Skip to main content
SpringerLink
Log in
Book cover

CCF National Conference on Computer Engineering and Technology

NCCET 2019: Computer Engineering and Technology pp 59–77Cite as

CoEM: A Software and Hardware Co-design Event Management System for Middlebox

  • Conference paper
  • First Online:

  • 370 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1146))

Abstract

Stateful middleboxes play a very important role in the security and performance of the network. However, they mostly exist as separate devices in network and distributed in different topological nodes. By analyzing the packet processing of these middleboxes, we find that they have many common functions, such as the management of the flow states, the parsing of the packet protocol. The redundant development of these functions not only causes great waste of human and material resources, but also involves relevant expertise, which is extremely error-prone.

To address these issues, we introduce CoEM, a hardware and software co-design event management system for the middlebox. In CoEM, we implement flow classification and flow state management, and we also generate basic events in the protocol parsing process. Basic events generate user-defined events through event generators. Different middleboxes can be implemented by defining these event handling methods. Since multiple middleboxes define event handling methods separately, we set priority to ensure that packets are passed through the right middlebox order. We use the event management system to achieve a stateful firewall. Performance testing shows that the packet processing speed has been improved.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Network address translation. https://zh.wikipedia.org/wiki/Network_address_translation. Accessed 15 Feb 2019

  2. Load balance. https://zh.wikipedia.org/wiki/Load_balance. Accessed 17 Feb 2019

  3. Intrusion detection system. https://en.wikipedia.org/wiki/Intrusion_detection_system. Accessed 22 Feb 2019

  4. Application-specific integrated circuit. https://en.wikipedia.org/wiki/Application-specific_integrated_circuit. Accessed 24 Feb 2019

  5. Network Function Virtualization(NFV); Architectural Framework. https://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.02.01_60/gs_NFV002v010201p.pdf. Accessed 26 Feb 2019

  6. Network Functions Virtualisation (NFV); Infrastructure Overview. https://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/001/01.01.01_60/gs_NFV-INF001v010101p.pdf. Accessed 26 Feb 2019

  7. Network Functions Virtualisation (NFV); Virtual Network Functions Architecture. https://www.etsi.org/deliver/etsi_gs/NFV-SWA/001_099/001/01.01.01_60/gs_NFV-SWA001v010101p.pdf. Accessed 26 Feb 2019

  8. Han, B., Gopalakrishnan, V., Ji, L.: Network function virtualization: challenges and opportunities for innovations. IEEE Commun. Mag. 53(2), 90–97 (2015)

    Article  Google Scholar 

  9. Mijumbi, R., Serrat, J., Gorricho, J.L.: Network function virtualization: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 18(1), 236–262 (2017)

    Article  Google Scholar 

  10. Yi, B., Wang, X., Li, K.: A comprehensive survey of network function virtualization. Comput. Netw. 133, 212–262 (2018)

    Article  Google Scholar 

  11. Martins, J., Ahmed, M., Raiciu, C.: ClickOS and the art of network function virtualization. In: Networked Systems Design and Implementation, pp. 459–473 (2014)

    Google Scholar 

  12. Sivaraman, A., Kim, C., Krishnamoorthy, R.: DC.p4: programming the forwarding plane of a data-center switch. In: ACM Special Interest Group on Data Communication, p. 2 (2015)

    Google Scholar 

  13. Hancock, D., Der Merwe, J.E.: HyPer4: using P4 to virtualize the programmable data plane. In: Conference on Emerging Network Experiment and Technology, pp. 35–49 (2016)

    Google Scholar 

  14. Bosshart, P., Daly, D., Gibb, G.: P4: programming protocol-independent packet processors. In: ACM Special Interest Group on Data Communication, vol. 44, no. 3, pp. 87–95 (2014)

    Google Scholar 

  15. The P 4 Language Consortium. The P4 Language Specification. https://p4lang.github.io/p4-spec/p4-14/v1.0.4/tex/p4.pdf. Accessed 5 Mar 2019

  16. Zave, P., Ferreira, R.A., Zou, X.K.: Dynamic service chaining with Dysco. In: ACM Special Interest Group on Data Communication, pp. 57–70 (2017)

    Google Scholar 

  17. Palkar, S., Lan, C., Han, S.: E2: a framework for NFV applications. In: Symposium on Operating Systems Principles, pp. 121–136 (2015)

