TY - GEN
T1 - Dynamic service chaining with dysco
AU - Zave, Pamela
AU - Ferreira, Ronaldo A.
AU - Zou, Xuan Kelvin
AU - Morimoto, Masaharu
AU - Rexford, Jennifer L.
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/8/7
Y1 - 2017/8/7
N2 - Middleboxes are crucial for improving network security and performance, but only if the right traffic goes through the right middleboxes at the right time. Existing traffic-steering techniques rely on a central controller to install fine-grained forwarding rules in network elements-at the expense of a large number of rules, a central point of failure, challenges in ensuring all packets of a session traverse the same middleboxes, and difficulties with middleboxes that modify the "five tuple." We argue that a session-level protocol is a fundamentally better approach to traffic steering, while naturally supporting host mobility and multihoming in an integrated fashion. In addition, a session-level protocol can enable new capabilities like dynamic service chaining, where the sequence of middleboxes can change during the life of a session, e.g., to remove a load-balancer that is no longer needed, replace a middlebox undergoing maintenance, or add a packet scrubber when traffic looks suspicious. Our Dysco protocol steers the packets of a TCP session through a service chain, and can dynamically reconfigure the chain for an ongoing session. Dysco requires no changes to end-host and middlebox applications, host TCP stacks, or IP routing. Dysco's distributed reconfiguration protocol handles the removal of proxies that terminate TCP connections, middleboxes that change the size of a byte stream, and concurrent requests to reconfigure different parts of a chain. Through formal verification using Spin and experiments with our Linux-based prototype, we show that Dysco is provably correct, highly scalable, and able to reconfigure service chains across a range of middleboxes.
AB - Middleboxes are crucial for improving network security and performance, but only if the right traffic goes through the right middleboxes at the right time. Existing traffic-steering techniques rely on a central controller to install fine-grained forwarding rules in network elements-at the expense of a large number of rules, a central point of failure, challenges in ensuring all packets of a session traverse the same middleboxes, and difficulties with middleboxes that modify the "five tuple." We argue that a session-level protocol is a fundamentally better approach to traffic steering, while naturally supporting host mobility and multihoming in an integrated fashion. In addition, a session-level protocol can enable new capabilities like dynamic service chaining, where the sequence of middleboxes can change during the life of a session, e.g., to remove a load-balancer that is no longer needed, replace a middlebox undergoing maintenance, or add a packet scrubber when traffic looks suspicious. Our Dysco protocol steers the packets of a TCP session through a service chain, and can dynamically reconfigure the chain for an ongoing session. Dysco requires no changes to end-host and middlebox applications, host TCP stacks, or IP routing. Dysco's distributed reconfiguration protocol handles the removal of proxies that terminate TCP connections, middleboxes that change the size of a byte stream, and concurrent requests to reconfigure different parts of a chain. Through formal verification using Spin and experiments with our Linux-based prototype, we show that Dysco is provably correct, highly scalable, and able to reconfigure service chains across a range of middleboxes.
KW - NFV
KW - Session Protocol
KW - Spin
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=85029429704&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029429704&partnerID=8YFLogxK
U2 - 10.1145/3098822.3098827
DO - 10.1145/3098822.3098827
M3 - Conference contribution
AN - SCOPUS:85029429704
T3 - SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
SP - 57
EP - 70
BT - SIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
PB - Association for Computing Machinery, Inc
T2 - 2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017
Y2 - 21 August 2017 through 25 August 2017
ER -