結合Middlebox策略考量以改善軟體定義網路效能

Ting-Chia Chang; 張庭嘉

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49806

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	周承復
dc.contributor.author	Ting-Chia Chang	en
dc.contributor.author	張庭嘉	zh_TW
dc.date.accessioned	2021-06-15T11:49:36Z	-
dc.date.available	2017-08-24
dc.date.copyright	2016-08-24
dc.date.issued	2016
dc.date.submitted	2016-08-12
dc.identifier.citation	[1] Vyas Sekar, Norbert Egi, Sylvia Ratnasamy, Michael K. Reiter, and Guangyu Shi. Design and implementation of a consolidated middlebox architecture. In Presented as part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12), pages 323–336, San Jose, CA, 2012. USENIX. [2] Ehab Al-Shaer, Hazem Hamed, Raouf Boutaba, and Masum Hasan. Conflict classification and analysis of distributed firewall policies. IEEE journal on Selected Areas in Communications, 23(10):2069–2084, 2005. [3] Open Networking Foundation. OpenFlow. https://www.opennetworking.org/sdn-resources/openflow/. [4] M. Stiemerling, J. Quittek, and C. Cadar. Nec’s simple middlebox configuration (simco) protocol version 3.0. RFC 4540, RFC Editor, May 2006. [5] M. Stiemerling, J. Quittek, and T. Taylor. Middlebox communications (midcom) protocol semantics. RFC 3989, RFC Editor, February 2005. [6] Aaron Gember, Prathmesh Prabhu, Zainab Ghadiyali, and Aditya Akella. Toward software-defined middlebox networking. In Proceedings of the 11th ACM Workshop on Hot Topics in Networks, pages 7–12. ACM, 2012. [7] Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, and Aditya Akella. Opennf: Enabling innovation in network function control. ACM SIGCOMM Computer Communication Review, 44(4):163–174, 2015. [8] James W Anderson, Ryan Braud, Rishi Kapoor, George Porter, and Amin Vahdat. xomb: extensible open middleboxes with commodity servers. In Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems, pages 49–60. ACM, 2012. [9] Dilip A Joseph, Arsalan Tavakoli, and Ion Stoica. A policy-aware switching layer for data centers. In ACM SIGCOMM Computer Communication Review, volume 38, pages 51–62. ACM, 2008. [10] Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang, Rui Miao, Vyas Sekar, and Minlan Yu. Simple-fying middlebox policy enforcement using sdn. ACM SIGCOMM computer communication review, 43(4):27–38, 2013. [11] Floodlight Controller. http://www.projectfloodlight.org/floodlight/. [12] OpenDayLight Controller. https://www.opendaylight.org/. [13] POX Controller. http://www.noxrepo.org/pox/about-pox/. [14] Trema Controller. https://trema.github.io/trema/. [15] The netfilter.org project. http://www.netfilter.org/. [16] HAProxy. http://www.haproxy.org/. [17] G. Ferro. SDN Use Case: Firewall Migration in the Enterprise. http://etherealmind.com/sdn-use-case-firewall-migration-in-the-enterprise/, 2013. [18] Nikhil Handigol, Srinivasan Seetharaman, Mario Flajslik, Nick McKeown, and Ramesh Johari. Plug-n-serve: Load-balancing web traffic using openflow. ACM Sigcomm Demo, 4(5):6, 2009. [19] Nikhil Handigol, Srini Seetharaman, Mario Flajslik, Aaron Gember, Nick McKeown, Guru Parulkar, Aditya Akella, Nick Feamster, Russ Clark, Arvind Krishnamurthy, et al. Aster* x: load-balancing web traffic over wide-area networks, 2011. [20] Edsger W Dijkstra. A note on two problems in connexion with graphs. Numerische mathematik, 1(1):269–271, 1959. [21] Mininet. http://mininet.org/. [22] Open vSwitch. http://openvswitch.org/. [23] MJ O’Mahony, Mark C Sinclair, and B Mikac. Ultra-high capacity optical transmission networks: European research project cost 239. ITA-Information, Telecommunication, Automata, 12(1-3):33–45, 1993. [24] Internet2. http://www.internet2.edu/. [25] NSFNET. http://www.nsfnet-legacy.org/. [26] Lada A Adamic and Bernardo A Huberman. Zipf’s law and the internet. Glottometrics, 3(1):143–150, 2002. [27] Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. A scalable, commodity data center network architecture. In ACM SIGCOMM Computer Communication Review, volume 38, pages 63–74. ACM, 2008. [28] iPerf. https://iperf.fr/.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49806	-
