Abstract
Data centers deploy a variety of middleboxes (e.g., firewalls, load balancers and SSL offloaders) to protect, manage and improve the performance of applications and services they run. Since existing networks provide limited support for middleboxes, administrators typically overload path selection mechanisms to coerce traffic through the desired sequences of middleboxes placed on the network path. These ad-hoc practices result in a data center network that is hard to configure and maintain, wastes middlebox resources, and cannot guarantee middlebox traversal under network churn.
To address these issues, we propose the policy-aware switching layer or PLayer, a new layer-2 for data centers consisting of inter-connected policy-aware switches or pswitches. Unmodified middleboxes are placed off the network path by plugging them into pswitches. Based on policies specified by administrators, pswitches explicitly forward different types of traffic through different sequences of middleboxes. Experiments using our prototype software pswitches suggest that the PLayer is flexible, uses middleboxes efficiently, and guarantees correct middlebox traversal under churn.
- Architecture Brief: Using Cisco Catalyst 6500 and Cisco Nexus 7000 Series Switching Technology in Data Center Networks. http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/White_Paper_C17--449427.pdf.Google Scholar
- BalanceNG: The Software Load Balancer. http://www.inlab.de/balanceng.Google Scholar
- Beth Israel Deaconess Medical Center. Network Outage Information. http://home.caregroup.org/templatesnew/departments/BID/network_outage/.Google Scholar
- BladeLogic Sets Standard for Data Center Automation and Provides Foundation for Utility Computing with Operations Manager Version 5. Business Wire, Sept 15, 2003. http://findarticles.com/p/articles/mi_m0EIN/is_2003_Sept_15/ai_107753392/pg_2.Google Scholar
- Cisco Catalyst 6500 Series Switches Solution. http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a008008790d.html.Google Scholar
- Cisco Systems. Spanning Tree Protocol Problems and Related Design Considerations. http://www.cisco.com/warp/public/473/16.html.Google Scholar
- Microsoft: Datacenter Growth Defies Moore's Law. InfoWorld. April 18, 2007. http://www.pcworld.com/article/id,130921/article.html.Google Scholar
- Net-SNMP. http://net-snmp.sourceforge.net.Google Scholar
- NetFPGA. http://netfpga.org.Google Scholar
- nuttcp. http://linux.die.net/man/8/nuttcp.Google Scholar
- Policy based routing. http://www.cisco.com/warp/public/732/Tech/plicy_wp.htm.Google Scholar
- Ruby on Rails. http://www.rubyonrails.org.Google Scholar
- The netfilter.org project. http://netfilter.org.Google Scholar
- US Search Engine Rankings. September 2007. http://searchenginewatch.com/showPage.html?page=3627654.Google Scholar
- Cisco Data Center Infrastructure 2.1 Design Guide, 2006.Google Scholar
- M. Arregoces and M. Portolani, Data Center Fundamentals. Cisco Press, 2003. Google ScholarDigital Library
- R. Bajcsy et. al., Cyber defense technology networking and evaluation. Commun. ACM, 47(3):58--61, 2004. http://deterlab.net. Google ScholarDigital Library
- M. Caesar, D. Caldwell, N. Feamster, J. Rexford, A. Shaikh, and J. van der Merwe. Design and Implementation of a Routing Control Platform. In NSDI 2005. Google ScholarDigital Library
- D. Caldwell, A. Gilbert, J. Gottlieb, A. Greenberg, G. Hjalmtysson, and J. Rexford. The Cutting EDGE of IP Router Configuration. In HotNets 2003.Google Scholar
- M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker. Ethane: Taking Control of the Enterprise. In SIGCOMM 2007. Google ScholarDigital Library
- K. Elmeleegy, A. Cox, and T. Ng. On Count-to-Infinity Induced Forwarding Loops in Ethernet Networks. In Infocom 2006.Google Scholar
- R. Gold, P. Gunningberg, and C. Tschudin. A Virtualized Link Layer with Support for Indirection. In FDNA 2004. Google ScholarDigital Library
- A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang. A Clean Slate 4D Approach to Network Control and Management, In ACM SIGCOMM Computer Communication Review. 35(5). October, 2005. Google ScholarDigital Library
- D. Joseph, A. Tavakoli, and I. Stoica. A Policy-aware Switching Layer for Data Centers. Technical report, EECS Dept., University of California at Berkeley, June 2008.Google Scholar
- E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek. The Click modular router. ACM Transactions on Computer Systems, 18(3):263--297, August 2000. Google ScholarDigital Library
- K. Lakshminarayanan. Design of a Resilient and Customizable Routing Architecture. PhD thesis, EECS Dept., University of California, Berkeley, 2007.Google Scholar
- A. Mahimkar, J. Dange, V. Shmatikov, H. Vin, and Y. Zhang. dFence: Transparent Network-based Denial of Service Mitigation. In NSDI 2007. Google ScholarDigital Library
- D. Oppenheimer, A. Ganapathi, and D. Patterson. Why do Internet services fail, and what can be done about it. In USENIX Symposium on Internet Technologies and Systems, 2003. Google ScholarDigital Library
- V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435--2463, 1999. Google ScholarDigital Library
- I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana. Internet Indirection Infrastructure. In SIGCOMM 2002. Google ScholarDigital Library
- I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications. In SIGCOMM 2001. Google ScholarDigital Library
- M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes No Longer Considered Harmful. In OSDI 2004. Google ScholarDigital Library
- Y. Zhang, L. Breslau, V. Paxson, and S. Shenker. On the Characteristics and Origins of Internet Flow Rates. In SIGCOMM 2002. Google ScholarDigital Library
Index Terms
- A policy-aware switching layer for data centers
Recommendations
A policy-aware switching layer for data centers
SIGCOMM '08: Proceedings of the ACM SIGCOMM 2008 conference on Data communicationData centers deploy a variety of middleboxes (e.g., firewalls, load balancers and SSL offloaders) to protect, manage and improve the performance of applications and services they run. Since existing networks provide limited support for middleboxes, ...
Towards Economical Live Migration in Data Centers
Economics of Grids, Clouds, Systems, and ServicesAbstractLive migration of virtual machines (VMs) enables maintenance, load balancing, and power management in data centers. The cost of live migration on several key metrics combined with strict service-level objectives (SLOs), however, typically limits ...
Multi-objective virtual machine selection for migrating in virtualized data centers
ICPCA/SWS'12: Proceedings of the 2012 international conference on Pervasive Computing and the Networked WorldWith the increasing deployment of large-scale virtualized datacenters, using virtual machine (VM) migration technology to consolidate VMs is becoming very important for improving the efficiency of data center. The primary prerequisite for VM ...
Comments