Introduction

A new SDN-based approach which decouples the policy resolution layer from the policy enforcement layer in network service appliances.

Abstract

Network services, such as security, load-balancing, and monitoring, are an indisputable part of modern networking infrastructure and are traditionally realized as specialized appli- ances or middleboxes. Middleboxes complicate the management, the deployment, and the operations of the entire network. Moreover, they induce network performance issues and scalability limitations by requiring huge amounts of traffic to be, often sub-optimally redirected, and sometimes redundantly processed. Recent trends of server virtualization and Network Function Vir- tualization (NFV) exacerbate these scalability and performance issues. In this paper, we present EnforSDN - a new management approach that exploits SDN principles to decouple the policy resolution layer from the policy enforcement layer in network service appliances. Our approach improves the enforcement management, network utilization and communication latency, without compromising the policy and the functionality of the network. Using emulated SDN-based data center environment, we demonstrate higher throughput and lower latency achieved with EnforSDN, as compared to a baseline SDN network. In addition, we show that EnforSDN reduces the overall network appliances load, as well as the forwarding tables size.

Date

2015

Authors

  • Katherine Barabash
  • Rami Cohen
  • Anna Levin
  • Eran Raichstein

Research Areas

  • Middleboxes
  • Network Function Virtualization
  • Software-Defined Networks

Type

Inproceedings

Booktitle

Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on