Today’s computing landscape relies critically on high-performance, resilient, and secure networked systems. As application workloads, security requirements, and organizational policy constraints change over time, the network infrastructure needs to evolve in order to meet the increasing need for performance, reliability, and security.
Most of this evolution in today’s networks happens via the deployment of specialized network appliances or “middleboxes”. Unfortunately, middleboxes today are expensive and closed systems, with little or no hooks for extensibility. Furthermore, they are acquired from independent vendors and deployed as standalone devices with little cohesiveness in how the ensemble of middleboxes is managed. As network requirements continue to grow in both scale and variety, this bottom-up approach puts the network infrastructure on a trajectory of growing device sprawl with corresponding escalation in capital and management costs.
To address this challenge, this talk describes the design and implementation of a new architecture for middlebox deployments that systematically explores opportunities for consolidation both at the level of building individual middleboxes and in managing a network of middleboxes. I will show that such consolidation introduces new opportunities for innovation and performance optimization that do not exist in current middlebox deployments.
Vyas Sekar is a Research Scientist at Intel Labs. He is currently a member of the Intel Science and Technology Center for Secure Computing located at the University of California, Berkeley. His research interests lie at the intersection of networking, security, and systems. He received his Ph.D. from the Computer Science Department at Carnegie Mellon University in 2010, where he was co-advised by Michael Reiter and Hui Zhang. Before that, he obtained his B. Tech from the Computer Science Department at the Indian Institute of Technology Madras where he was awarded the President of India Gold Medal.