| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 6, 2012 |
| Latest Amendment Date: | August 6, 2012 |
| Award Number: | 1217654 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Darleen Fisher
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2012 |
| End Date: | August 31, 2016 (Estimated) |
| Total Intended Award Amount: | $400,000.00 |
| Total Awarded Amount to Date: | $400,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2150 SHATTUCK AVE BERKELEY CA US 94704-1345 (510)666-2900 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1947 Center Street, Suite 600 Berkeley CA US 94704-1198 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Networking Technology and Syst |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Specialized network appliances or "middleboxes" are expensive and closed systems with little/no hooks for extension; they come with custom management APIs and are deployed as standalone devices with little cohesiveness in how the ensemble of middleboxes is managed. These drawbacks put network infrastructure on a trajectory of growing device sprawl with mounting capital and management costs. This research introduces a new approach to building and managing middlebox infrastructure. Instead of an ad-hoc clutter of specialized and standalone boxes, the research develops a middlebox architecture in which software-centric middlebox applications run consolidated on a shared hardware platform, managed by a single, unified controller. This approach offers extensibility (since new applications are deployed on existing hardware and integrated into a unified management architecture) and yet efficiency (due to amortization of both hardware and management overheads).
Broader Impact: Modern society's growing reliance on networked systems has been astounding. This growth has not come easily however. Today's networks are highly complex systems and middleboxes are a significant contributor to this complexity; even the experts that build and run networks struggle to manage and diagnose their operation. Spiraling costs related to the manageability and evolution of networks impacts the networking industry and hence eventually the broader society that relies on them. This research aims to ameliorate this trajectory through a simpler, unified design for middlebox infrastructure.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The major goal for the project was to develop a new approach to implementing middlebox services. Traditionally, such services are provided through an ad-hoc clutter of specialized and dedicated hardware appliances. This approach leads to network infrastructure that is inflexible and inefficient. Instead, our project has advocated, and realized, the vision of implementing middleboxes as software applications that run multiplexed on commodity, general-purpose server hardware. This approach allows new middlebox services to be developed, deployed and evolved in a lightweight and cost-effective manner.
Key outcomes from the project include: (i) the first published survey of middlebox deployments in enterprises, (ii) a new software systems architecture called CoMB for building middlebox applications that run consolidated on general-purpose servers, (iv) a new wide-area architecture called APLOMB for running middleboxes as software applications in the cloud, (iv) a new software architecture called Megapipe for networking in endhosts, (v) the design, implementation and evaluation of fault-tolerance techniques, called FTMB, for software middleboxes, (vi) the design, implementation, and evaluation of BlindBox a deep-packet inspection middlebox that uses novel cryptography solutions to preserve the privacy of traffic being processed by a software middlebox. Taken together, the above results provide a comprehensive suite of solutions for building efficient, reliable, and secure software middleboxes.
The research conducted in this project has influenced both research and practice. The project has resulted in five publications at the top conference venues (three papers at SIGCOMM, one at NSDI and one at OSDI) and received a best student paper award at ACM SIGCOMM. Our algorithms for fault-tolerance in software middleboxes has been adopted in an informative standard by ETSI which operates as the standards body for Network Function Virtualization. Our MegaPipe software was made publicly available in mid 2012 and, to date, has been downloaded by over 60 institutions and companies including Cisco, Samsung, Juniper and Microsoft. But perhaps the best indicator of the impact of our research is that our vision -- running network middleboxes as ``just another'' software application -- that was once viewed as radical is now viewed as inevitable and future network designs will be on a stronger foundation for this shift.
Last Modified: 03/08/2017
Modified by: Sylvia Ratnasamy
Please report errors in award information by writing to: awardsearch@nsf.gov.
