Advertisement

CoEM: A Software and Hardware Co-design Event Management System for Middlebox

  • Jianguo GouEmail author
  • Wenwen Li
  • Jie Qiu
  • Hu Lv
  • Teng Ma
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1146)

Abstract

Stateful middleboxes play a very important role in the security and performance of the network. However, they mostly exist as separate devices in network and distributed in different topological nodes. By analyzing the packet processing of these middleboxes, we find that they have many common functions, such as the management of the flow states, the parsing of the packet protocol. The redundant development of these functions not only causes great waste of human and material resources, but also involves relevant expertise, which is extremely error-prone.

To address these issues, we introduce CoEM, a hardware and software co-design event management system for the middlebox. In CoEM, we implement flow classification and flow state management, and we also generate basic events in the protocol parsing process. Basic events generate user-defined events through event generators. Different middleboxes can be implemented by defining these event handling methods. Since multiple middleboxes define event handling methods separately, we set priority to ensure that packets are passed through the right middlebox order. We use the event management system to achieve a stateful firewall. Performance testing shows that the packet processing speed has been improved.

Keywords

Event Middlebox Stateful Network function virtualization 

References

  1. 1.
    Network address translation. https://zh.wikipedia.org/wiki/Network_address_translation. Accessed 15 Feb 2019
  2. 2.
    Load balance. https://zh.wikipedia.org/wiki/Load_balance. Accessed 17 Feb 2019
  3. 3.
    Intrusion detection system. https://en.wikipedia.org/wiki/Intrusion_detection_system. Accessed 22 Feb 2019
  4. 4.
    Application-specific integrated circuit. https://en.wikipedia.org/wiki/Application-specific_integrated_circuit. Accessed 24 Feb 2019
  5. 5.
    Network Function Virtualization(NFV); Architectural Framework. https://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.02.01_60/gs_NFV002v010201p.pdf. Accessed 26 Feb 2019
  6. 6.
    Network Functions Virtualisation (NFV); Infrastructure Overview. https://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/001/01.01.01_60/gs_NFV-INF001v010101p.pdf. Accessed 26 Feb 2019
  7. 7.
    Network Functions Virtualisation (NFV); Virtual Network Functions Architecture. https://www.etsi.org/deliver/etsi_gs/NFV-SWA/001_099/001/01.01.01_60/gs_NFV-SWA001v010101p.pdf. Accessed 26 Feb 2019
  8. 8.
    Han, B., Gopalakrishnan, V., Ji, L.: Network function virtualization: challenges and opportunities for innovations. IEEE Commun. Mag. 53(2), 90–97 (2015)CrossRefGoogle Scholar
  9. 9.
    Mijumbi, R., Serrat, J., Gorricho, J.L.: Network function virtualization: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 18(1), 236–262 (2017)CrossRefGoogle Scholar
  10. 10.
    Yi, B., Wang, X., Li, K.: A comprehensive survey of network function virtualization. Comput. Netw. 133, 212–262 (2018)CrossRefGoogle Scholar
  11. 11.
    Martins, J., Ahmed, M., Raiciu, C.: ClickOS and the art of network function virtualization. In: Networked Systems Design and Implementation, pp. 459–473 (2014)Google Scholar
  12. 12.
    Sivaraman, A., Kim, C., Krishnamoorthy, R.: DC.p4: programming the forwarding plane of a data-center switch. In: ACM Special Interest Group on Data Communication, p. 2 (2015)Google Scholar
  13. 13.
    Hancock, D., Der Merwe, J.E.: HyPer4: using P4 to virtualize the programmable data plane. In: Conference on Emerging Network Experiment and Technology, pp. 35–49 (2016)Google Scholar
  14. 14.
