ACM Transactions on Computer Systems (TOCS)
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Congestion control for high bandwidth-delay product networks
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Internet indirection infrastructure
IEEE/ACM Transactions on Networking (TON)
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Why flow-completion time is the right metric for congestion control
ACM SIGCOMM Computer Communication Review
Drafting behind Akamai (travelocity-based detouring)
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Improving the reliability of internet paths with one-hop source routing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Middleboxes no longer considered harmful
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
CONMan: a step towards network manageability
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
A policy-aware switching layer for data centers
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Packet caches on routers: the implications of universal redundant traffic elimination
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Taming the torrent: a practical approach to reducing cross-isp traffic in peer-to-peer systems
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Greening the internet with nano data centers
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Communications of the ACM
Cloudward bound: planning for beneficial migration of enterprise applications to the cloud
Proceedings of the ACM SIGCOMM 2010 conference
ETTM: a scalable fault tolerant network manager
Proceedings of the 8th USENIX conference on Networked systems design and implementation
CloudNaaS: a cloud networking platform for enterprise applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
The middlebox manifesto: enabling innovation in middlebox deployment
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
IEEE Network: The Magazine of Global Internetworking
Outsourcing network functionality
Proceedings of the first workshop on Hot topics in software defined networks
Outsourcing network functionality
Proceedings of the first workshop on Hot topics in software defined networks
Software-defined internet architecture: decoupling architecture from infrastructure
Proceedings of the 11th ACM Workshop on Hot Topics in Networks
Outsourcing the routing control logic: better internet routing based on SDN principles
Proceedings of the 11th ACM Workshop on Hot Topics in Networks
New opportunities for load balancing in network-wide intrusion detection systems
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Bridging the gap between applications and networks in data centers
ACM SIGOPS Operating Systems Review
SIMPLE-fying middlebox policy enforcement using SDN
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Ananta: cloud scale load balancing
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Enabling fast, dynamic network processing with clickOS
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Design and implementation of a framework for software-defined middlebox networking
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Pushing CDN-ISP collaboration to the limit
ACM SIGCOMM Computer Communication Review
Demystifying the dark side of the middle: a field study of middlebox failures in datacenters
Proceedings of the 2013 conference on Internet measurement conference
Revealing middlebox interference with tracebox
Proceedings of the 2013 conference on Internet measurement conference
PacketCloud: an open platform for elastic in-network services
Proceedings of the eighth ACM international workshop on Mobility in the evolving internet architecture
Virtual network diagnosis as a service
Proceedings of the 4th annual Symposium on Cloud Computing
When the network crumbles: an empirical study of cloud network failures and their impact on services
Proceedings of the 4th annual Symposium on Cloud Computing
Managing the network with Merlin
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Are TCP extensions middlebox-proof?
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Verifiable network function outsourcing: requirements, challenges, and roadmap
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Unveiling the hidden dangers of public IP addresses in 4G/LTE cellular data networks
Proceedings of the 15th Workshop on Mobile Computing Systems and Applications
ClickOS and the art of network function virtualization
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Enforcing network-wide policies in the presence of dynamic middlebox actions using flowtags
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Modern enterprises almost ubiquitously deploy middlebox processing services to improve security and performance in their networks. Despite this, we find that today's middlebox infrastructure is expensive, complex to manage, and creates new failure modes for the networks that use them. Given the promise of cloud computing to decrease costs, ease management, and provide elasticity and fault-tolerance, we argue that middlebox processing can benefit from outsourcing the cloud. Arriving at a feasible implementation, however, is challenging due to the need to achieve functional equivalence with traditional middlebox deployments without sacrificing performance or increasing network complexity. In this paper, we motivate, design, and implement APLOMB, a practical service for outsourcing enterprise middlebox processing to the cloud. Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment. We show that APLOMB solves real problems faced by network administrators, can outsource over 90% of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise, imposes an average latency penalty of 1.1ms and median bandwidth inflation of 3.8%.