dc.description.abstract	Middlebox在現今的網路中扮演著一個不可或缺的角色，諸如防火牆（firewall）、網路地址轉換（Network Address Translation，縮寫為NAT）、負載平衡器（load balancer）等。這些Middlebox提供了安全性、路由方式以及網路管理等功能，而如何確保封包正確的經過我們需要的service chain常需要極大的人力資源。軟體定義網路（Software-Defined Networking，縮寫為SDN），一種集中管理且可程式化的網路的出現，提供了一個可能的解決方案，就算如此，還是有著不少的可以改進的地方。不同的Middlebox供應商通常有各自不同的部署方式，換句話說，沒有一種統一的使用者介面以便於設定。在送出封包之前，我們並不知道這些Middlebox將會對這些封包採取何種動作。因此，即使我們可以決定走哪條路、經過哪些Middlebox，我們也有可能因為不知道Middlebox會如何處理封包而遇到效能上的瓶頸，另外，在傳統網路中，要拿到網路的即時流量資訊十分的不容易，而有些Middlebox如果有了這方面的資訊，可能可以有更好的效能，負載平衡器便是一個例子。這篇論文提出了一個結合Middlebox資訊來幫助路由之輕量且符合成本效益的方法。我們在SDN架構中加入一個模組來讓Middlebox給控制器一些REST (Representational State Transfe) API格式的路由相關資訊。藉由此方式，我們可以作出更好的路由決策。	zh_TW
dc.description.abstract	Middleboxes such as firewalls, NAT, load balancer play an important role in the existing networks. They offer security, routing method, and network management, etc. Ensuring the traffic goes through the desired service chain requires plenty of manpower. In this regard, Software-Defined Networking (SDN) provides a centralized, programmable network that can dynamically provision so as to address the needs of businesses. However there are still some things we can do in order to improve the performance. Middleboxes are typically deployed by different vendors as standalone devices, i.e., there is no general user interface to access. The middleboxes may modify or drop the packets and we cannot know before we send the packet. Thus, even if we are able to decide the path to get to the middleboxes, we may meet the performance bottleneck due to the unknown policies of middleboxes. And some middleboxes such as load balancer may be able to have a better performance with the real time network information. Note that it is usually hard for legacy network to do dynamic routing in real time. To address these challenges, this thesis presents a lightweight, cost-effective, and middlebox policy-aware routing method. We add a module in SDN architecture to help middleboxes to give the controller some routing 'hints' in REST (Representational State Transfer) API format. Thus, we can make the proper routing decision.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T11:49:36Z (GMT). No. of bitstreams: 1 ntu-105-R03922038-1.pdf: 2285515 bytes, checksum: 73c3bcb11c892a694a04d7b736f42829 (MD5) Previous issue date: 2016	en
dc.description.tableofcontents	口試委員會審定書i 誌謝ii 摘要iii Abstract iv 1 Introduction 1 1.1 Middleboxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Software-defined Networking . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Middleboxes + Software-defined Networking . . . . . . . . . . . . . . . 3 1.4 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2 Related Work 6 2.1 Interface between SDN and Middleboxes . . . . . . . . . . . . . . . . . 6 2.2 Middlebox Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3 Middlebox Management . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3 System Architecture 10 3.1 System overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2 Example 1: Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 Example 2: Load Balancer . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.3.1 Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3.2 Relaxing the Model . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3.3 Relaxed Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.4 Memory Capacity Limitation . . . . . . . . . . . . . . . . . . . . . . . . 22 4 Evaluation 24 4.1 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.2 Load Balancer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5 Conclusion 38 Bibliography 40
dc.language.iso	en
dc.subject	Middlebox	zh_TW
dc.subject	軟體定義網路	zh_TW
dc.subject	網路效能	zh_TW
dc.subject	Middlebox	en
dc.subject	Network Performance	en
dc.subject	Software-Defined Networking	en
dc.title	結合Middlebox策略考量以改善軟體定義網路效能	zh_TW
dc.title	On Improving the Performance of Software-Defined Networking with Middlebox Policies	en
dc.type	Thesis
dc.date.schoolyear	104-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	林俊宏,吳曉光,呂政修,蔡子傑
dc.subject.keyword	軟體定義網路,Middlebox,網路效能,	zh_TW
dc.subject.keyword	Software-Defined Networking,Middlebox,Network Performance,	en
dc.relation.page	42
dc.identifier.doi	10.6342/NTU201602360
dc.rights.note	有償授權
dc.date.accepted	2016-08-12
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-105-1.pdf 未授權公開取用	2.23 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。