Abstract:

Today's networks do much more than deliver packets. Through the deployment of middleboxes, enterprise networks today provide improved security (e.g., filtering malicious content) and performance capabilities (e.g., caching frequently accessed content). Although middleboxes are deployed widely in enterprises, they bring with them many challenges: they are complicated to manage, expensive, prone to failures, and challenge privacy expectations.

In this talk, we aim to bring the benefits of cloud computing to networking. We argue that middlebox services can be outsourced to cloud providers in a similar fashion to how mail, compute, and storage are outsourced today. We begin by presenting APLOMB, a system that allows enterprises to outsource middlebox processing to a third party cloud or ISP. For enterprise networks, APLOMB can reduce costs, ease management, and provide resources for scalability and failover. For service providers, APLOMB offers new customers and business opportunities, but also presents new challenges. Middleboxes have tighter performance demands than existing cloud services, and hence supporting APLOMB requires redesigning software at the cloud. We reconsider classical cloud challenges including fault-tolerance and privacy, showing how to implement middlebox software solutions with throughput and latency two-four orders of magnitude more efficient than general-purpose cloud approaches. Some of the technologies discussed in this talk are presently being adopted by industrial systems used by cloud providers and ISPs.

Bio:

Justine Sherry is a computer scientist and doctoral candidate at the University of California at Berkeley. Her interests are in computer networking; her work includes middleboxes, networked systems, measurement, cloud computing, and congestion control. Justine's dissertation focuses on new opportunities and challenges arising from the deployment of middleboxes -- such as firewalls and proxies -- as services offered by clouds and ISPs. Justine received her master's from UC Berkeley in 2012 and dual bachelor's degrees from the University of Washington in 2010. She is an NSF Graduate Research Fellow and has won paper awards from both USENIX NSDI and ACM SIGCOMM.