NeTS: Medium: Collaborative Research: Enabling Flexible Middlebox Processing in the Cloud

NeTS：媒介：协作研究：在云中实现灵活的中间盒处理

• 批准号: 1440056
• 负责人: Vyas Sekar
• 金额: $ 50万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-01-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1440056&HistoricalAwards=false
• 关键词: NeTS; Medium; Collaborative; Research; Enabling

Enterprises rely on specialized network appliances or middleboxes such as load balancers, intrusion detection and prevention systems, and WAN optimizers in order to meet critical performance optimization, security, and policy compliance requirements. With the advent of cloud computing, such middlebox processing will play an increasingly critical role in cloud deployments due to two key factors: 1) As enterprises move their IT infrastructure to the cloud, they want to leverage the same performance and security benefits for applications running in the cloud; and 2) Enterprises want to reduce their infrastructure and management costs by offloading middlebox functionality to cloud providers to leverage the elastic scaling and migration benefits offered by cloud computing. Unfortunately, cloud customers and providers today lack the necessary abstractions and mechanisms for enabling this transition. At a high-level, the problem is that these workloads are drastically different from traditional computation and storage services for which cloud computing has been extremely successful. This raises fundamental challenges along several dimensions: the need for flexible composition or chaining of network services; the increased impact of network-level performance on such workloads; the inherent difficulty in identifying bottlenecked resources in multiplexed cloud deployments; and the inability to reason about correct and consistent operation of stateful network processing in dynamic deployment scenarios.This project will bridge this disconnect by addressing foundational issues in the design and implementation of (1) policy frameworks, elastic scaling algorithms, and software-defined controllers for enterprise administrators to translate their requirements into an actual physical realization; (2) algorithms for intelligent network-level placement, traffic engineering, and topology design for cloud providers to support such workloads; and (3) new abstractions for managing and manipulating the middlebox-associated state of the network. Broader Impact: This work will inform the critical industry evolution as enterprises and cloud providers are attempting to realize the benefits of ?network virtualization?. Furthermore, the project will enable new dimensions of flexibility for network deployments that do not exist today---democratizing the benefits of middleboxes to small businesses; providing the ability to elastically scale network-level services to meet application demands; and enabling live migration of entire enterprise deployments across physical infrastructures. The project will generate new course materials on software-defined networking and cloud computing and tightly integrate research with education to help students become experts in these emerging domains. The software tools and benchmark measurement data produced by the research will inform the industry transition and future academic work on such middleboxes-in-the-cloud deployments. Finally, while the project focuses on middleboxes in cloud deployments, the technical foundations developed therein will apply to traditional enterprise and ISP networks as well.

企业依赖于专用网络设备或中间盒，如负载平衡器、入侵检测和防御系统以及WAN优化器，以满足关键的性能优化、安全性和策略合规性要求。随着云计算的出现，由于两个关键因素，这种中间盒处理将在云部署中发挥越来越重要的作用：1）随着企业将其IT基础设施迁移到云，他们希望为在云中运行的应用程序利用相同的性能和安全优势;和2）企业希望通过将中间盒功能卸载给云提供商来利用弹性扩展和迁移，从而降低基础架构和管理成本云计算带来的好处。不幸的是，今天的云计算客户和提供商缺乏必要的抽象和机制来实现这种过渡。在高层次上，问题是这些工作负载与云计算非常成功的传统计算和存储服务截然不同。这在沿着几个方面提出了根本性的挑战：需要灵活组合或链接网络服务;网络级性能对此类工作负载的影响越来越大;在多路复用云部署中识别被检查资源的固有困难;以及无法推理动态部署场景中有状态网络处理的正确和一致操作。本项目将通过解决设计和实现中的基础问题：（1）策略框架、弹性伸缩算法和软件定义的控制器，供企业管理员将其需求转化为实际的物理实现;（2）用于云提供商的智能网络级布局、流量工程和拓扑设计的算法，以支持此类工作负载;以及（3）用于管理和操纵网络的中间盒关联状态的新抽象。更广泛的影响：这项工作将告知关键的行业发展，因为企业和云提供商正在试图实现的好处？网络虚拟化？此外，该项目还将为网络部署提供目前不存在的新的灵活性维度-将中间盒的好处民主化到小型企业;提供弹性扩展网络级服务以满足应用需求的能力;以及实现整个企业部署在物理基础设施上的实时迁移。 该项目将生成关于软件定义网络和云计算的新课程材料，并将研究与教育紧密结合，以帮助学生成为这些新兴领域的专家。该研究产生的软件工具和基准测量数据将为行业转型和未来关于此类云中中间盒部署的学术工作提供信息。最后，虽然该项目侧重于云部署中的中间盒，但其中开发的技术基础也将适用于传统企业和ISP网络。