Abstract
Stateful middleboxes play a very important role in the security and performance of the network. However, they mostly exist as separate devices in network and distributed in different topological nodes. By analyzing the packet processing of these middleboxes, we find that they have many common functions, such as the management of the flow states, the parsing of the packet protocol. The redundant development of these functions not only causes great waste of human and material resources, but also involves relevant expertise, which is extremely error-prone.
To address these issues, we introduce CoEM, a hardware and software co-design event management system for the middlebox. In CoEM, we implement flow classification and flow state management, and we also generate basic events in the protocol parsing process. Basic events generate user-defined events through event generators. Different middleboxes can be implemented by defining these event handling methods. Since multiple middleboxes define event handling methods separately, we set priority to ensure that packets are passed through the right middlebox order. We use the event management system to achieve a stateful firewall. Performance testing shows that the packet processing speed has been improved.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Network address translation. https://zh.wikipedia.org/wiki/Network_address_translation. Accessed 15 Feb 2019
Load balance. https://zh.wikipedia.org/wiki/Load_balance. Accessed 17 Feb 2019
Intrusion detection system. https://en.wikipedia.org/wiki/Intrusion_detection_system. Accessed 22 Feb 2019
Application-specific integrated circuit. https://en.wikipedia.org/wiki/Application-specific_integrated_circuit. Accessed 24 Feb 2019
Network Function Virtualization(NFV); Architectural Framework. https://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.02.01_60/gs_NFV002v010201p.pdf. Accessed 26 Feb 2019
Network Functions Virtualisation (NFV); Infrastructure Overview. https://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/001/01.01.01_60/gs_NFV-INF001v010101p.pdf. Accessed 26 Feb 2019
Network Functions Virtualisation (NFV); Virtual Network Functions Architecture. https://www.etsi.org/deliver/etsi_gs/NFV-SWA/001_099/001/01.01.01_60/gs_NFV-SWA001v010101p.pdf. Accessed 26 Feb 2019
Han, B., Gopalakrishnan, V., Ji, L.: Network function virtualization: challenges and opportunities for innovations. IEEE Commun. Mag. 53(2), 90–97 (2015)
Mijumbi, R., Serrat, J., Gorricho, J.L.: Network function virtualization: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 18(1), 236–262 (2017)
Yi, B., Wang, X., Li, K.: A comprehensive survey of network function virtualization. Comput. Netw. 133, 212–262 (2018)
Martins, J., Ahmed, M., Raiciu, C.: ClickOS and the art of network function virtualization. In: Networked Systems Design and Implementation, pp. 459–473 (2014)
Sivaraman, A., Kim, C., Krishnamoorthy, R.: DC.p4: programming the forwarding plane of a data-center switch. In: ACM Special Interest Group on Data Communication, p. 2 (2015)
Hancock, D., Der Merwe, J.E.: HyPer4: using P4 to virtualize the programmable data plane. In: Conference on Emerging Network Experiment and Technology, pp. 35–49 (2016)
Bosshart, P., Daly, D., Gibb, G.: P4: programming protocol-independent packet processors. In: ACM Special Interest Group on Data Communication, vol. 44, no. 3, pp. 87–95 (2014)
The P 4 Language Consortium. The P4 Language Specification. https://p4lang.github.io/p4-spec/p4-14/v1.0.4/tex/p4.pdf. Accessed 5 Mar 2019
Zave, P., Ferreira, R.A., Zou, X.K.: Dynamic service chaining with Dysco. In: ACM Special Interest Group on Data Communication, pp. 57–70 (2017)
Palkar, S., Lan, C., Han, S.: E2: a framework for NFV applications. In: Symposium on Operating Systems Principles, pp. 121–136 (2015)
Katsikas, G.P., Barbette, T., Kostic, D.: Metron: NFV service chains at the true speed of the underlying hardware. In: Networked Systems Design and Implementation, pp. 171–186 (2018)
Zhang, W., Liu, G., Zhang, W.: OpenNetVM: a platform for high performance network service chains. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 26–31 (2016)
Gemberjacobson, A., Viswanathan, R., Prakash, C.: OpenNF: enabling innovation in network function control. In: ACM Special Interest Group on Data Communication, vol. 44, no. 4, pp. 163–174 (2015)
Katsikas, G.P., Enguehard, M., Kuźniar, M: SNF: synthesizing high performance NFV service chains. PeerJ, 1–30 (2016)
Bianchi, G., Bonola, M., Capone, A.: OpenState: programming platform-independent stateful openflow applications inside the switch. In: ACM Special Interest Group on Data Communication, vol. 44, no. 2, pp. 44–51 (2014)
Kablan, M., Alsudais, A., Keller, E., Le, F.: Stateless network functions: breaking the tight coupling of state and processing. In: 14th USENIX Symposium on Networked Systems Design and Implementation, pp. 97–111 (2017)
Zhu, S., Bi, J., Sun, C.: SDPA: enhancing stateful forwarding for software-defined networking. In: International Conference on Network Protocols, pp. 323–333 (2015)
Bezahaf, M., Alim, A., Mathy, L.: FlowOS: a flow-based platform for middleboxes. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 19–24 (2013)
Libnids. http://libnids.sourceforge.net/. Accessed 12 Mar 2019
Libpcap. https://github.com/the-tcpdump-group/libpcap. Accessed 12 Mar 2019
Anderson, J.W., Braud, R., Kapoor, R.: xOMB: extensible open middleboxes with commodity servers. In: Architectures for Networking and Communications Systems, pp. 49–60 (2012)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)
The Bro Project. Writing Bro Plugins. https://www.bro.org/sphinx-git/devel/plugins.html. Accessed 12 Feb 2019
Jamshed, M.A., Moon, Y., Kim, D.: mOS: a reusable networking stack for flow monitoring middleboxes. In: Networked Systems Design and Implementation, pp. 113–129 (2017)
Liu, G., Ren, Y., Yurchenko, M.: Microboxes: high performance NFV with customizable, asynchronous TCP stacks and dynamic subscriptions. In: Conference of the ACM Special Interest Group on Data Communication, pp. 504–517 (2018)
Firestone, D.: VFP: a virtual switch platform for host SDN in the public cloud. In: Networked Systems Design and Implementation, pp. 315–328 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gou, J., Li, W., Qiu, J., Lv, H., Ma, T. (2019). CoEM: A Software and Hardware Co-design Event Management System for Middlebox. In: Xu, W., Xiao, L., Li, J., Zhu, Z. (eds) Computer Engineering and Technology. NCCET 2019. Communications in Computer and Information Science, vol 1146. Springer, Singapore. https://doi.org/10.1007/978-981-15-1850-8_6
Download citation
DOI: https://doi.org/10.1007/978-981-15-1850-8_6
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1849-2
Online ISBN: 978-981-15-1850-8
eBook Packages: Computer ScienceComputer Science (R0)