    Bosshart, P., Daly, D., Gibb, G.: P4: programming protocol-independent packet processors. In: ACM Special Interest Group on Data Communication, vol. 44, no. 3, pp. 87–95 (2014)Google Scholar
  15. 15.
    The P 4 Language Consortium. The P4 Language Specification. https://p4lang.github.io/p4-spec/p4-14/v1.0.4/tex/p4.pdf. Accessed 5 Mar 2019
  16. 16.
    Zave, P., Ferreira, R.A., Zou, X.K.: Dynamic service chaining with Dysco. In: ACM Special Interest Group on Data Communication, pp. 57–70 (2017)Google Scholar
  17. 17.
    Palkar, S., Lan, C., Han, S.: E2: a framework for NFV applications. In: Symposium on Operating Systems Principles, pp. 121–136 (2015)Google Scholar
  18. 18.
    Katsikas, G.P., Barbette, T., Kostic, D.: Metron: NFV service chains at the true speed of the underlying hardware. In: Networked Systems Design and Implementation, pp. 171–186 (2018)Google Scholar
  19. 19.
    Zhang, W., Liu, G., Zhang, W.: OpenNetVM: a platform for high performance network service chains. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 26–31 (2016)Google Scholar
  20. 20.
    Gemberjacobson, A., Viswanathan, R., Prakash, C.: OpenNF: enabling innovation in network function control. In: ACM Special Interest Group on Data Communication, vol. 44, no. 4, pp. 163–174 (2015)Google Scholar
  21. 21.
    Katsikas, G.P., Enguehard, M., Kuźniar, M: SNF: synthesizing high performance NFV service chains. PeerJ, 1–30 (2016)Google Scholar
  22. 22.
    Bianchi, G., Bonola, M., Capone, A.: OpenState: programming platform-independent stateful openflow applications inside the switch. In: ACM Special Interest Group on Data Communication, vol. 44, no. 2, pp. 44–51 (2014)Google Scholar
  23. 23.
    Kablan, M., Alsudais, A., Keller, E., Le, F.: Stateless network functions: breaking the tight coupling of state and processing. In: 14th USENIX Symposium on Networked Systems Design and Implementation, pp. 97–111 (2017)Google Scholar
  24. 24.
    Zhu, S., Bi, J., Sun, C.: SDPA: enhancing stateful forwarding for software-defined networking. In: International Conference on Network Protocols, pp. 323–333 (2015)Google Scholar
  25. 25.
    Bezahaf, M., Alim, A., Mathy, L.: FlowOS: a flow-based platform for middleboxes. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 19–24 (2013)Google Scholar
  26. 26.
    Libnids. http://libnids.sourceforge.net/. Accessed 12 Mar 2019
  27. 27.
    Libpcap. https://github.com/the-tcpdump-group/libpcap. Accessed 12 Mar 2019
  28. 28.
    Anderson, J.W., Braud, R., Kapoor, R.: xOMB: extensible open middleboxes with commodity servers. In: Architectures for Networking and Communications Systems, pp. 49–60 (2012)Google Scholar
  29. 29.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)CrossRefGoogle Scholar
  30. 30.
    The Bro Project. Writing Bro Plugins. https://www.bro.org/sphinx-git/devel/plugins.html. Accessed 12 Feb 2019
  31. 31.
    Jamshed, M.A., Moon, Y., Kim, D.: mOS: a reusable networking stack for flow monitoring middleboxes. In: Networked Systems Design and Implementation, pp. 113–129 (2017)Google Scholar
  32. 32.
    Liu, G., Ren, Y., Yurchenko, M.: Microboxes: high performance NFV with customizable, asynchronous TCP stacks and dynamic subscriptions. In: Conference of the ACM Special Interest Group on Data Communication, pp. 504–517 (2018)Google Scholar
  33. 33.
    Firestone, D.: VFP: a virtual switch platform for host SDN in the public cloud. In: Networked Systems Design and Implementation, pp. 315–328 (2017)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Jianguo Gou
    • 1
    Email author
  • Wenwen Li
    • 1
  • Jie Qiu
    • 1
    • 2
  • Hu Lv
    • 1
  • Teng Ma
    • 1
  1. 1.Jiuquan Satellite Launch Centre in ChinaJiuquanChina
  2. 2.Zhejiang UniversityHangzhouChina

Personalised recommendations