

Interface 1, port 80 FinalDest

0

1 2

3

Match Next Hop

Interface 0, port 80 F

Interface 2, port 80 FinalDest

Interface 1, port 80 L

Intermediate middlebox types

•  Guarantees traversal HTTP Load balancer Firewall Version 1

Firewall’ Load balancer’ HTTP Version 2

Firewall

Load Balancer

P P P P P

Firewall’

Load Balancer’


A policy-aware switching layer for data centers ACM Special Interest Group on Data Communication (SIGCOMM’08) Authors: Dilip A. Joseph, Arsalan Tavakoli,

A policy-aware switching layer for data centers ACM Special Interest Group on Data Communication (SIGCOMM’08) Authors: Dilip A. Joseph, Arsalan Tavakoli,

Chapter 2 Energy and Carbon Footprint- Aware …raj/papers/GeoCloudSurvey2017.pdf29 Energy and Carbon Footprint-Aware Management of Geo-Distributed Cloud Data Centers Table 1. Summary

Chapter 2 Energy and Carbon Footprint- Aware …raj/papers/GeoCloudSurvey2017.pdf29 Energy and Carbon Footprint-Aware Management of Geo-Distributed Cloud Data Centers Table 1. Summary

Computer Networking: Beyond Routing & Switching Series · 2018-02-02 · Computer Networking: Beyond Routing & Switching Series •Next Session: Intro to Data Centers Tuesday, November

Computer Networking: Beyond Routing & Switching Series · 2018-02-02 · Computer Networking: Beyond Routing & Switching Series •Next Session: Intro to Data Centers Tuesday, November

Using Power Aware IBIS v5.0 Behavioral IO Models …...DesignCon 2013 Using Power Aware IBIS v5.0 Behavioral IO Models to Simulate Simultaneous Switching Noise Romi Mayder, Xilinx,

Using Power Aware IBIS v5.0 Behavioral IO Models …...DesignCon 2013 Using Power Aware IBIS v5.0 Behavioral IO Models to Simulate Simultaneous Switching Noise Romi Mayder, Xilinx,

An Energy-aware Scheduling Algorithm in DVFS …web.ing.unimo.it/sammclouds/slides/shojafar-closer2016.pdfAn Energy-aware Scheduling Algorithm in DVFS-enabled Networked Data Centers

An Energy-aware Scheduling Algorithm in DVFS …web.ing.unimo.it/sammclouds/slides/shojafar-closer2016.pdfAn Energy-aware Scheduling Algorithm in DVFS-enabled Networked Data Centers

Open Archive TOULOUSE Archive Ouverte ( OATAO ) · Many papers have studied thermal-aware scheduling in data-centers with ... [30] studied thermal-aware load balancing with fan management

Open Archive TOULOUSE Archive Ouverte ( OATAO ) · Many papers have studied thermal-aware scheduling in data-centers with ... [30] studied thermal-aware load balancing with fan management

A City Traffic Model for Optical Circuit Switching in Data Centers

A City Traffic Model for Optical Circuit Switching in Data Centers

Stochastic Models for Self-Aware Computing in Data …se.informatik.uni-wuerzburg.de/fileadmin/10030200/2017-ASMTA... · Stochastic Models for Self-Aware Computing in Data Centers

Stochastic Models for Self-Aware Computing in Data …se.informatik.uni-wuerzburg.de/fileadmin/10030200/2017-ASMTA... · Stochastic Models for Self-Aware Computing in Data Centers

Traffic Aware Virtual Machine Placement in Data …jiewu/research/publications/Publication... · Let’s Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers

Traffic Aware Virtual Machine Placement in Data …jiewu/research/publications/Publication... · Let’s Stay Together: Towards Traffic Aware Virtual Machine Placement in Data Centers

Energy Aware Computing through Probabilistic Switching: A ...kvp1/pubs/palemIEEE.pdfcomputing for energy-aware algorithm design and analysis, for the first time, based on the following

Energy Aware Computing through Probabilistic Switching: A ...kvp1/pubs/palemIEEE.pdfcomputing for energy-aware algorithm design and analysis, for the first time, based on the following

Photonic Switching Applications In Data Centers 12 29 11

Photonic Switching Applications In Data Centers 12 29 11

A Policy-aware Switching Layer for Data Centers...personal or classroom use is granted without fee provided that copies are not made or distributed for prot or commercial advantage

A Policy-aware Switching Layer for Data Centers...personal or classroom use is granted without fee provided that copies are not made or distributed for prot or commercial advantage

Towards a Redundancy -Aware Network Stack for Data Centersmusa/uploads/hotnets_2016_talk.pdf · Towards a Redundancy -Aware Network Stack for Data Centers Ali Musa Iftikhar (Tufts)

Towards a Redundancy -Aware Network Stack for Data Centersmusa/uploads/hotnets_2016_talk.pdf · Towards a Redundancy -Aware Network Stack for Data Centers Ali Musa Iftikhar (Tufts)

1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.

1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.

Multistage switching fabrics · Multistage switching fabrics Paolo Giaccone Notes for the class on \Switching Technologies for Data Centers" Politecnico di Torino October 2019. Outline

Multistage switching fabrics · Multistage switching fabrics Paolo Giaccone Notes for the class on \Switching Technologies for Data Centers" Politecnico di Torino October 2019. Outline

Thermal Aware Workload Scheduling with Backfilling for Green Data Centers

Thermal Aware Workload Scheduling with Backfilling for Green Data Centers

Dell™ Networking™ X1000 and X4000 Series Switches User …...VLAN-Aware MAC-Based Switching The device always performs VLAN-aware bridging. VLAN-aware bridges perform VLAN-based

Dell™ Networking™ X1000 and X4000 Series Switches User …...VLAN-Aware MAC-Based Switching The device always performs VLAN-aware bridging. VLAN-aware bridges perform VLAN-based

A Policy-aware Switching Layer for Data Centers Policy-aware Switching Layer for Data Centers Dilip Antony Joseph Arsalan Tavakoli Ion Stoica Electrical Engineering and Computer Sciences

A Policy-aware Switching Layer for Data Centers Policy-aware Switching Layer for Data Centers Dilip Antony Joseph Arsalan Tavakoli Ion Stoica Electrical Engineering and Computer Sciences

CS528 Power/Energy Aware Cloud System Design · Motivation for Green Data Centers • Economic –New data centers run on the Megawatt scale, requiring millions of dollars to operate.

CS528 Power/Energy Aware Cloud System Design · Motivation for Green Data Centers • Economic –New data centers run on the Megawatt scale, requiring millions of dollars to operate.

GreenCloud : A Packet-level Simulator of Energy-aware Cloud Computing Data Centers

GreenCloud : A Packet-level Simulator of Energy-aware Cloud Computing Data Centers