The Middlebox Manifesto:
Enabling Innovation in Middlebox Deployment
Vyas Sekar Sylvia Ratnasamy Michael Reiter Norbert Egi
Guangyu Shi
1

Growing literature on network innovation
Build programmable elements using commodity hardware
Centralized management with open interfaces e.g., 4D, NOX/OpenFlow, RCP e.g., PacketShader, RouterBricks,
ServerSwitch, SwitchBlade
2

Most innovation today: Middleboxes!
Data from a large enterprise: >80K users across tens of sites
Type of appliance
Firewalls
NIDS
Media gateways
Load balancers
Proxies
VPN gateways
WAN Optimizers
Voice gateways
Total Middleboxes
Total routers
Number
166
127
110
67
66
45
44
11
636
~900
Just network security
~ 6 billion $ (2010)
 10 billion $ (2016)
3

Middleboxes are valuable, but have many painpoints
Type of appliance Number
Firewalls 166
NIDS
Media gateways
Load balancers
Proxies
127
110
67
66
VPN gateways
WAN Optimizers
Voice gateways
45
44
11
1. Device Sprawl, High CapEx
2. High OpEx e.g., separate management teams need manual tuning
“consumerization”
?
3. Inflexible, difficult to extend
 need for new boxes!
4

• Most network innovation occurs via middleboxes
– Not by changes to routers or switches
• Suffer similar, and maybe more, pain points
– Significant capital and operating expenses
– Narrow, closed management interfaces
– Difficult to extend
• Surprisingly MIA in the innovation discussion
5

• Most network innovation occurs via middleboxes
– Not via routers or switches
• Suffer almost same, if not more, pain points
– Too many of them
–
How to manage?
– Significant capital and operating expenses
• Surprisingly MIA in the innovation discussion
6

Our vision: Enabling innovation in middlebox deployments
Network-Wide
Management
3. Logically centralized open management APIs
Direct control, expressive
1. Software-centric implementations
Easy to deploy, extend
2. Consolidated physical platform
Reduce sprawl
7

Our vision: Enabling innovation in middlebox deployments
Network-Wide
Management
3. Logically centralized open management APIs
Direct control, expressive
In a general context, ideas aren’t especially new!
But, middleboxes raise new opportunities and challenges
1. Software-centric implementations 2. Consolidated physical platform
Easy to deploy, extend
Reduce sprawl
8

• “Software-centric”, “extensible” sounds nice ..
• But, usually very resource inefficient
– Compared to “specialized” solutions
• New efficiency avenues, at least for middleboxes
– Multiplexing
– Reuse
– Spatial distribution
9

Opportunity 1: Multiplexing Benefits
Multiplexing benefit = 1 - Peak_Sum / Sum_Peak = 28%
10

VPN Web Mail IDS Proxy
Protocol Parsers
Session Management
Firewall
How much traffic overlap? > 60 %
Contribution of reusable modules? 18 – 54 %
11

Network-wide Management
Heterogeneity
Complex processing
Policy constraints
Extensible functions
Standalone functions
Protocol
Session
12

Is it tractable?
e.g., reuse
Policy dependencies?
e.g. IDS < Proxy
Network-wide Management
Extensible functions
What is a minimal interface?
Standalone functions
Protocol
Session
13

Primitives?
Performance,
Isolation?
Extensible functions
Standalone functions
Protocol
Session
Accelerators?
14

• Most network innovation occurs via middleboxes
– Little presence in the innovation discussion!
• Our vision:
– Software-based, consolidated
– Logically unified, open management APIs
• New opportunities
– Multiplexing, reuse, and spatial distribution
• Practical challenges: Management + Platform
15