![Page 1: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/1.jpg)
Virtual Middlebox Management for Cloud
Peter Feifan ChenNodir Kodirov
538B: Distributed SystemsClass project presentationApril 14, 2015
![Page 2: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/2.jpg)
Motivation: Service providers
2
![Page 3: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/3.jpg)
Motivation: Middleboxes in Data Center
3
![Page 4: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/4.jpg)
Motivation: Middleboxes in Data Center
4
![Page 5: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/5.jpg)
● Legacy: hardware middleboxes
● Recently: Virtual machine based
○ hypervisors: Xen, KVM
Motivation: Middlebox Virtualization
5
![Page 6: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/6.jpg)
● Legacy: hardware middleboxes
● Recently: Virtual machine based
○ hypervisors: Xen, KVM
● More recently: containers
Motivation: Middlebox Virtualization
6
![Page 7: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/7.jpg)
Motivation: Our scope
7
![Page 8: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/8.jpg)
● Can we build container-based middleboxes
○ generalizable
○ scalable
○ correct
Challenges
8
![Page 9: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/9.jpg)
Kubernetes
● Kubernetes’ three abstractions○ pod○ replication controller○ service
● Kubernetes pods are stateless, but most useful middleboxes have a shared state○ etcd
9
![Page 10: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/10.jpg)
System Design: sample middlebox● Rate-limiting Firewall
○ simple shared counter state
○ run as a pod in Kubernetes
○ services as redirection mechanism
10
![Page 11: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/11.jpg)
System Design
11
![Page 12: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/12.jpg)
Results
12
![Page 13: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/13.jpg)
13
![Page 14: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/14.jpg)
14
![Page 15: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/15.jpg)
15
![Page 16: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/16.jpg)
Conclusion● We can implement scalable virtual middleboxes that
trade-off between correctness and performance
● We can generalize to other middleboxes (e.g., NAT, VPN, firewall, load-balancers)
● Cloud providers can offer scalable and generalizable middleboxes as a value-add feature
16
![Page 17: Virtual Middlebox Management for Cloud - Computer … Middlebox Management for Cloud Peter Feifan Chen Nodir Kodirov 538B: Distributed Systems Class project presentation April 14,](https://reader036.vdocuments.us/reader036/viewer/2022062306/5ad764dc7f8b9af9068c2a03/html5/thumbnails/17.jpg)
Thank you!