Dynamic service chaining with dysco

Pamela Zave, Ronaldo A. Ferreira, Xuan Kelvin Zou, Masaharu Morimoto, Jennifer L. Rexford

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations

Abstract

Middleboxes are crucial for improving network security and performance, but only if the right traffic goes through the right middleboxes at the right time. Existing traffic-steering techniques rely on a central controller to install fine-grained forwarding rules in network elements-at the expense of a large number of rules, a central point of failure, challenges in ensuring all packets of a session traverse the same middleboxes, and difficulties with middleboxes that modify the "five tuple." We argue that a session-level protocol is a fundamentally better approach to traffic steering, while naturally supporting host mobility and multihoming in an integrated fashion. In addition, a session-level protocol can enable new capabilities like dynamic service chaining, where the sequence of middleboxes can change during the life of a session, e.g., to remove a load-balancer that is no longer needed, replace a middlebox undergoing maintenance, or add a packet scrubber when traffic looks suspicious. Our Dysco protocol steers the packets of a TCP session through a service chain, and can dynamically reconfigure the chain for an ongoing session. Dysco requires no changes to end-host and middlebox applications, host TCP stacks, or IP routing. Dysco's distributed reconfiguration protocol handles the removal of proxies that terminate TCP connections, middleboxes that change the size of a byte stream, and concurrent requests to reconfigure different parts of a chain. Through formal verification using Spin and experiments with our Linux-based prototype, we show that Dysco is provably correct, highly scalable, and able to reconfigure service chains across a range of middleboxes.

Original languageEnglish (US)
Title of host publicationSIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication
PublisherAssociation for Computing Machinery, Inc
Pages57-70
Number of pages14
ISBN (Electronic)9781450346535
DOIs
StatePublished - Aug 7 2017
Event2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017 - Los Angeles, United States
Duration: Aug 21 2017Aug 25 2017

Publication series

NameSIGCOMM 2017 - Proceedings of the 2017 Conference of the ACM Special Interest Group on Data Communication

Other

Other2017 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2017
CountryUnited States
CityLos Angeles
Period8/21/178/25/17

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Signal Processing
  • Electrical and Electronic Engineering
  • Communication

Keywords

  • NFV
  • Session Protocol
  • Spin
  • Verification

Fingerprint Dive into the research topics of 'Dynamic service chaining with dysco'. Together they form a unique fingerprint.

Cite this