2012
DOI: 10.1145/2377677.2377680
|View full text |Cite
|
Sign up to set email alerts
|

Making middleboxes someone else's problem

Abstract: Modern enterprises almost ubiquitously deploy middlebox processing services to improve security and performance in their networks. Despite this, we find that today's middlebox infrastructure is expensive, complex to manage, and creates new failure modes for the networks that use them. Given the promise of cloud computing to decrease costs, ease management, and provide elasticity and fault-tolerance, we argue that middlebox processing can benefit from outsourcing the cloud. Arriving at a feasible implementation… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
24
0
2

Year Published

2014
2014
2024
2024

Publication Types

Select...
9
1

Relationship

0
10

Authors

Journals

citations
Cited by 299 publications
(26 citation statements)
references
References 19 publications
0
24
0
2
Order By: Relevance
“…Figure 2 presents a typical software-defined cloud environment. To effectively manage the middlebox processing capabilities in SDCs, the concept of outsourcing enterprise middlebox processing to the cloud was proposed in [20] with a system the authors called APLOMB (Appliance for Outsourcing Middleboxes). APLOMB delegates middlebox tasks to the cloud to ensure the ease of management and capital expenditure (CAPEX) functions.…”
Section: Application-awareness Concepts In Cloud Datacentersmentioning
confidence: 99%
“…Figure 2 presents a typical software-defined cloud environment. To effectively manage the middlebox processing capabilities in SDCs, the concept of outsourcing enterprise middlebox processing to the cloud was proposed in [20] with a system the authors called APLOMB (Appliance for Outsourcing Middleboxes). APLOMB delegates middlebox tasks to the cloud to ensure the ease of management and capital expenditure (CAPEX) functions.…”
Section: Application-awareness Concepts In Cloud Datacentersmentioning
confidence: 99%
“…Current networks rely on rich functionalities, such as improved critical performance (e.g., proxies and load balancers), improved security (e.g., firewalls and the intrusion detection system (IDS)), reduced bandwidth costs (e.g., wide area network (WAN) optimizers), and policy compliance capabilities (e.g., network address translation (NAT) and content filters), which are introduced by a wide spectrum of specialized appliances or middleboxes (Carpenter and Brim, 2002). Sherry et al (2012) showed that the number of middleboxes is on par with the number of routers in a network (e.g., an average very-large network holds 2850 layer-3 routers and 1946 middleboxes). In other words, middleboxes are a critical part of today's networks and it is reasonable to expect that they will remain so in the foreseeable future (Walfish et al, 2004;Joseph and Stoica, 2008).…”
Section: Introductionmentioning
confidence: 99%
“…We can see that even if a well-specified security policy exists, its implementation by a firewall configuration remains a manual and hence error-prone task. A 2012 survey [20] of 57 enterprise network administrators confirms that a "majority of administrators stated misconfiguration as the most common cause of failure" [20]. A study [22] conducted by Verizon from 2004 to 2009 and the United States Secret Service during 2008 and 2009 reveals that data leaks are often caused by configuration errors [12].…”
Section: Introductionmentioning
confidence: 99%