THIS REPORT HAS BEEN WITHDRAWN

Dilip Antony Joseph, Arsalan Tavakoli and Ion Stoica

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2008-17
February 20, 2008

Today's data centers deploy a variety of middleboxes (e.g., firewalls, load balancers and SSL offloaders) to protect, manage and improve the performance of the applications and services they run. Unfortunately, existing networks provide limited support for middleboxes. Administrators typically overload layer-2 path selection mechanisms to make sure that traffic traverses the desired sequence of middleboxes. These ad-hoc practices result in a data center network that is hard to configure, upgrade and maintain, wastes middlebox resources on unwanted traffic, and cannot guarantee middlebox traversal under network churn.

To address these issues, we propose the policy-aware switching layer, or PLayer. The PLayer separates policies from reachability by allowing administrators to explicitly specify sequences of middleboxes. Middleboxes are connected to policy-aware switches, or pswitches, whose forwarding state is configured by a centralized controller according to the policy requirements. This way, the PLayer addresses the limitations of current middlebox deployments without modifying existing middleboxes or servers. To demonstrate the feasibility of our approach we implemented a prototype of the PLayer using the Click modular software router. Preliminary experimental results suggest that the PLayer is flexible, uses middleboxes efficiently, and ensures the correctness of middlebox traversal under churn.

Author Comments: Superseded by UCB EECS Technical Report No. UCB/EECS-2008-82 http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-82.html