ECE Seminar: Toward Practical Convergence of Middleboxes and Software- Defined Networking

ECE Seminar: ECE Seminar: Toward Practical Convergence of Middleboxes and Software- Defined Networking

Starts at: January 23, 2014 4:00 PM

Location: Scaife Hall - Auditorium Room 125

Speaker: Vyas Sekar

Affiliation: Assistant Professor Electrical & Computer Engineering Carnegie Mellon University

Refreshments provided: Yes

Link to Abstract

Link to Video (1)



Network administrators today rely on middleboxes such as firewalls, proxies, intrusion detection systems, load balancers to provide critical performance, security, and policy compliance capabilities. Achieving these benefits and ensuring that the traffic is directed through the desired sequence of middleboxes requires significant manual effort and operator expertise. In this respect, Software-Defined Networking (SDN) offers a promising alternative to simplify this task and also formally verify that the security policies are being satisfied correctly. Middleboxes, however, introduce new aspects (e.g., policy composition, resource management, packet modifications) that fall outside the purvey of traditional functions that SDN supports (e.g., routing or forwarding).

In this talk I will describe two of our efforts in practically integrating middlebox in SDNmanaged networks. The first part presents SIMPLE, a SDN-based policy enforcement layer for efficient middlebox-specific “traffic steering”. In designing SIMPLE, we take an explicit stance to work within the constraints of legacy middleboxes and existing SDN interfaces. The second half makes a case for SDN extensions to middleboxes called FlowTags to provide the necessary causal context (e.g., source hosts or internal cache/miss state) for verifiable policy enforcement and simplified debugging.

I will also briefly highlight some of our other work in this space including new platforms for developing such middlebox applications and challenges and opportunities in "outsourcing" these functions to cloud services.


Vyas Sekar is an Assistant Professor in the ECE Department at CMU starting Spring 2014. His research spans middleboxes, Internet video, and network security. His work has received best paper awards at ACM Sigcomm, ACM CoNext, and ACM multimedia.