alt text 

Stanford University Networking Seminar


Vyas Sekar
Toward Practical Convergence of Middleboxes and Software-Defined Networking

12pm, Thursday, February 20, 2014
Gates 104

About the Talk

Network administrators today rely on a variety of network appliances or “middleboxes” such as firewalls, proxies, intrusion detection systems, load balancers, and application gateways to meet their performance, security, and policy compliance objectives. Unfortunately, managing these deployments and ensuring that the traffic is correctly “chained” through the desired sequence of middleboxes require significant manual effort and operator expertise. In this respect, recent work on Software-Defined Networking (SDN) offers a promising alternative to simplify middlebox management. Middleboxes, however, introduce new challenges (e.g., policy composition, resource management, packet modifications) that fall outside the purvey of traditional routing and forwarding functions that have been the focus of early SDN efforts.

In this talk, I will describe our recent work in practically integrating middleboxes in SDN-enabled networks. The first half describes a backwards-compatible “service chaining” solution called SIMPLE that works with legacy middleboxes and existing SDN interfaces such as OpenFlow. The second part makes the case for middlebox-specific SDN extensions called FlowTags that provides a cleaner mechanism to accommodate the dynamic and opaque actions of middleboxes (e.g., header rewriting or caching effects) to enable new verification and debugging capabilities.

I will also briefly highlight some of our other work in this space including new platforms for deploying middlebox applications and new opportunities to “outsource” these functions to cloud services.

About the Speaker

Vyas Sekar is an Assistant Professor in the ECE Department at Carnegie Mellon. His research spans middleboxes, Internet video, and network security. His work has received best paper awards at ACM Sigcomm, ACM CoNext, and ACM Multimedia