    Google Scholar 

  18. Katsikas, G.P., Barbette, T., Kostic, D.: Metron: NFV service chains at the true speed of the underlying hardware. In: Networked Systems Design and Implementation, pp. 171–186 (2018)

    Google Scholar 

  19. Zhang, W., Liu, G., Zhang, W.: OpenNetVM: a platform for high performance network service chains. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 26–31 (2016)

    Google Scholar 

  20. Gemberjacobson, A., Viswanathan, R., Prakash, C.: OpenNF: enabling innovation in network function control. In: ACM Special Interest Group on Data Communication, vol. 44, no. 4, pp. 163–174 (2015)

    Google Scholar 

  21. Katsikas, G.P., Enguehard, M., Kuźniar, M: SNF: synthesizing high performance NFV service chains. PeerJ, 1–30 (2016)

    Google Scholar 

  22. Bianchi, G., Bonola, M., Capone, A.: OpenState: programming platform-independent stateful openflow applications inside the switch. In: ACM Special Interest Group on Data Communication, vol. 44, no. 2, pp. 44–51 (2014)

    Google Scholar 

  23. Kablan, M., Alsudais, A., Keller, E., Le, F.: Stateless network functions: breaking the tight coupling of state and processing. In: 14th USENIX Symposium on Networked Systems Design and Implementation, pp. 97–111 (2017)

    Google Scholar 

  24. Zhu, S., Bi, J., Sun, C.: SDPA: enhancing stateful forwarding for software-defined networking. In: International Conference on Network Protocols, pp. 323–333 (2015)

    Google Scholar 

  25. Bezahaf, M., Alim, A., Mathy, L.: FlowOS: a flow-based platform for middleboxes. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 19–24 (2013)

    Google Scholar 

  26. Libnids. http://libnids.sourceforge.net/. Accessed 12 Mar 2019

  27. Libpcap. https://github.com/the-tcpdump-group/libpcap. Accessed 12 Mar 2019

  28. Anderson, J.W., Braud, R., Kapoor, R.: xOMB: extensible open middleboxes with commodity servers. In: Architectures for Networking and Communications Systems, pp. 49–60 (2012)

    Google Scholar 

  29. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23), 2435–2463 (1999)

    Article  Google Scholar 

  30. The Bro Project. Writing Bro Plugins. https://www.bro.org/sphinx-git/devel/plugins.html. Accessed 12 Feb 2019

  31. Jamshed, M.A., Moon, Y., Kim, D.: mOS: a reusable networking stack for flow monitoring middleboxes. In: Networked Systems Design and Implementation, pp. 113–129 (2017)

    Google Scholar 

  32. Liu, G., Ren, Y., Yurchenko, M.: Microboxes: high performance NFV with customizable, asynchronous TCP stacks and dynamic subscriptions. In: Conference of the ACM Special Interest Group on Data Communication, pp. 504–517 (2018)

    Google Scholar 

  33. Firestone, D.: VFP: a virtual switch platform for host SDN in the public cloud. In: Networked Systems Design and Implementation, pp. 315–328 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Jiuquan Satellite Launch Centre in China, Jiuquan, 732750, China

    Jianguo Gou, Wenwen Li, Jie Qiu, Hu Lv & Teng Ma

  2. Zhejiang University, Hangzhou, 310000, China

    Jie Qiu

Authors
  1. Jianguo Gou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenwen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jie Qiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hu Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Teng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianguo Gou .

Editor information

Editors and Affiliations

  1. National University of Defense Technology, Changsha, China

    Weixia Xu

  2. National University of Defense Technology, Changsha, China

    Liquan Xiao

  3. National University of Defense Technology, Changsha, China

    Jinwen Li

  4. National University of Defense Technology, Changsha, China

    Zhenzhen Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gou, J., Li, W., Qiu, J., Lv, H., Ma, T. (2019). CoEM: A Software and Hardware Co-design Event Management System for Middlebox. In: Xu, W., Xiao, L., Li, J., Zhu, Z. (eds) Computer Engineering and Technology. NCCET 2019. Communications in Computer and Information Science, vol 1146. Springer, Singapore. https://doi.org/10.1007/978-981-15-1850-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-1850-8_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-1849-2

  • Online ISBN: 978-981-15-1850-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation