Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Deriving traffic demands for operational IP networks: methodology and experience
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
ACM Transactions on Computer Systems (TOCS)
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
A policy-aware switching layer for data centers
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Packet caches on routers: the implications of universal redundant traffic elimination
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Flow processing and the rise of commodity network hardware
ACM SIGCOMM Computer Communication Review
RouteBricks: exploiting parallelism to scale software routers
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Measurouting: a framework for routing assisted traffic monitoring
INFOCOM'10 Proceedings of the 29th conference on Information communications
Scalable flow-based networking with DIFANE
Proceedings of the ACM SIGCOMM 2010 conference
The case for fine-grained traffic engineering in data centers
INM/WREN'10 Proceedings of the 2010 internet network management conference on Research on enterprise networking
Onix: a distributed control platform for large-scale production networks
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
OpenFlow-based server load balancing gone wild
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
Exploiting similarity for multi-source downloads using file handprints
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
DevoFlow: scaling flow management for high-performance networks
Proceedings of the ACM SIGCOMM 2011 conference
Understanding network failures in data centers: measurement, analysis, and implications
Proceedings of the ACM SIGCOMM 2011 conference
An untold story of middleboxes in cellular networks
Proceedings of the ACM SIGCOMM 2011 conference
CloudNaaS: a cloud networking platform for enterprise applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
The middlebox manifesto: enabling innovation in middlebox deployment
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Header space analysis: static checking for networks
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Design and implementation of a consolidated middlebox architecture
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
OFLOPS: an open framework for openflow switch evaluation
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
IEEE Network: The Magazine of Global Internetworking
Making middleboxes someone else's problem: network processing as a cloud service
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Outsourcing network functionality
Proceedings of the first workshop on Hot topics in software defined networks
Toward software-defined middlebox networking
Proceedings of the 11th ACM Workshop on Hot Topics in Networks
xOMB: extensible open middleboxes with commodity servers
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
New opportunities for load balancing in network-wide intrusion detection systems
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Composing software-defined networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
IOFlow: a software-defined storage architecture
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Virtual network diagnosis as a service
Proceedings of the 4th annual Symposium on Cloud Computing
SoftCell: scalable and flexible cellular core network architecture
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Managing the network with Merlin
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Enforcing network-wide policies in the presence of dynamic middlebox actions using flowtags
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Networks today rely on middleboxes to provide critical performance, security, and policy compliance capabilities. Achieving these benefits and ensuring that the traffic is directed through the desired sequence of middleboxes requires significant manual effort and operator expertise. In this respect, Software-Defined Networking (SDN) offers a promising alternative. Middleboxes, however, introduce new aspects (e.g., policy composition, resource management, packet modifications) that fall outside the purvey of traditional L2/L3 functions that SDN supports (e.g., access control or routing). This paper presents SIMPLE, a SDN-based policy enforcement layer for efficient middlebox-specific "traffic steering''. In designing SIMPLE, we take an explicit stance to work within the constraints of legacy middleboxes and existing SDN interfaces. To this end, we address algorithmic and system design challenges to demonstrate the feasibility of using SDN to simplify middlebox traffic steering. In doing so, we also take a significant step toward addressing industry concerns surrounding the ability of SDN to integrate with existing infrastructure and support L4-L7 capabilities.