Visible to the public Dynamic Service Chaining with Dysco

Submitted by grigby1 on Thu, 08/23/2018 - 11:56am
TitleDynamic Service Chaining with Dysco
Publication TypeConference Paper
Year of Publication2017
AuthorsZave, Pamela, Ferreira, Ronaldo A., Zou, Xuan Kelvin, Morimoto, Masaharu, Rexford, Jennifer
Conference NameProceedings of the Conference of the ACM Special Interest Group on Data Communication
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4653-5
Keywordscomposability, Concurrency, Cyber-physical systems, Metrics, NFV, pubcrawl, resilience, Resiliency, security, Session Protocol, SPIN, verification
AbstractMiddleboxes are crucial for improving network security and performance, but only if the right traffic goes through the right middleboxes at the right time. Existing traffic-steering techniques rely on a central controller to install fine-grained forwarding rules in network elements--at the expense of a large number of rules, a central point of failure, challenges in ensuring all packets of a session traverse the same middleboxes, and difficulties with middleboxes that modify the "five tuple." We argue that a session-level protocol is a fundamentally better approach to traffic steering, while naturally supporting host mobility and multihoming in an integrated fashion. In addition, a session-level protocol can enable new capabilities like dynamic service chaining, where the sequence of middleboxes can change during the life of a session, e.g., to remove a load-balancer that is no longer needed, replace a middlebox undergoing maintenance, or add a packet scrubber when traffic looks suspicious. Our Dysco protocol steers the packets of a TCP session through a service chain, and can dynamically reconfigure the chain for an ongoing session. Dysco requires no changes to end-host and middlebox applications, host TCP stacks, or IP routing. Dysco's distributed reconfiguration protocol handles the removal of proxies that terminate TCP connections, middleboxes that change the size of a byte stream, and concurrent requests to reconfigure different parts of a chain. Through formal verification using Spin and experiments with our Linux-based prototype, we show that Dysco is provably correct, highly scalable, and able to reconfigure service chains across a range of middleboxes.
URLhttp://doi.acm.org/10.1145/3098822.3098827
DOI10.1145/3098822.3098827
Citation Keyzave_dynamic_2017
Groups: