Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Alexander Ing - California State University Dominguez Hills
Co-Author(s): Daniel Hernandez, Bin Tang, and Mohsen Beheshti, California State University Dominguez Hills, Carson, CA
A middlebox, also called network appliance, is a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding. Examples of middlebox includes firewalls, load balancers, intrusion detection/prevention systems. Traditional middlebox hardware is widely deployed in enterprise networks to improve network security and performance. However, deploying middleboxes is currently a hard and complex problem, which involves network operator to manually install them inside networks. This is neither flexible nor efficient, and error-prone. Data centers consist of tens of thousands of server machines that support a large number of Internet services such as social networking, video streaming, and search engines. Data center policies require that VM traffic in data centers traverse a sequence of specified middleboxes, for the purposes of security and performance. In cloud data center, the integration of Software Defined Network (SDN) and Network Function Virtualization has been recently proposed to enables efficient placement of software-based middblebox in commercial off the-shelf switches. There are a few studies that address such middlebox placement problem, however, none of them are from an algorithmic angle. In this work, we first formulate this problem formally. We show that this problem is NP-hard. We then propose two time-efficient heuristic algorithms, one is Random, the other is Greedy. We show via extensive simulations that Greedy always outperforms Random in all different network scenarios. As a future work, we would like to take into consideration of load balancing. That is, the VM communication traffic on different switches and middleboxes should be equally distributed, without overloading any of the particular device.
Funder Acknowledgement(s): This research is funded in part through the National Science Foundation (NSF) under grant #HRD-1302873 and the Chancellor's Office of the California State University. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or the Chancellor's Office of the CSU.
Faculty Advisor: Bin Tang, btang@csudh.edu
Role: My contribution to this research was the creation of the K-ary fat tree simulation, allowing us to change parameters within the simulated datacenter; this robust simulation was used to test the efficiency of the middlebox placement algorithms. Also, I participated in the collection of data through the experimentation on both the random and greedy algorithms. Once the data was collected I also helped analyze and interpret the results of the data from the experiments.