TY - GEN
T1 - CoVisor
T2 - 12th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2015
AU - Jin, Xin
AU - Gossels, Jennifer
AU - Rexford, Jennifer L.
AU - Walker, David P.
N1 - Publisher Copyright:
© 2015 by The USENIX Association. All Rights Reserved.
PY - 2015
Y1 - 2015
N2 - We present CoVisor, a new kind of network hypervisor that enables, in a single network, the deployment of multiple control applications written in different programming languages and operating on different controller platforms. Unlike past hypervisors, which focused on slicing the network into disjoint parts for separate control by separate entities, CoVisor allows multiple controllers to cooperate on managing the same shared traffic. Consequently, network administrators can use CoVisor to assemble a collection of independently-developed "best of breed" applications-a firewall, a load balancer, a gateway, a router, a traffic monitor-and can apply those applications in combination, or separately, to the desired traffic. CoVisor also abstracts concrete topologies, providing custom virtual topologies in their place, and allows administrators to specify access controls that regulate the packets a given controller may see, modify, monitor, or reroute. The central technical contribution of the work is a new set of efficient algorithms for composing controller policies, for compiling virtual networks into concrete OpenFlow rules, and for efficiently processing controller rule updates. We have built a CoVisor prototype, and shown that it is several orders of magnitude faster than a naive implementation.
AB - We present CoVisor, a new kind of network hypervisor that enables, in a single network, the deployment of multiple control applications written in different programming languages and operating on different controller platforms. Unlike past hypervisors, which focused on slicing the network into disjoint parts for separate control by separate entities, CoVisor allows multiple controllers to cooperate on managing the same shared traffic. Consequently, network administrators can use CoVisor to assemble a collection of independently-developed "best of breed" applications-a firewall, a load balancer, a gateway, a router, a traffic monitor-and can apply those applications in combination, or separately, to the desired traffic. CoVisor also abstracts concrete topologies, providing custom virtual topologies in their place, and allows administrators to specify access controls that regulate the packets a given controller may see, modify, monitor, or reroute. The central technical contribution of the work is a new set of efficient algorithms for composing controller policies, for compiling virtual networks into concrete OpenFlow rules, and for efficiently processing controller rule updates. We have built a CoVisor prototype, and shown that it is several orders of magnitude faster than a naive implementation.
UR - http://www.scopus.com/inward/record.url?scp=84967205803&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84967205803&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84967205803
T3 - Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2015
SP - 87
EP - 101
BT - Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2015
PB - USENIX
Y2 - 4 May 2015 through 6 May 2015
ER -